Solved Unable to install mbam, gmer and dds in normal mode

R

ryaned

Posts: 85   +0
Yesterday I picked up Vista Security 2012 virus and it has rendered me unable to install the above scans. I can download but not install the above scans.Should I try to download and install and run them in safe mode. I am currently sending this message in safe mode.
The virus is also creating numerous pop up warnings and preventing me from going online in normalmode.
 
more problems with Vista Security 2012 virus

Broni,

I am now unable to install the "clean up" tools in the 5 step post in safe mode.I get a Vista security 2012 pop up. What should I do?
Thanks, Ned
 
Follow steps 1-4 from here: http://www.bleepingcomputer.com/virus-removal/remove-vista-security-2012

Then....

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSSKILLer report

13:25:00.0299 0608 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
13:25:00.0780 0608 ============================================================
13:25:00.0780 0608 Current date / time: 2011/12/17 13:25:00.0780
13:25:00.0780 0608 SystemInfo:
13:25:00.0780 0608
13:25:00.0781 0608 OS Version: 6.0.6001 ServicePack: 1.0
13:25:00.0781 0608 Product type: Workstation
13:25:00.0781 0608 ComputerName: NED
13:25:00.0781 0608 UserName: owner
13:25:00.0781 0608 Windows directory: C:\Windows
13:25:00.0781 0608 System windows directory: C:\Windows
13:25:00.0781 0608 Running under WOW64
13:25:00.0781 0608 Processor architecture: Intel x64
13:25:00.0781 0608 Number of processors: 2
13:25:00.0781 0608 Page size: 0x1000
13:25:00.0782 0608 Boot type: Normal boot
13:25:00.0782 0608 ============================================================
13:25:01.0616 0608 Initialize success
13:25:33.0324 0644 ============================================================
13:25:33.0324 0644 Scan started
13:25:33.0324 0644 Mode: Manual;
13:25:33.0324 0644 ============================================================
13:25:33.0640 0644 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
13:25:33.0646 0644 ACPI - ok
13:25:33.0719 0644 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
13:25:33.0794 0644 adp94xx - ok
13:25:33.0851 0644 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
13:25:33.0884 0644 adpahci - ok
13:25:33.0906 0644 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
13:25:33.0921 0644 adpu160m - ok
13:25:33.0961 0644 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
13:25:33.0983 0644 adpu320 - ok
13:25:34.0040 0644 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
13:25:34.0078 0644 AFD - ok
13:25:34.0172 0644 AgereSoftModem (55fcdb10e31c22eb67454aaef42b6725) C:\Windows\system32\DRIVERS\agrsm64.sys
13:25:34.0247 0644 AgereSoftModem - ok
13:25:34.0306 0644 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
13:25:34.0323 0644 agp440 - ok
13:25:34.0384 0644 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
13:25:34.0400 0644 aic78xx - ok
13:25:34.0454 0644 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
13:25:34.0472 0644 aliide - ok
13:25:34.0492 0644 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
13:25:34.0510 0644 amdide - ok
13:25:34.0547 0644 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
13:25:34.0565 0644 AmdK8 - ok
13:25:34.0653 0644 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
13:25:34.0668 0644 arc - ok
13:25:34.0721 0644 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
13:25:34.0737 0644 arcsas - ok
13:25:34.0800 0644 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
13:25:34.0813 0644 AsyncMac - ok
13:25:34.0846 0644 atapi (b388797caab36d523840347cc6a39b96) C:\Windows\system32\drivers\atapi.sys
13:25:34.0867 0644 atapi - ok
13:25:34.0969 0644 AvgLdx64 (276c5b14336452c8ce547ed5d00e0e62) C:\Windows\System32\Drivers\avgldx64.sys
13:25:35.0003 0644 AvgLdx64 - ok
13:25:35.0033 0644 AvgMfx64 (b9c21c3753dcbccac6b62e1a560eb6f7) C:\Windows\System32\Drivers\avgmfx64.sys
13:25:35.0051 0644 AvgMfx64 - ok
13:25:35.0092 0644 AvgTdiA (86d08cf28005f7f626a84d512f84d6c2) C:\Windows\System32\Drivers\avgtdia.sys
13:25:35.0136 0644 AvgTdiA - ok
13:25:35.0207 0644 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
13:25:35.0220 0644 blbdrive - ok
13:25:35.0252 0644 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
13:25:35.0270 0644 bowser - ok
13:25:35.0309 0644 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
13:25:35.0321 0644 BrFiltLo - ok
13:25:35.0345 0644 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
13:25:35.0356 0644 BrFiltUp - ok
13:25:35.0395 0644 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
13:25:35.0408 0644 Brserid - ok
13:25:35.0442 0644 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
13:25:35.0457 0644 BrSerWdm - ok
13:25:35.0477 0644 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
13:25:35.0492 0644 BrUsbMdm - ok
13:25:35.0510 0644 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
13:25:35.0526 0644 BrUsbSer - ok
13:25:35.0571 0644 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
13:25:35.0585 0644 BTHMODEM - ok
13:25:35.0641 0644 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
13:25:35.0643 0644 cdfs - ok
13:25:35.0658 0644 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
13:25:35.0672 0644 cdrom - ok
13:25:35.0703 0644 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
13:25:35.0717 0644 circlass - ok
13:25:35.0756 0644 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
13:25:35.0790 0644 CLFS - ok
13:25:35.0851 0644 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
13:25:35.0865 0644 CmBatt - ok
13:25:35.0881 0644 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
13:25:35.0893 0644 cmdide - ok
13:25:35.0918 0644 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
13:25:35.0931 0644 Compbatt - ok
13:25:35.0977 0644 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
13:25:35.0991 0644 crcdisk - ok
13:25:36.0066 0644 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
13:25:36.0085 0644 DfsC - ok
13:25:36.0117 0644 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
13:25:36.0135 0644 disk - ok
13:25:36.0225 0644 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
13:25:36.0235 0644 drmkaud - ok
13:25:36.0274 0644 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
13:25:36.0296 0644 DXGKrnl - ok
13:25:36.0324 0644 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
13:25:36.0356 0644 E1G60 - ok
13:25:36.0398 0644 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
13:25:36.0421 0644 Ecache - ok
13:25:36.0477 0644 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
13:25:36.0509 0644 elxstor - ok
13:25:36.0566 0644 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
13:25:36.0580 0644 ErrDev - ok
13:25:36.0656 0644 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
13:25:36.0678 0644 exfat - ok
13:25:36.0710 0644 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
13:25:36.0733 0644 fastfat - ok
13:25:36.0760 0644 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
13:25:36.0773 0644 fdc - ok
13:25:36.0797 0644 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
13:25:36.0813 0644 FileInfo - ok
13:25:36.0829 0644 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
13:25:36.0849 0644 Filetrace - ok
13:25:36.0922 0644 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:25:36.0934 0644 flpydisk - ok
13:25:36.0973 0644 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
13:25:36.0978 0644 FltMgr - ok
13:25:36.0994 0644 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
13:25:37.0006 0644 Fs_Rec - ok
13:25:37.0033 0644 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
13:25:37.0046 0644 FwLnk - ok
13:25:37.0070 0644 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
13:25:37.0088 0644 gagp30kx - ok
13:25:37.0186 0644 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:25:37.0198 0644 GEARAspiWDM - ok
13:25:37.0284 0644 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
13:25:37.0306 0644 HdAudAddService - ok
13:25:37.0332 0644 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:25:37.0333 0644 HDAudBus - ok
13:25:37.0376 0644 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
13:25:37.0390 0644 HidBth - ok
13:25:37.0425 0644 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
13:25:37.0436 0644 HidIr - ok
13:25:37.0488 0644 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
13:25:37.0499 0644 HidUsb - ok
13:25:37.0545 0644 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
13:25:37.0558 0644 HpCISSs - ok
13:25:37.0619 0644 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:25:37.0642 0644 HSFHWAZL - ok
13:25:37.0712 0644 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:25:37.0786 0644 HSF_DPV - ok
13:25:37.0830 0644 HTTP (7c39506bc3be2b77b7671bb320fdb736) C:\Windows\system32\drivers\HTTP.sys
13:25:37.0895 0644 HTTP - ok
13:25:37.0924 0644 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
13:25:37.0937 0644 i2omp - ok
13:25:37.0990 0644 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
13:25:38.0015 0644 i8042prt - ok
13:25:38.0074 0644 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\DRIVERS\iaStor.sys
13:25:38.0078 0644 iaStor - ok
13:25:38.0106 0644 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
13:25:38.0140 0644 iaStorV - ok
13:25:38.0364 0644 igfx (8b7de1ea805335b1361d459acb4ece18) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:25:38.0690 0644 igfx - ok
13:25:38.0771 0644 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
13:25:38.0789 0644 iirsp - ok
13:25:38.0910 0644 IntcAzAudAddService (ce57d1a91272a35989837b868c8366df) C:\Windows\system32\drivers\RTKVHD64.sys
13:25:39.0022 0644 IntcAzAudAddService - ok
13:25:39.0075 0644 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
13:25:39.0096 0644 IntcHdmiAddService - ok
13:25:39.0137 0644 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
13:25:39.0152 0644 intelide - ok
13:25:39.0177 0644 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
13:25:39.0179 0644 intelppm - ok
13:25:39.0215 0644 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:25:39.0235 0644 IpFilterDriver - ok
13:25:39.0263 0644 IpInIp - ok
13:25:39.0288 0644 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
13:25:39.0303 0644 IPMIDRV - ok
13:25:39.0338 0644 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
13:25:39.0340 0644 IPNAT - ok
13:25:39.0388 0644 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
13:25:39.0401 0644 IRENUM - ok
13:25:39.0431 0644 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
13:25:39.0444 0644 isapnp - ok
13:25:39.0475 0644 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
13:25:39.0479 0644 iScsiPrt - ok
13:25:39.0517 0644 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
13:25:39.0529 0644 iteatapi - ok
13:25:39.0563 0644 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
13:25:39.0577 0644 iteraid - ok
13:25:39.0605 0644 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
13:25:39.0621 0644 kbdclass - ok
13:25:39.0644 0644 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:25:39.0655 0644 kbdhid - ok
13:25:39.0689 0644 KSecDD (a6f636c447cf3def5f50018f0c0e1aae) C:\Windows\system32\Drivers\ksecdd.sys
13:25:39.0730 0644 KSecDD - ok
13:25:39.0746 0644 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
13:25:39.0759 0644 ksthunk - ok
13:25:39.0819 0644 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
13:25:39.0832 0644 lltdio - ok
13:25:39.0869 0644 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
13:25:39.0882 0644 LSI_FC - ok
13:25:39.0905 0644 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
13:25:39.0920 0644 LSI_SAS - ok
13:25:39.0943 0644 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
13:25:39.0962 0644 LSI_SCSI - ok
13:25:39.0987 0644 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
13:25:40.0020 0644 luafv - ok
13:25:40.0057 0644 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
13:25:40.0073 0644 megasas - ok
13:25:40.0113 0644 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
13:25:40.0146 0644 MegaSR - ok
13:25:40.0170 0644 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
13:25:40.0172 0644 Modem - ok
13:25:40.0192 0644 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
13:25:40.0194 0644 monitor - ok
13:25:40.0208 0644 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
13:25:40.0225 0644 mouclass - ok
13:25:40.0284 0644 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
13:25:40.0296 0644 mouhid - ok
13:25:40.0321 0644 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
13:25:40.0335 0644 MountMgr - ok
13:25:40.0369 0644 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
13:25:40.0385 0644 mpio - ok
13:25:40.0408 0644 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
13:25:40.0424 0644 mpsdrv - ok
13:25:40.0451 0644 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
13:25:40.0494 0644 Mraid35x - ok
13:25:40.0509 0644 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
13:25:40.0535 0644 MRxDAV - ok
13:25:40.0556 0644 mrxsmb (8e01ed1d845b0dac094a9be50d426187) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:25:40.0578 0644 mrxsmb - ok
13:25:40.0590 0644 mrxsmb10 (fbe643c568f40e6cc386e549013aec99) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:25:40.0616 0644 mrxsmb10 - ok
13:25:40.0628 0644 mrxsmb20 (168da84ebf8afbc6e8f8ee229cc6dc9f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:25:40.0648 0644 mrxsmb20 - ok
13:25:40.0671 0644 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys
13:25:40.0689 0644 msahci - ok
13:25:40.0725 0644 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
13:25:40.0740 0644 msdsm - ok
13:25:40.0755 0644 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
13:25:40.0772 0644 Msfs - ok
13:25:40.0798 0644 msisadrv (e7204a02a42fc331e9ca9d9521105b14) C:\Windows\system32\drivers\msisadrv.sys
13:25:40.0811 0644 msisadrv - ok
13:25:40.0863 0644 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
13:25:40.0875 0644 MSKSSRV - ok
13:25:40.0893 0644 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
13:25:40.0915 0644 MSPCLOCK - ok
13:25:40.0937 0644 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
13:25:40.0950 0644 MSPQM - ok
13:25:40.0976 0644 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
13:25:40.0998 0644 MsRPC - ok
13:25:41.0020 0644 mssmbios (c68739cfa09401233c72b1047dbf0008) C:\Windows\system32\DRIVERS\mssmbios.sys
13:25:41.0022 0644 mssmbios - ok
13:25:41.0045 0644 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
13:25:41.0059 0644 MSTEE - ok
13:25:41.0083 0644 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
13:25:41.0101 0644 Mup - ok
13:25:41.0146 0644 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
13:25:41.0177 0644 NativeWifiP - ok
13:25:41.0235 0644 NDIS (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
13:25:41.0255 0644 NDIS - ok
13:25:41.0280 0644 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
13:25:41.0292 0644 NdisTapi - ok
13:25:41.0314 0644 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
13:25:41.0325 0644 Ndisuio - ok
13:25:41.0367 0644 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
13:25:41.0401 0644 NdisWan - ok
13:25:41.0430 0644 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
13:25:41.0445 0644 NDProxy - ok
13:25:41.0498 0644 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
13:25:41.0515 0644 NetBIOS - ok
13:25:41.0568 0644 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
13:25:41.0624 0644 netbt - ok
13:25:41.0798 0644 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
13:25:41.0991 0644 NETw5v64 - ok
13:25:42.0035 0644 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
13:25:42.0050 0644 nfrd960 - ok
13:25:42.0101 0644 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
13:25:42.0125 0644 Npfs - ok
13:25:42.0148 0644 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
13:25:42.0161 0644 nsiproxy - ok
13:25:42.0212 0644 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
13:25:42.0276 0644 Ntfs - ok
13:25:42.0302 0644 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
13:25:42.0315 0644 Null - ok
13:25:42.0358 0644 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
13:25:42.0377 0644 nvraid - ok
13:25:42.0399 0644 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
13:25:42.0412 0644 nvstor - ok
13:25:42.0453 0644 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
13:25:42.0471 0644 nv_agp - ok
13:25:42.0481 0644 NwlnkFlt - ok
13:25:42.0496 0644 NwlnkFwd - ok
13:25:42.0543 0644 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
13:25:42.0562 0644 ohci1394 - ok
13:25:42.0615 0644 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
13:25:42.0631 0644 Parport - ok
13:25:42.0651 0644 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
13:25:42.0666 0644 partmgr - ok
13:25:42.0682 0644 pci (7a3dc4201208437d7d5c426789e92054) C:\Windows\system32\drivers\pci.sys
13:25:42.0699 0644 pci - ok
13:25:42.0718 0644 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\DRIVERS\pciide.sys
13:25:42.0730 0644 pciide - ok
13:25:42.0753 0644 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
13:25:42.0809 0644 pcmcia - ok
13:25:42.0858 0644 PCTCore (54e013b6d55b81c0aa1ebea80ff42383) C:\Windows\system32\drivers\PCTCore64.sys
13:25:42.0881 0644 PCTCore - ok
13:25:42.0915 0644 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
13:25:42.0952 0644 pctDS - ok
13:25:42.0989 0644 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
13:25:43.0023 0644 PEAUTH - ok
13:25:43.0075 0644 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys
13:25:43.0091 0644 PGEffect - ok
13:25:43.0161 0644 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
13:25:43.0179 0644 PptpMiniport - ok
13:25:43.0203 0644 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
13:25:43.0230 0644 Processor - ok
13:25:43.0270 0644 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
13:25:43.0285 0644 PSched - ok
13:25:43.0336 0644 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
13:25:43.0386 0644 ql2300 - ok
13:25:43.0420 0644 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
13:25:43.0446 0644 ql40xx - ok
13:25:43.0474 0644 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
13:25:43.0488 0644 QWAVEdrv - ok
13:25:43.0649 0644 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
13:25:43.0654 0644 RapportCerberus_34302 - ok
13:25:43.0866 0644 RapportEI64 (c3c5f9517aac5848ffb7f66040780c3c) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
13:25:43.0869 0644 RapportEI64 - ok
13:25:43.0984 0644 RapportKE64 (f6cd072af2e424cd4ff82194e36a6f3c) C:\Windows\system32\Drivers\RapportKE64.sys
13:25:43.0999 0644 RapportKE64 - ok
13:25:44.0053 0644 RapportPG64 (819e5a7e3729273c252ae35f9e5e0bc8) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
13:25:44.0056 0644 RapportPG64 - ok
13:25:44.0092 0644 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
13:25:44.0109 0644 RasAcd - ok
13:25:44.0149 0644 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:25:44.0171 0644 Rasl2tp - ok
13:25:44.0205 0644 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
13:25:44.0224 0644 RasPppoe - ok
13:25:44.0236 0644 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
13:25:44.0256 0644 RasSstp - ok
13:25:44.0278 0644 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
13:25:44.0311 0644 rdbss - ok
13:25:44.0349 0644 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:25:44.0362 0644 RDPCDD - ok
13:25:44.0392 0644 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
13:25:44.0423 0644 rdpdr - ok
13:25:44.0433 0644 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
13:25:44.0447 0644 RDPENCDD - ok
13:25:44.0488 0644 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
13:25:44.0521 0644 RDPWD - ok
13:25:44.0587 0644 rimspci (abf0d2eae54a7f071a54bd2828c982ca) C:\Windows\system32\DRIVERS\rimspe64.sys
13:25:44.0601 0644 rimspci - ok
13:25:44.0627 0644 rixdpcie (e8ed37d472eb5211c0a34fd63a3971e9) C:\Windows\system32\DRIVERS\rixdpe64.sys
13:25:44.0640 0644 rixdpcie - ok
13:25:44.0668 0644 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
13:25:44.0683 0644 rspndr - ok
13:25:44.0733 0644 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys
13:25:44.0756 0644 RTL8169 - ok
13:25:44.0795 0644 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
13:25:44.0810 0644 sbp2port - ok
13:25:44.0840 0644 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
13:25:44.0857 0644 sdbus - ok
13:25:44.0884 0644 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:25:44.0896 0644 secdrv - ok
13:25:44.0934 0644 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
13:25:44.0947 0644 Serenum - ok
13:25:44.0973 0644 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
13:25:44.0999 0644 Serial - ok
13:25:45.0033 0644 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
13:25:45.0045 0644 sermouse - ok
13:25:45.0085 0644 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
13:25:45.0097 0644 sffdisk - ok
13:25:45.0114 0644 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
13:25:45.0127 0644 sffp_mmc - ok
13:25:45.0142 0644 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
13:25:45.0155 0644 sffp_sd - ok
13:25:45.0179 0644 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
13:25:45.0191 0644 sfloppy - ok
13:25:45.0230 0644 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
13:25:45.0246 0644 SiSRaid2 - ok
13:25:45.0280 0644 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
13:25:45.0297 0644 SiSRaid4 - ok
13:25:45.0328 0644 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
13:25:45.0346 0644 Smb - ok
13:25:45.0369 0644 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
13:25:45.0386 0644 spldr - ok
13:25:45.0422 0644 srv (fc9862dc5e67a6eb31e75feb43c64916) C:\Windows\system32\DRIVERS\srv.sys
13:25:45.0456 0644 srv - ok
13:25:45.0471 0644 srv2 (68dcd148225f40ef1cdf6cfc115cb6fe) C:\Windows\system32\DRIVERS\srv2.sys
13:25:45.0492 0644 srv2 - ok
13:25:45.0504 0644 srvnet (4d0858b640cdbcba671c5439a8ef45cb) C:\Windows\system32\DRIVERS\srvnet.sys
13:25:45.0528 0644 srvnet - ok
13:25:45.0562 0644 swenum (409f0882afbb34832b24370c23c550b2) C:\Windows\system32\DRIVERS\swenum.sys
13:25:45.0574 0644 swenum - ok
13:25:45.0603 0644 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
13:25:45.0616 0644 Symc8xx - ok
13:25:45.0638 0644 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
13:25:45.0650 0644 Sym_hi - ok
13:25:45.0678 0644 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
13:25:45.0691 0644 Sym_u3 - ok
13:25:45.0743 0644 SynTP (6de6d25cc1d1cb694a1cc3e4604db644) C:\Windows\system32\DRIVERS\SynTP.sys
13:25:45.0765 0644 SynTP - ok
13:25:45.0821 0644 Tcpip (8e041924441ff8755e5b4f135c8c3767) C:\Windows\system32\drivers\tcpip.sys
13:25:45.0911 0644 Tcpip - ok
13:25:45.0944 0644 Tcpip6 (8e041924441ff8755e5b4f135c8c3767) C:\Windows\system32\DRIVERS\tcpip.sys
13:25:45.0956 0644 Tcpip6 - ok
13:25:46.0000 0644 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
13:25:46.0015 0644 tcpipreg - ok
13:25:46.0048 0644 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
13:25:46.0063 0644 tdcmdpst - ok
13:25:46.0085 0644 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
13:25:46.0111 0644 TDPIPE - ok
13:25:46.0142 0644 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
13:25:46.0164 0644 TDTCP - ok
13:25:46.0227 0644 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
13:25:46.0242 0644 tdx - ok
13:25:46.0295 0644 TermDD (134507aa0b5a2acf57f657d2f956f4e1) C:\Windows\system32\DRIVERS\termdd.sys
13:25:46.0310 0644 TermDD - ok
13:25:46.0374 0644 Thpdrv (e29a0c5c97615bffab138abe308733b4) C:\Windows\system32\DRIVERS\thpdrv.sys
13:25:46.0394 0644 Thpdrv - ok
13:25:46.0430 0644 Thpevm (d6704940a79831b4fa271d7a73d291d8) C:\Windows\system32\DRIVERS\Thpevm.SYS
13:25:46.0446 0644 Thpevm - ok
13:25:46.0552 0644 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
13:25:46.0571 0644 tos_sps64 - ok
13:25:46.0611 0644 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:25:46.0625 0644 tssecsrv - ok
13:25:46.0656 0644 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
13:25:46.0668 0644 tunmp - ok
13:25:46.0680 0644 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
13:25:46.0693 0644 tunnel - ok
13:25:46.0733 0644 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
13:25:46.0749 0644 TVALZ - ok
13:25:46.0776 0644 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
13:25:46.0798 0644 uagp35 - ok
13:25:46.0825 0644 udfs (93edd10512c981d8f5189e1c048a4280) C:\Windows\system32\DRIVERS\udfs.sys
13:25:46.0862 0644 udfs - ok
13:25:46.0901 0644 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
13:25:46.0915 0644 uliagpkx - ok
13:25:46.0947 0644 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
13:25:46.0970 0644 uliahci - ok
13:25:46.0993 0644 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
13:25:47.0015 0644 UlSata - ok
13:25:47.0044 0644 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
13:25:47.0079 0644 ulsata2 - ok
13:25:47.0102 0644 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
13:25:47.0118 0644 umbus - ok
13:25:47.0186 0644 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:25:47.0202 0644 USBAAPL64 - ok
13:25:47.0235 0644 usbccgp (94d2ca4ea9272bf1feeb3bc3c5d1bed8) C:\Windows\system32\DRIVERS\usbccgp.sys
13:25:47.0252 0644 usbccgp - ok
13:25:47.0281 0644 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
13:25:47.0301 0644 usbcir - ok
13:25:47.0337 0644 usbehci (87c446527105dde271ad51bd6058b5b3) C:\Windows\system32\DRIVERS\usbehci.sys
13:25:47.0349 0644 usbehci - ok
13:25:47.0373 0644 usbhub (9c3af1c9e3255726ff4d2e3913312431) C:\Windows\system32\DRIVERS\usbhub.sys
13:25:47.0407 0644 usbhub - ok
13:25:47.0440 0644 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
13:25:47.0454 0644 usbohci - ok
13:25:47.0477 0644 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
13:25:47.0491 0644 usbprint - ok
13:25:47.0530 0644 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:25:47.0544 0644 USBSTOR - ok
13:25:47.0574 0644 usbuhci (1953695eaca70b7b0061dd00fd3656f8) C:\Windows\system32\DRIVERS\usbuhci.sys
13:25:47.0603 0644 usbuhci - ok
13:25:47.0631 0644 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
13:25:47.0655 0644 usbvideo - ok
13:25:47.0678 0644 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
13:25:47.0693 0644 vga - ok
13:25:47.0718 0644 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
13:25:47.0741 0644 VgaSave - ok
13:25:47.0762 0644 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
13:25:47.0773 0644 viaide - ok
13:25:47.0797 0644 volmgr (28b52d1f950b36e03819013d0b7514bc) C:\Windows\system32\drivers\volmgr.sys
13:25:47.0813 0644 volmgr - ok
13:25:47.0830 0644 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
13:25:47.0852 0644 volmgrx - ok
13:25:47.0877 0644 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
13:25:47.0910 0644 volsnap - ok
13:25:47.0940 0644 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
13:25:47.0961 0644 vsmraid - ok
13:25:47.0998 0644 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
13:25:48.0010 0644 WacomPen - ok
13:25:48.0048 0644 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
13:25:48.0066 0644 Wanarp - ok
13:25:48.0071 0644 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
13:25:48.0074 0644 Wanarpv6 - ok
13:25:48.0117 0644 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
13:25:48.0161 0644 Wd - ok
13:25:48.0218 0644 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
13:25:48.0283 0644 Wdf01000 - ok
13:25:48.0369 0644 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:25:48.0468 0644 winachsf - ok
13:25:48.0560 0644 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
13:25:48.0599 0644 WmiAcpi - ok
13:25:48.0681 0644 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
13:25:48.0700 0644 WpdUsb - ok
13:25:48.0759 0644 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
13:25:48.0777 0644 ws2ifsl - ok
13:25:48.0858 0644 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:25:48.0880 0644 WUDFRd - ok
13:25:48.0922 0644 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
13:25:48.0945 0644 \Device\Harddisk0\DR0 - ok
13:25:48.0950 0644 Boot (0x1200) (65ce09c4a9ad15c295a24d27deabe678) \Device\Harddisk0\DR0\Partition0
13:25:48.0951 0644 \Device\Harddisk0\DR0\Partition0 - ok
13:25:48.0959 0644 ============================================================
13:25:48.0959 0644 Scan finished
13:25:48.0959 0644 ============================================================
13:25:48.0982 3928 Detected object count: 0
13:25:48.0982 3928 Actual detected object count: 0
 
Run rKill one more time and then see if you can update and run Malwarebytes.
 
MBAM log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8388

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

12/17/2011 3:33:20 PM
mbam-log-2011-12-17 (15-33-20).txt

Scan type: Full scan (C:\|)
Objects scanned: 342254
Time elapsed: 1 hour(s), 6 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\owner\AppData\Local\lsk.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\owner\AppData\Local\lsk.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\owner\AppData\Local\lsk.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\owner\AppData\Local\Temp\opre0.5369636600064391.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
 
Very good :)

Please, download DDS from one of the 2 mirrors and save it to your desktop.

Mirror 1
Mirror 2

* Disable any script blocking protection (if present)
* Double click the dds icon to run the tool.
* When done, DDS will open two logs:
1. DDS.txt
2. Attach.txt
* Save both reports to your desktop by clicking File>Save As in each log.

Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.

============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
DDS log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8388

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

12/17/2011 3:33:20 PM
mbam-log-2011-12-17 (15-33-20).txt

Scan type: Full scan (C:\|)
Objects scanned: 342254
Time elapsed: 1 hour(s), 6 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\owner\AppData\Local\lsk.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\owner\AppData\Local\lsk.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\owner\AppData\Local\lsk.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\owner\AppData\Local\Temp\opre0.5369636600064391.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
 
DDS log 2

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/2/2009 5:27:58 AM
System Uptime: 12/17/2011 3:38:52 PM (2 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | CPU | 2100/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 196.314 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP183: 5/28/2011 9:18:53 AM - Scheduled Checkpoint
RP184: 5/30/2011 8:33:25 PM - Scheduled Checkpoint
RP185: 6/30/2011 9:17:04 AM - Installed Windows Media Player Firefox Plugin
RP186: 6/30/2011 5:20:12 PM - Windows Update
RP187: 7/5/2011 9:11:15 AM - Scheduled Checkpoint
RP188: 7/17/2011 9:09:23 AM - Scheduled Checkpoint
RP189: 7/20/2011 8:36:02 PM - Scheduled Checkpoint
RP190: 8/4/2011 6:31:18 PM - Scheduled Checkpoint
RP191: 8/13/2011 1:53:55 PM - Scheduled Checkpoint
RP192: 8/18/2011 10:29:02 PM - Removed iTunes
RP193: 8/27/2011 9:46:35 AM - Scheduled Checkpoint
RP194: 9/21/2011 8:14:21 AM - Scheduled Checkpoint
RP195: 10/6/2011 12:48:59 PM - Scheduled Checkpoint
RP196: 11/25/2011 6:07:11 PM - Scheduled Checkpoint
RP197: 11/28/2011 12:40:37 PM - Installed Rapport
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.4.6
Amazon Kindle For PC v1.0
Amazon Links
Apple Application Support
Apple Software Update
Audacity 1.3.13 (Unicode)
AVG Free 8.5
Compatibility Pack for the 2007 Office system
CyberLink PowerCinema for TOSHIBA
Direct DiscRecorder
DVD MovieFactory for TOSHIBA
FlipShare
FoxTab PDF Creator
Full Tilt Poker
Geek Squad 24 Hour Computer Support
Google Chrome
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HP Product Detection
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 24
LightScribe 1.4.124.1
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB941833)
OpenOffice.org 3.3
Palm Desktop
Picasa 3
PokerStove version 1.23
PokerTracker 3 (remove only)
PostgreSQL 8.3
QuickBooks Financial Center
QuickTime
Rapport
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
RICOH R5U230 Media Driver ver.2.02.02.01
Safari
Skype Launcher
Spyware Doctor 8.0
TOSHIBA Agreement Notification Utility
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
Toshiba Quality Application
Toshiba Registration
Toshiba Resources Page
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TweetDeck
Update for Office 2007 (KB946691)
Visual C++ 8.0 Runtime Setup Package (x64)
WebEx
WildTangent Games
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
12/17/2011 3:43:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting

for a transaction response from the ShellHWDetection service.
12/17/2011 3:43:14 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.5 for the Network Card

with network address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/17/2011 12:27:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed

to load: AFD AvgLdx64 AvgMfx64 AvgTdiA DfsC NetBIOS netbt nsiproxy PSched RapportKE64 RasAcd rdbss Smb spldr tdx Wanarpv6

ws2ifsl
12/16/2011 11:18:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting

for the Windows Media Player Network Sharing Service service to connect.
12/16/2011 11:18:15 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service

failed to start due to the following error: The service did not respond to the start or control request in a timely

fashion.
12/15/2011 4:02:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed

to load: RapportKE64 spldr
12/15/2011 4:01:53 PM, Error: Service Control Manager [7023] - The Software Licensing service terminated with the

following error: The system cannot find the file specified.
12/15/2011 4:01:53 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed

to start due to the following error: The driver was not loaded because the system is booting into safe mode.
12/15/2011 4:01:53 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service

failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
12/15/2011 12:39:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/15/2011 12:38:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
12/15/2011 12:37:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed

to load: AvgLdx64 AvgMfx64 RapportKE64 spldr Wanarpv6
12/15/2011 12:37:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service

which failed to start because of the following error: The dependency service or group failed to start.
12/15/2011 12:36:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/15/2011 12:36:11 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
12/15/2011 12:36:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the

service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
12/15/2011 12:36:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/15/2011 12:35:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/15/2011 1:20:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do

not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to

the user NED\owner SID (S-1-5-21-232412378-3118420049-1387226345-1000) from address LocalHost (Using LRPC). This security

permission can be modified using the Component Services administrative tool.
12/15/2011 1:10:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed

to load: AFD AvgLdx64 AvgMfx64 AvgTdiA DfsC NetBIOS netbt nsiproxy PSched RapportKE64 RasAcd rdbss Smb spldr tdx Wanarpv6
12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store

Interface Service service which failed to start because of the following error: The dependency service or group failed to

start.
12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the

Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the

system is not functioning.
12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client

Redirector Driver service which failed to start because of the following error: The dependency service or group failed to

start.
12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary

Function Driver for Winsock service which failed to start because of the following error: A device attached to the system

is not functioning.
12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends

on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to

the system is not functioning.
12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB

MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or

group failed to start.
12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB

MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or

group failed to start.
12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the

NSI proxy service service which failed to start because of the following error: A device attached to the system is not

functioning.
12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the

Network Store Interface Service service which failed to start because of the following error: The dependency service or

group failed to start.
12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network

Location Awareness service which failed to start because of the following error: The dependency service or group failed to

start.
12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network

Store Interface Service service which failed to start because of the following error: The dependency service or group

failed to start.
12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store

Interface Service service which failed to start because of the following error: The dependency service or group failed to

start.
12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI

Support Driver service which failed to start because of the following error: A device attached to the system is not

functioning.
12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function

Driver for Winsock service which failed to start because of the following error: A device attached to the system is not

functioning.
12/15/2011 1:08:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the

service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/15/2011 1:08:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the

service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/14/2011 9:31:15 PM, Error: netbt [4321] - The name "NED :0" could not be registered on the interface with IP

address 192.168.1.4. The computer with the IP address 169.254.204.121 did not allow the name to be claimed by this

computer.
12/14/2011 9:31:12 PM, Error: netbt [4321] - The name "NED :20" could not be registered on the interface with

IP address 192.168.1.4. The computer with the IP address 169.254.204.121 did not allow the name to be claimed by this

computer.
12/14/2011 6:39:41 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card

with network address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/14/2011 12:08:24 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Bill Pay | Confirm Payments, owned by

owner, failed to print on printer hp officejet 6100 series. Try to print the document again, or restart the print spooler.

Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 0. Total number of pages in the

document: 1. Number of pages printed: 0. Client computer: \\NED. Win32 error code returned by the print processor: 2250.

This network connection does not exist.
12/14/2011 10:19:57 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.8 for the Network

Card with network address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK

message).
12/13/2011 8:35:59 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.7 for the Network Card

with network address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/11/2011 7:42:21 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Full page photo, owned by owner, failed

to print on printer hp officejet 6100 series. Try to print the document again, or restart the print spooler. Data type: NT

EMF 1.008. Size of the spool file in bytes: 28062864. Number of bytes printed: 0. Total number of pages in the document: 1.

Number of pages printed: 0. Client computer: \\NED. Win32 error code returned by the print processor: 2250. This network

connection does not exist.
12/11/2011 7:22:57 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6CDA61DC-

6312-447C-BCBC-6270408EB988} because another computer on the network has the same name. The server could not start.
12/11/2011 7:22:57 PM, Error: netbt [4321] - The name "NED :20" could not be registered on the interface with

IP address 192.168.1.3. The computer with the IP address 169.254.204.121 did not allow the name to be claimed by this

computer.
12/11/2011 7:22:57 PM, Error: netbt [4321] - The name "NED :0" could not be registered on the interface with IP

address 192.168.1.3. The computer with the IP address 169.254.204.121 did not allow the name to be claimed by this

computer.
12/10/2011 9:32:56 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card

with network address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/10/2011 8:33:03 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0

bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an

internal error.
12/10/2011 5:54:15 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Test Page, owned by owner, failed to

print on printer hp officejet 6100 series. Try to print the document again, or restart the print spooler. Data type: NT

EMF 1.008. Size of the spool file in bytes: 104348. Number of bytes printed: 0. Total number of pages in the document: 1.

Number of pages printed: 0. Client computer: \\NED. Win32 error code returned by the print processor: 2250. This network

connection does not exist.
.
==== End Of File ===========================
 
aswMBR log

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-17 17:40:20
-----------------------------
17:40:20.869 OS Version: Windows x64 6.0.6001 Service Pack 1
17:40:20.869 Number of processors: 2 586 0x170A
17:40:20.870 ComputerName: NED UserName:
17:40:23.876 Initialize success
17:43:10.691 AVAST engine defs: 11121702
17:43:29.811 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:43:29.814 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
17:43:29.829 Disk 0 MBR read successfully
17:43:29.832 Disk 0 MBR scan
17:43:29.910 Disk 0 Windows VISTA default MBR code
17:43:29.914 Service scanning
17:43:31.580 Modules scanning
17:43:31.585 Disk 0 trace - called modules:
17:43:31.595 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys PCTCore64.sys iaStor.sys hal.dll
17:43:31.599 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006cec060]
17:43:31.602 3 CLASSPNP.SYS[fffffa60014fdb3a] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8006b37280]
17:43:31.605 5 thpdrv.sys[fffffa6001486c8d] -> nt!IofCallDriver -> [0xfffffa8006a32190]
17:43:31.609 7 PCTCore64.sys[fffffa6000b75094] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bc7050]
17:43:32.940 AVAST engine scan C:\Windows
17:43:37.420 AVAST engine scan C:\Windows\system32
17:46:34.697 AVAST engine scan C:\Windows\system32\drivers
17:46:57.344 AVAST engine scan C:\Users\owner
17:47:43.327 File: C:\Users\owner\AppData\Local\lsk.exe **INFECTED** Win32:FakeAV-CRG [Trj]
17:49:47.792 Disk 0 MBR has been saved successfully to "C:\Users\owner\Documents\MBR.dat"
17:49:47.799 The log file has been saved successfully to "C:\Users\owner\Documents\aswMBR.txt"
 
You posted Attach.txt for the second time.
I need DDS.txt log.
Please pay attention.
 
DDS text(I believe)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24
Run by owner at 17:59:13 on 2011-12-17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3963.1455 [GMT -8:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Windows\system32\ThpSrv.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\palmOne\HOTSYNC.EXE
C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehRecvr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\splwow64.exe
C:\Users\owner\Downloads\aswMBR.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
mRun: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe"
mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HOTSYN~1.LNK - C:\Program Files (x86)\palmOne\HOTSYNC.EXE
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6CDA61DC-6312-447C-BCBC-6270408EB988} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
mRun-x64: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe"
mRun-x64: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\4qzenkzp.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111109&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa2.dll
FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa3.dll
FF - plugin: C:\Users\owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\system32\DRIVERS\thpdrv.sys --> C:\Windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS --> C:\Windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Free8 Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~2\AVG\AVG8\avgemc.exe [2009-10-5 908056]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2009-10-5 297752]
R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-6-2 20544]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-3-6 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-9-19 65536]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-19 55808]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-12-15 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-12-15 1150936]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-4-14 251392]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-3-17 84480]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-10 855904]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-28 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [2010-10-26 167264]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-1-20 93696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-28 133104]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2011-12-17 21:14:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-15 21:55:27 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2011-12-15 21:55:27 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2011-12-15 21:55:26 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2011-12-15 21:55:26 137704 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2011-12-15 21:55:25 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2011-12-15 21:55:22 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2011-12-15 21:55:18 -------- d-----w- C:\Users\owner\AppData\Roaming\PC Tools
2011-12-15 21:55:18 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-12-15 21:55:18 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-12-15 21:44:35 -------- d-----w- C:\ProgramData\PC Tools
2011-12-10 16:56:18 -------- d-----w- C:\ProgramData\AVG Secure Search
2011-12-10 16:56:17 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2011-12-10 16:56:16 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2011-12-10 16:56:12 -------- d--h--w- C:\ProgramData\Common Files
2011-11-28 20:41:44 63760 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2011-11-28 20:41:21 -------- d-----w- C:\Users\owner\AppData\Local\Trusteer
2011-11-28 20:41:05 -------- d-----w- C:\Program Files (x86)\Trusteer
2011-11-28 20:38:20 -------- d-----w- C:\ProgramData\Trusteer
.
==================== Find3M ====================
.
2011-12-18 01:59:32 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
.
============= FINISH: 18:00:33.31 ===============
 
Good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix log

ComboFix 11-12-17.05 - owner 12/17/2011 18:44:27.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3963.2626 [GMT -8:00]
Running from: c:\users\owner\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\owner\AppData\Roaming\Microsoft\Windows\Recent\chdppin1108(1).url
c:\users\owner\AppData\Roaming\Microsoft\Windows\Recent\chdppin1108(2).url
c:\users\owner\AppData\Roaming\Microsoft\Windows\Recent\chdppin1108.url
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-17 21:14 . 2011-12-17 22:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-15 21:44 . 2011-12-18 02:37 -------- d-----w- c:\programdata\PC Tools
2011-12-10 16:56 . 2011-12-10 16:56 -------- d--h--w- c:\programdata\Common Files
2011-11-28 20:41 . 2011-11-08 05:28 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2011-11-28 20:41 . 2011-11-28 20:41 -------- d-----w- c:\users\owner\AppData\Local\Trusteer
2011-11-28 20:41 . 2011-11-28 20:41 -------- d-----w- c:\program files (x86)\Trusteer
2011-11-28 20:38 . 2011-11-28 20:38 -------- d-----w- c:\programdata\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 02:57 . 2011-05-14 18:54 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-02 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"TANU"="c:\program files (x86)\TOSHIBA\TANU\TANU.exe" [2009-03-28 263560]
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2009-02-17 143360]
"CLMLServer"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2009-02-17 196608]
"NDSTray.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [2009-03-17 304496]
"cfFncEnabler.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files (x86)\palmOne\HOTSYNC.EXE [2004-4-13 299008]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-28 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-28 133104]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-08 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-08 61712]
S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-17 20544]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-03-07 36864]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-08 931640]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-02-19 55808]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-15 251392]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 84480]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-28 17:35]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-28 17:35]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232412378-3118420049-1387226345-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 16:04]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232412378-3118420049-1387226345-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 16:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 200216]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-13 7220768]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-13 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1713448]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1123840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\4qzenkzp.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111109&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
AddRemove-FoxTab PDF Creator - c:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\sysWOW64\\macromed\\flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\sysWOW64\\macromed\\flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\sysWOW64\\macromed\\flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\sysWOW64\\macromed\\flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\sysWOW64\\macromed\\flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\sysWOW64\\macromed\\flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2011-12-17 19:03:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-18 03:03
.
Pre-Run: 217,033,875,456 bytes free
Post-Run: 217,825,894,400 bytes free
.
- - End Of File - - 4265A1BB2B8D858B6074D3094D7D9ECE
 
Looks good :)

How is computer doing?

You can reinstall AVG now.

Then....

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL.Txt(partial)

Its running fine.
Thanks for your help.
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 64.26% Memory free
7.94 Gb Paging File | 6.03 Gb Available in Paging File | 75.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.38 Gb Total Space | 201.86 Gb Free Space | 70.49% Space Free | Partition Type: NTFS

Computer Name: NED | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/18 11:32:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/02/15 08:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/10/29 14:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/04/16 17:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/04/16 17:42:54 | 002,513,472 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/03/30 15:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009/03/28 11:30:44 | 000,263,560 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe
PRC - [2009/03/17 15:36:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/10 17:50:36 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/06 16:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/02/16 16:09:44 | 000,196,608 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2009/02/16 16:09:36 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2008/09/19 06:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 02:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2004/04/13 16:03:10 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files (x86)\palmOne\HOTSYNC.EXE


========== Modules (No Company Name) ==========

MOD - [2011/11/07 21:32:14 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/03/17 19:58:49 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/02/16 16:09:46 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/16 16:09:42 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/04/14 16:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/03/17 10:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 17:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/27 07:26:38 | 001,461,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/02/27 05:56:50 | 000,830,224 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/02/19 13:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/08/22 09:26:52 | 000,535,608 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2008/03/18 11:26:56 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/21 15:53:16 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/02/15 08:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2009/04/16 17:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/03/30 15:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 16:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/11/03 15:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/09/19 02:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/01/20 18:50:58 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/07 21:28:40 | 000,063,760 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:13:56 | 000,029,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:13:54 | 000,026,704 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:52 | 000,120,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/24 13:29:40 | 000,206,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/03/25 16:23:26 | 000,035,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/03/18 10:46:44 | 000,032,832 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)
DRV:64bit: - [2009/03/18 09:20:08 | 000,265,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/03/03 11:14:24 | 008,040,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/02/12 14:28:00 | 000,057,344 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/02/11 16:26:18 | 000,407,576 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/27 18:12:14 | 000,504,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/01/14 12:50:50 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2008/11/17 06:50:30 | 004,751,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/09/22 05:49:58 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/03/21 11:47:14 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 18:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 18:46:57 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 18:46:57 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 18:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 18:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/11 13:03:36 | 000,027,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 13:00:30 | 000,026,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/04 09:29:04 | 000,014,872 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV:64bit: - [2006/11/19 21:11:06 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV - [2011/12/15 09:01:48 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/07 21:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/11/07 21:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z128&install_date=20111109
IE - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {a6ca9b3b-5e52-4f47-85d8-cca35bb57596}:1.4.10
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111109&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/12/17 19:21:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/12 08:19:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/24 20:26:38 | 000,000,000 | ---D | M]

[2009/10/05 11:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
[2011/11/09 11:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\4qzenkzp.default\extensions
[2011/11/09 11:39:33 | 000,001,945 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\4qzenkzp.default\searchplugins\bing-zugo.xml
[2011/11/12 08:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/17 19:21:17 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/11/12 08:19:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/10 08:56:16 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/12 08:19:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/12 08:19:27 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\owner\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/17 18:57:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TANU] C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
O4 - HKU\S-1-5-21-232412378-3118420049-1387226345-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-232412378-3118420049-1387226345-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-232412378-3118420049-1387226345-1004..\RunOnce: [avg_spchecker] "C:\Program Files (x86)\AVG\AVG8\Notification\SPChecker.exe" /start File not found
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files (x86)\palmOne\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-232412378-3118420049-1387226345-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CDA61DC-6312-447C-BCBC-6270408EB988}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\DfLogon: DllName - (LogonDll.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-3.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.3IV2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
OTL.Txt remainder

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/17 19:37:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/17 19:23:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\AVG2012
[2011/12/17 19:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/12/17 19:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/12/17 19:20:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/12/17 19:19:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/12/17 19:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/12/17 19:03:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/17 18:40:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/17 18:40:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/17 18:40:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/17 18:40:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/17 18:27:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/17 13:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/17 13:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/15 13:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/10 08:56:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/28 12:41:21 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Trusteer
[2011/11/28 12:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2011/11/28 12:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer
[2011/11/28 12:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2011/11/21 11:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

========== Files - Modified Within 30 Days ==========

[2011/12/18 11:39:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232412378-3118420049-1387226345-1000UA.job
[2011/12/18 11:30:47 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2011/12/18 11:30:46 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 11:30:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 11:30:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/18 09:30:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/18 08:54:00 | 084,521,634 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/12/17 19:38:51 | 000,000,428 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/12/17 19:37:36 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/17 19:37:17 | 4156,542,976 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/17 19:21:17 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/12/17 19:21:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2011/12/17 19:21:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2011/12/17 18:57:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/17 18:46:33 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/17 18:46:33 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/17 18:46:33 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/17 18:39:37 | 000,000,868 | ---- | M] () -- C:\Users\owner\Desktop\ComboFix - Shortcut.lnk
[2011/12/17 17:49:47 | 000,000,512 | ---- | M] () -- C:\Users\owner\Documents\MBR.dat
[2011/12/17 13:14:11 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/17 13:02:24 | 000,009,890 | -HS- | M] () -- C:\ProgramData\vibahd5e3upe6uek6otu8t317s4k
[2011/12/17 13:02:23 | 000,009,890 | -HS- | M] () -- C:\Users\owner\AppData\Local\vibahd5e3upe6uek6otu8t317s4k
[2011/12/17 12:53:29 | 000,001,460 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps64.dat
[2011/12/15 13:44:01 | 000,512,992 | ---- | M] () -- C:\Users\owner\Desktop\sdsetup_revwire207.exe
[2011/12/14 19:31:15 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/05 06:39:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232412378-3118420049-1387226345-1000Core.job
[2011/11/28 21:28:53 | 000,006,080 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2011/11/28 11:52:35 | 000,000,933 | ---- | M] () -- C:\Users\owner\Desktop\Continue FoxTab PDF Creator Installation.lnk
[2011/11/21 11:32:15 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2011/12/18 08:54:00 | 084,521,634 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/12/17 19:21:17 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/12/17 18:40:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/17 18:40:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/17 18:40:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/17 18:40:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/17 18:40:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/17 18:39:37 | 000,000,868 | ---- | C] () -- C:\Users\owner\Desktop\ComboFix - Shortcut.lnk
[2011/12/17 17:49:47 | 000,000,512 | ---- | C] () -- C:\Users\owner\Documents\MBR.dat
[2011/12/17 13:14:11 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/17 13:00:52 | 4156,542,976 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/15 13:44:35 | 000,512,992 | ---- | C] () -- C:\Users\owner\Desktop\sdsetup_revwire207.exe
[2011/12/15 11:26:04 | 000,009,890 | -HS- | C] () -- C:\Users\owner\AppData\Local\vibahd5e3upe6uek6otu8t317s4k
[2011/12/15 11:26:04 | 000,009,890 | -HS- | C] () -- C:\ProgramData\vibahd5e3upe6uek6otu8t317s4k
[2011/11/28 12:41:44 | 000,063,760 | ---- | C] () -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/11/28 11:52:35 | 000,000,933 | ---- | C] () -- C:\Users\owner\Desktop\Continue FoxTab PDF Creator Installation.lnk
[2011/11/21 11:32:15 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/09 11:39:37 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/07/04 13:29:53 | 000,001,374 | ---- | C] () -- C:\Windows\SysWow64\bash.exe.stackdump
[2010/10/27 08:20:33 | 000,006,080 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2010/01/09 13:02:15 | 000,001,460 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps64.dat
[2009/11/01 09:11:46 | 000,024,226 | ---- | C] () -- C:\Users\owner\AppData\Roaming\UserTile.png
[2009/10/24 11:15:37 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/22 08:09:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/21 11:34:04 | 000,000,804 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2009/10/14 10:35:40 | 000,004,985 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009/10/10 18:46:13 | 000,025,088 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/05 11:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/06/26 08:42:28 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2009/06/02 06:14:09 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/05/02 23:21:10 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/05/02 23:21:10 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/05/02 23:21:10 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/05/02 23:21:10 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/05/02 23:21:10 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/05/02 23:21:10 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009/05/02 21:23:00 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/05/02 21:23:00 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/03 11:12:44 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/03/03 11:12:44 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/03/03 11:12:42 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/02/18 22:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 07:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 04:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 04:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 01:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2009/06/26 13:43:14 | 000,000,000 | ---D | M] -- C:\Users\Experience\AppData\Roaming\PowerCinema
[2010/01/10 00:03:42 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Amazon
[2011/09/21 11:24:33 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Audacity
[2011/12/17 19:23:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AVG2012
[2011/05/14 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/06 13:18:57 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Flip Video
[2011/03/17 21:14:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenOffice.org
[2009/11/01 09:11:46 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PeerNetworking
[2011/05/08 11:14:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PowerCinema
[2009/10/21 11:34:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Template
[2009/10/05 16:40:53 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TOSHIBA
[2011/03/06 12:44:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009/10/26 20:20:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WildTangent
[2009/06/26 08:41:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch
[2011/12/17 19:36:23 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/20 18:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/05/03 13:43:18 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/12/17 19:03:10 | 000,015,703 | ---- | M] () -- C:\ComboFix.txt
[2009/10/04 12:26:10 | 000,000,122 | ---- | M] () -- C:\dfinstall.log
[2011/12/17 19:37:17 | 4156,542,976 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/02 04:12:02 | 000,000,513 | -H-- | M] () -- C:\log.txt
[2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/12/17 19:37:16 | 175,165,439 | -HS- | M] () -- C:\pagefile.sys
[2011/12/17 13:11:48 | 000,000,478 | ---- | M] () -- C:\rkill.log
[2011/12/17 13:25:49 | 000,071,762 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_17.12.2011_13.25.00_log.txt
[2009/10/04 17:15:43 | 000,007,935 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\Fonts\*.com >
[2006/11/02 07:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 13:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 19:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/10/25 11:54:51 | 000,000,350 | -HS- | M] () -- C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/12/15 13:44:01 | 000,512,992 | ---- | M] () -- C:\Users\owner\Desktop\sdsetup_revwire207.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/06/02 04:28:18 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2009/06/02 04:27:48 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2009/06/02 04:27:48 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2009/06/02 04:27:48 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2009/06/02 04:27:48 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2009/06/02 04:27:48 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/06/26 08:43:06 | 000,000,402 | -HS- | M] () -- C:\Users\owner\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/10/22 08:09:47 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/10/14 10:35:40 | 000,004,985 | ---- | M] () -- C:\ProgramData\ojvzdisj.xda
[2011/12/17 13:02:24 | 000,009,890 | -HS- | M] () -- C:\ProgramData\vibahd5e3upe6uek6otu8t317s4k

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
 
Extras.txt log

OTL Extras logfile created on: 12/18/2011 11:36:02 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\owner\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 64.26% Memory free
7.94 Gb Paging File | 6.03 Gb Available in Paging File | 75.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.38 Gb Total Space | 201.86 Gb Free Space | 70.49% Space Free | Partition Type: NTFS

Computer Name: NED | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-232412378-3118420049-1387226345-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{063EE8FC-B74D-4170-8DDD-6B3D38993DBC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0FA69C4A-3ECA-418C-BE6C-725F153D08BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10976C4F-CD51-4401-BAFB-AE6F4462E643}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{187364E4-02DF-4997-80F1-0A225E6F4AD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19ED0CFC-3310-46D7-9B9C-EC85D7D76C57}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2129A3FB-EACC-46F5-B3DD-D3D77FBA5464}" = lport=138 | protocol=17 | dir=in | app=system |
"{2BD5649F-7CA2-4867-BC02-0A4543EB7CCB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{36BD21CE-C719-4D76-8FD2-BD8041431D88}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |
"{5718F1CA-D416-465A-A6A0-2A3659DD44D1}" = lport=445 | protocol=6 | dir=in | app=system |
"{5C66C7DF-EA70-4A39-9E03-DED3DD7AC1BA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{706FEE63-6CCA-42C5-96CA-9D3725BE1543}" = rport=139 | protocol=6 | dir=out | app=system |
"{768D16AD-DD2D-4110-9ADB-BC451A7A76F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{7B9DC25A-36DB-4103-87A7-32C8194158D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{82FC83E1-2D7F-40B8-BACB-3FAB65F53E94}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{88578612-FFCB-40BB-91F6-6EC00FCDF38B}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |
"{89E6B23D-0415-4C11-92CB-E802851581FD}" = rport=138 | protocol=17 | dir=out | app=system |
"{9424844A-C502-4294-BEA0-357AD594E555}" = rport=137 | protocol=17 | dir=out | app=system |
"{9747837D-1451-4666-A9E7-67F1A303D74B}" = rport=445 | protocol=6 | dir=out | app=system |
"{B4D79C52-A9D7-45FC-86C6-4FF470D915B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B9C53E9A-609D-474F-AF75-20D477BDB220}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D492469B-A827-4A75-9561-D94BE39CA51E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DFA94870-07AA-4662-96F2-583266A5B947}" = rport=2869 | protocol=6 | dir=out | app=system |
"{E075AF04-7909-402D-981C-0628BA89F630}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E48ECFC7-86D5-40C5-B0C4-4143EE1B9CD2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EDFE7025-7726-4A23-A936-B1DFC648A3F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EF1E0DE1-A1AA-4303-AAE3-789BA698EBDB}" = lport=139 | protocol=6 | dir=in | app=system |
"{F620B3B2-77B4-4523-A6FE-5E2BFF6F5014}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FFA01970-609E-4655-8542-55E335378B42}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1734A747-37BA-42D0-BBEB-A0BA58A974EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{1B9C4756-D936-4A65-8F71-23B96B9920E7}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{35AE1CB6-DCE3-40B5-B374-E1BFDFB90911}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{3E3208D2-805A-4DD1-BDDA-90DC01B72648}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{3EDBF3DC-FFE7-4194-85BA-A09A2B2452C3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{572C2F93-0FA9-4531-B9A7-0586B62CF151}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5754E289-73E3-4CE7-BD13-34B7967D5753}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5BCDC29B-E442-4DB1-A5BF-76BF77681FC3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{6D9E3638-9C81-4925-BBCA-3830D4B119B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{73DF0412-3ABC-4B73-B42B-A9A37BC402A2}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{78504FD1-E3D5-4703-876D-ACA627BE3499}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7EA374AB-B891-4BB2-B151-FF9455494292}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{80374A2A-F190-4E76-B229-C33B434E33CC}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |
"{93FB4AC5-1BC3-4B26-9D6E-41BC8EF42909}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{9AC60AAE-AB6E-4CC9-BAE5-5A45EB3609F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A249412C-65ED-478F-A265-730F2670C0CB}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{A28CA3EB-0435-45A7-8EFB-47517674F47D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{AC1D8DCC-5AE8-4975-B6F8-F2D747AA96CF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B199F0AE-FBA8-4A94-BBF3-473AF686F254}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B780A861-1DB2-405E-9101-78B0F7886680}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{BA24FE55-E81E-4F31-B5F9-CE9657624AE7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BB959481-8A47-4067-B204-A501667ED27D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D5D518E5-B9B8-4C83-A2A4-4C29D4617896}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E68F4239-C4CE-4661-8843-C776393F1823}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EFE7CF45-1DAA-444A-9D68-63305F72B7B9}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
"{FA2A9F05-CB79-4A5A-B205-8562CB093623}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{FB5D9481-7079-4463-971F-38E0C8358C99}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{211A230D-7681-4557-8765-2E94E33432F0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{344318C9-A8F7-4A4A-9DE6-F545B7A9CEE1}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{36681FC1-6387-4398-AC4E-143315414CE1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{3963E0B7-E611-4AA2-8419-C0DFF9A28BF5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{B02A53A0-1D8F-4454-BF34-9FF6B3C6844D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{178E0772-2D89-4577-98D4-177DDB3E417F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{AA68C43D-D9F3-4FF6-895D-D2501201BF19}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{B2E0C190-0BCB-4E87-8B5F-7E1A0B9BF286}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{D44FDF77-19A3-48E5-B521-FBFBB141527F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{E23ED991-BF85-4BA1-82BA-790263BCBE38}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65510247-DAA8-4161-9898-42C78EAF1BC5}" = AVG 2012
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC761E9C-5B2D-4C52-9C6D-7BB25712B258}" = AVG 2012
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel(R) PROSet/Wireless WiFi Software
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"AVG" = AVG 2012
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21526716-DFD8-4B90-86D9-EF9F47057B3E}" = Toshiba Resources Page
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{83475EE2-08BD-4134-B4F9-F3FA46EDC508}" = Geek Squad 24 Hour Computer Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}" = Skype Launcher
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{EAEFE1C0-EB56-8963-9EC5-A0EB5FBA358D}" = TweetDeck
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Picasa 3" = Picasa 3
"PokerTracker3" = PokerTracker 3 (remove only)
"Rapport_msi" = Rapport
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"WildTangent toshiba Master Uninstall" = WildTangent Games

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-232412378-3118420049-1387226345-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/28/2011 9:43:59 PM | Computer Name = NED | Source = Windows Search Service | ID = 3013
Description =

Error - 10/28/2011 9:43:59 PM | Computer Name = NED | Source = Windows Search Service | ID = 3013
Description =

Error - 10/29/2011 12:06:00 PM | Computer Name = NED | Source = WinMgmt | ID = 10
Description =

Error - 11/7/2011 4:21:42 PM | Computer Name = NED | Source = Perflib | ID = 1023
Description =

Error - 11/7/2011 4:21:43 PM | Computer Name = NED | Source = Perflib | ID = 1008
Description =

Error - 11/7/2011 4:21:43 PM | Computer Name = NED | Source = Perflib | ID = 1023
Description =

Error - 12/7/2011 1:03:46 PM | Computer Name = NED | Source = Perflib | ID = 1023
Description =

Error - 12/7/2011 1:03:49 PM | Computer Name = NED | Source = Perflib | ID = 1008
Description =

Error - 12/7/2011 1:03:49 PM | Computer Name = NED | Source = Perflib | ID = 1023
Description =

Error - 12/7/2011 3:27:11 PM | Computer Name = NED | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/1/2010 10:14:44 PM | Computer Name = NED | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.35 for the Network Card with network
address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/1/2010 11:17:02 PM | Computer Name = NED | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.36 for the Network Card with network
address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/1/2010 11:17:40 PM | Computer Name = NED | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 11/1/2010 11:17:48 PM | Computer Name = NED | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 11/2/2010 12:28:17 AM | Computer Name = NED | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.37 for the Network Card with network
address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/2/2010 12:28:32 AM | Computer Name = NED | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 11/2/2010 12:28:34 AM | Computer Name = NED | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 11/2/2010 1:10:41 PM | Computer Name = NED | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.39 for the Network Card with network
address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/2/2010 1:10:51 PM | Computer Name = NED | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 11/2/2010 1:10:54 PM | Computer Name = NED | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.


< End of report >
 
Good news :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
[2011/11/09 11:39:33 | 000,001,945 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\4qzenkzp.default\se archplugins\bing-zugo.xml
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
O4 - HKU\S-1-5-21-232412378-3118420049-1387226345-1004..\RunOnce: [avg_spchecker] "C:\Program Files (x86)\AVG\AVG8\Notification\SPChecker.exe" /start File not found
[2011/12/17 13:02:24 | 000,009,890 | -HS- | M] () -- C:\ProgramData\vibahd5e3upe6uek6otu8t317s4k
[2011/12/17 13:02:23 | 000,009,890 | -HS- | M] () -- C:\Users\owner\AppData\Local\vibahd5e3upe6uek6otu8t317s4k
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

===========================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL log

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
File C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\4qzenkzp.default\se archplugins\bing-zugo.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TWebCamera deleted successfully.
Registry value HKEY_USERS\S-1-5-21-232412378-3118420049-1387226345-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\avg_spchecker deleted successfully.
C:\ProgramData\vibahd5e3upe6uek6otu8t317s4k moved successfully.
C:\Users\owner\AppData\Local\vibahd5e3upe6uek6otu8t317s4k moved successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Experience
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: owner
->Temp folder emptied: 16389362 bytes
->Temporary Internet Files folder emptied: 55848437 bytes
->Java cache emptied: 4077431 bytes
->FireFox cache emptied: 111585387 bytes
->Google Chrome cache emptied: 50892745 bytes
->Apple Safari cache emptied: 6819840 bytes
->Flash cache emptied: 443055 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 369 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 9776213 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 244.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Experience

User: owner
->Flash cache emptied: 0 bytes

User: postgres

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12182011_121400

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6GQK2CK\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A710GOKJ\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MTHDVMW\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00PDJVWQ\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
checkup.txt

Results of screen317's Security Check version 0.99.24
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 30
Adobe Flash Player ( 10.2.152.32) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````
 
You must log in or register to reply here.

Similar threads

Cal Jeffrey
Qatar 'requires' World Cup visitors to install state-sponsored 'spyware' on their phones
2 3 4
Replies
77
Views
4K
m3tavision
m3tavision
midian182
2K Games confirms user details were stolen in data breach last month
Replies
3
Views
598
passwordistaco
P
C
Solved DWM.exe using 30-40% CPU and 2-4GB of RAM, also creating a suspicious connection
2
Replies
46
Views
7K
Broni
Broni

Latest posts

Back