Inactive Hit by the System Check virus

Status
Not open for further replies.
F

funkymonky

Posts: 19   +0
Hey guys, I need some help with getting rid of the System Check virus. I keep getting pop ups saying the hard drive clustered are damaged, a bunch of my desktop icons have disappeared, and the computer is running slow overall. I went through the 5 steps on malware removal, and i'll put the logs in the next few posts. Any help is greatly appreciated, thanks!
 
malware bytes log

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.19.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
ngan :: HELEN-PC [administrator]

1/21/2012 4:51:22 PM
mbam-log-2012-01-21 (16-51-22).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 420779
Time elapsed: 3 hour(s), 28 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\ngan\AppData\Local\Temp\p9pl2206253129926039853.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.

(end)
 
GMER log

Not sure if I should run this one again

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-21 23:42:49
Windows 6.0.6002 Service Pack 2
Running: vh4cy0vp.exe; Driver: C:\Users\ngan\AppData\Local\Temp\awtoipow.sys


---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB56859$\2926217320 0 bytes
File C:\Windows\$NtUninstallKB56859$\3233291939 0 bytes
File C:\Windows\$NtUninstallKB56859$\3233291939\L 0 bytes
File C:\Windows\$NtUninstallKB56859$\3233291939\U 0 bytes

---- EOF - GMER 1.0.15 ----
 
DDS Log

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_22
Run by ngan at 23:45:06 on 2012-01-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.723 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\dlbkcoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Dell AIO Printer A920\DLBKbmgr.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\LQWxKGCKoVDdhWT.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\ProgramData\Bp26Blb39DVrGH.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre2.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre2.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - c:\program files\bflixtoolbar\vmntemplateX.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre2.dll
TB: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - c:\program files\bflixtoolbar\vmntemplateX.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Spotify] "c:\users\ngan\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [LQWxKGCKoVDdhWT.exe] c:\programdata\LQWxKGCKoVDdhWT.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [Skytel] Skytel.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [dlbkbmgr.exe] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0F334C34-DA0E-4CC7-9B30-DD2FF09902A1} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ngan\appdata\roaming\mozilla\firefox\profiles\pzctg0ec.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z134&install_date=20111112
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ce5d87e&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
FF - component: c:\users\ngan\appdata\roaming\mozilla\firefox\profiles\pzctg0ec.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\ngan\appdata\roaming\mozilla\firefox\profiles\pzctg0ec.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\ngan\appdata\roaming\mozilla\firefox\profiles\pzctg0ec.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\ngan\appdata\roaming\mozilla\firefox\profiles\pzctg0ec.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko7.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\ngan\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-5-6 20352]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service --> c:\windows\system32\dlbkcoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-18 909152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 awtoipow;awtoipow;C:\awtoipow.sys [2012-1-21 100864]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca5cf69c6e592b;Google Update Service (gupdate1ca5cf69c6e592b);c:\program files\google\update\GoogleUpdate.exe [2009-11-3 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-3 133104]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-5-6 937984]
S3 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-22 04:49:47 100864 ----a-w- C:\awtoipow.sys
2012-01-22 00:53:00 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c9182294-b989-4eab-9f41-4d85602575d8}\offreg.dll
2012-01-22 00:45:45 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c9182294-b989-4eab-9f41-4d85602575d8}\mpengine.dll
2012-01-21 08:31:28 364262 ---ha-w- c:\programdata\Bp26Blb39DVrGH.exe
2012-01-21 08:28:48 451302 ---ha-w- c:\programdata\LQWxKGCKoVDdhWT.exe
2012-01-19 06:34:36 -------- d-----w- c:\windows\system32\cache
2012-01-11 21:58:23 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 21:58:22 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 21:58:16 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 21:58:12 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 21:58:06 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 21:58:03 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 21:57:51 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 21:57:50 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-09 07:49:59 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-09 07:49:59 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-09 07:49:58 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-09 07:49:58 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-07 23:49:37 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-01-05 23:56:40 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-05 23:12:38 -------- d--h--w- c:\users\ngan\appdata\roaming\AVG2012
2012-01-05 23:11:27 -------- d--h--w- c:\programdata\AVG Secure Search
2012-01-05 23:11:14 -------- d-----w- c:\program files\AVG Secure Search
2012-01-05 22:58:09 -------- d--h--w- c:\users\ngan\appdata\roaming\AVG
.
==================== Find3M ====================
.
2012-01-19 00:21:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 22:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 23:46:55.35 ===============
 
and finally, the attatch log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/6/2008 8:01:21 AM
System Uptime: 1/21/2012 8:23:51 PM (3 hours ago)
.
Motherboard: TOSHIBA | | ISKAA
Processor: Intel(R) Celeron(R) CPU 540 @ 1.86GHz | U2E1 | 1862/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 110 GiB total, 57.468 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
AVG 2012
BFlix Toolbar
Bluetooth Stack for Windows by Toshiba
Bonjour
Canon iP1700
Canon iP1700 User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Dell AIO Printer A920
DivX Setup
DVD MovieFactory for TOSHIBA
Easy-WebPrint
Facebook Plug-In
Freecorder
Freecorder Toolbar
GearDrvs
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
iTunes
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 22
Linksys EasyLink Advisor
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office Converter Pack
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Organization Chart 2.0
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
OGA Notifier 2.0.0048.0
Pure Networks Platform
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skype web features
Skype™ 4.1
Spotify
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Games
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Utility Common Driver
VC80CRTRedist - 8.0.50727.4053
Verizon FiOS Activation
Verizon Help and Support Tool
Vz In Home Agent
WebEx Support Manager for Internet Explorer
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Xvid 1.2.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
1/21/2012 8:32:06 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/21/2012 8:26:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp
1/21/2012 8:26:04 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/21/2012 8:26:04 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/21/2012 8:26:04 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/21/2012 8:26:04 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/21/2012 8:25:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/21/2012 5:57:35 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
1/21/2012 5:57:13 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
1/21/2012 4:47:40 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
1/21/2012 4:24:11 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/21/2012 2:15:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/21/2012 2:13:30 PM, Error: EventLog [6008] - The previous system shutdown at 12:44:34 AM on 1/21/2012 was unexpected.
1/20/2012 3:41:44 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
1/20/2012 3:24:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/19/2012 1:32:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
1/19/2012 1:18:11 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/18/2012 6:33:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/18/2012 12:19:01 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001B9EF26A52. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
.
==== End Of File ===========================
 
Welcome to TechSpot! I'll help with the malware.

But we need to address this first:
AV: Microsoft Security Essentials *Enabled
AV: AVG Internet Security 2012 *Enabled/
FW: AVG Firewall *Enabled
>>>>> ONE antivirus, ONE firewall<<<<<<<<<<<<
Please remove one of these. Reboot when finished.
Consider this: I will have you run Combofix later. It will not run with AVG on the system so AVG will need to be temporarily uninstalled. We provide you with 2 links from which to choose a temporary AV program. If AVG is your preference of the above, go ahead and uninstall MSE now and I will instruct you about AVG when we get there.
============================
Please run the following- it will take away the attribute from the malware that makes the icons, programs, etc. seem missing:
Download Unhide.exe and save to the desktop.
  • Double-click on Unhide.exe icon to run the program.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
Note: This does not remove the malware itself so it is important that you continue.
===========================
There are several very active malware infections that cause some of the same symptoms- but their fix is different. So I'd like you to go ahead with Combofix to help define which rogue it running. Ignore the alerts and error messages you are getting. They are 'invented' by the malware to try and trick you into buying a program to fix problems you don't have!
==========================
To be on the safe side, do not use any cleaning program that removes the temporary files at this time.
===========================
I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
============================================
Please paste the Combofix log into your next reply.
============================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
thanks!

sorry for the slow response, the computer is running at a snail's pace, but I'm downloading AppRemover right now to take off AVG. I'll download Combofix after that and keep you updated. Thanks again for your help!
 
Okay. Close any other running programs that aren't being used> How much RAM is installed?

Post logs when ready.
 
MSE

hmm, I turned off the real time protection on MSE, but ComboFix keeps saying that it's active and i need to "disable these scanners before clicking OK". Should I continue anyways? ComboFix only took up 4.18 MB, and the computer is already running faster :)
 
Go ahead and bypass the warning and run the scan.

I went looking for suggestions and found this on a TechNet forum:

To disable Microsoft Security Essentials:
Open the application (click the icon in the task-bar, find it from the start menu or navigate to C:\Program Files\Microsoft Security Essentials\msseces.exe)

From the control panel, go to the ‘Settings’ tab Un-tick the ‘Turn on real-time protection’ checkbox and Microsoft Security Essentials is now disabled
Click to expand...
An additional suggestion was:
To disable real-time protection only :
Open MSE -> click Settings and under real-time protection -> uncheck the option Turn ON real-time protection
Click to expand...

I am always amazed when someone asks how to disable security program that 30 people avoid giving the instructions and instead spend post after post giving them all the reasons why they "shouldn't" do it!

You'd think the MVPs et al would know that there are times when security has to be disabled!

Sorry> off of soapbox now!
 
aha, no worries, I know exactly how you feel. Sometimes you just have to risk disabling AV programs if you wanna fix your computer! Anywho, so ComboFix has been running for about an hour now, but nothing's changed aside from the blue screen that says it shouldn't take more than 10 minutes. Is there supposed to be a timer on that screen? Because mine doesn't have one, and the cursor just sits there blinking. Should I reboot and try again?
 
I rebooted the computer to try ComboFix again, and now all my desktop icons have disappeared again. I downloaded Rkill, so here's the log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/23/2012 at 21:39:53.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\ProgramData\LQWxKGCKoVDdhWT.exe
C:\ProgramData\Bp26Blb39DVrGH.exe


Rkill completed on 01/23/2012 at 21:41:26.
 
combofix keeps telling me that access is denied while waiting to scan because administrator permission is needed. i've also tried running it in safe mode, uninstalling and reinstalling, and the same thing keeps happening
 
Those processes stopped by RKill are from the malware. When you run RKill, you should not reboot the computer before running Combofix- if you do, the malware entries will return.

Try this once: Do a right click on combofix.exe> Run as Administrator> then go ahead with this> Double click combofix.exe & follow the prompts.
IF that doesn't work, skip Combofix for now and do the following:

If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners
============================================
See below. Do this if needed: Press Windows+R key> type cmd> OK

1. If your task manager is disabled,copy and run this command
Code: 
Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr
Press Enter

2. If you're desktop is blank and unable to right click on it ,run this command
Code: 
Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop[/b]
Press Enter
==============================
Please print out the following instructions. It is important that the order of the scan below be followed exactly. Please read through all of the instructions before you begin.
--------------------------
The following can be run first to allow you to 'see' the programs, files,etc. But it is important that you understand that this does not remove the malware, only the attribute to hide these features. So it is important that you continue with the cleaning:
1. Download Unhide.exe and save to the desktop.
  • Double-click on Unhide.exe icon to run the program.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
Note: This does not remove the malware- only the attribute that hides icons and programs. It is important that you continue.
================================
2. Boot into Safe Mode with Networking
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, using your up/down arrows to reach it and then press ENTER.
=======================================
3. To end the processes that belong to the rogue program:
Please click on RKill
  • At the download page, click on Download now button for iExplore.exe download link and save to the desktop
  • Double click on the iExplore.exe icon
  • Please be patient- it may take a bit.
  • The black Window will close when through and you can continue.
Note: If you get a message that RKilll is malware, ignore it> it's from the malware.
=======================================
Do not reboot your computer after running RKill as the malware programs will start again.
================================
4. This malware frequently comes with the TDSSrootkit, so do the following:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43 Save log and post in next reply.
  • After clicking Next, the utility applies selected actions and outputs the result.
  • A reboot is required after disinfection.
====================================
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
5. Update and rescan with Malwarebytes:
  • Select Perform Full Scan on the Scanner tab
  • Click on the Scan button.
  • When scan has finished, you will see this image:
    scan-finished.jpg
  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format>Uncheckk Word Wrap before copying the log to paste in your next reply.
==============================
6. Correct Display Changes if needed:
If the desktop background is black or if the theme has been removed:
For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
=====================================
7. Some items may not show on the Start menu. To add them back:
  • Right click on Start> Properties
  • Taskbar and Start Menu Properties screen appears
  • choose Start Menu tab> Click on Customize
  • For Windows XP> Choose Advanced tab
  • Check the items you want back on the Start Menu
  • When finished> click on OK> Apply and close.
====================================
You can now reboot back into Normal Mode.
=======================================
Please leave logs for TDSSKiller and new Mbam in next reply.
 
in case you need it, this is what showed up when i went into cmd and pasted the commands:

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\ngan>
C:\Users\ngan>Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\C
urrentVersion\Policies\System /v DisableTaskMgr
Delete the registry value DisableTaskMgr (Yes/No)? ERROR: Access is denied.

C:\Users\ngan>Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\C
urrentVersion\Policies\Explorer /v NoDesktop[/b]
Delete the registry value NoDesktop[/b] (Yes/No)? ERROR: Access is denied.

C:\Users\ngan>
 
TDSSKiller log

dang it, it says no infections found

14:18:45.0130 2012 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
14:18:45.0645 2012 ============================================================
14:18:45.0645 2012 Current date / time: 2012/01/24 14:18:45.0645
14:18:45.0645 2012 SystemInfo:
14:18:45.0645 2012
14:18:45.0645 2012 OS Version: 6.0.6002 ServicePack: 2.0
14:18:45.0645 2012 Product type: Workstation
14:18:45.0645 2012 ComputerName: HELEN-PC
14:18:45.0661 2012 UserName: ngan
14:18:45.0661 2012 Windows directory: C:\Windows
14:18:45.0661 2012 System windows directory: C:\Windows
14:18:45.0661 2012 Processor architecture: Intel x86
14:18:45.0661 2012 Number of processors: 1
14:18:45.0661 2012 Page size: 0x1000
14:18:45.0661 2012 Boot type: Safe boot with network
14:18:45.0661 2012 ============================================================
14:18:47.0408 2012 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:18:47.0439 2012 Initialize success
14:19:12.0633 0828 ============================================================
14:19:12.0633 0828 Scan started
14:19:12.0633 0828 Mode: Manual;
14:19:12.0633 0828 ============================================================
14:19:13.0319 0828 .netbt - ok
14:19:13.0460 0828 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:19:13.0460 0828 ACPI - ok
14:19:13.0553 0828 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:19:13.0553 0828 adp94xx - ok
14:19:13.0663 0828 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:19:13.0678 0828 adpahci - ok
14:19:13.0756 0828 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:19:13.0772 0828 adpu160m - ok
14:19:13.0834 0828 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:19:13.0834 0828 adpu320 - ok
14:19:13.0975 0828 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:19:13.0990 0828 AFD - ok
14:19:14.0115 0828 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
14:19:14.0131 0828 AgereSoftModem - ok
14:19:14.0224 0828 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:19:14.0240 0828 agp440 - ok
14:19:14.0318 0828 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:19:14.0318 0828 aic78xx - ok
14:19:14.0365 0828 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:19:14.0365 0828 aliide - ok
14:19:14.0474 0828 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:19:14.0474 0828 amdagp - ok
14:19:14.0552 0828 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:19:14.0552 0828 amdide - ok
14:19:14.0614 0828 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:19:14.0614 0828 AmdK7 - ok
14:19:14.0723 0828 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:19:14.0723 0828 AmdK8 - ok
14:19:14.0833 0828 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:19:14.0833 0828 ApfiltrService - ok
14:19:14.0989 0828 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:19:14.0989 0828 arc - ok
14:19:15.0035 0828 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:19:15.0051 0828 arcsas - ok
14:19:15.0113 0828 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:19:15.0113 0828 AsyncMac - ok
14:19:15.0191 0828 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:19:15.0191 0828 atapi - ok
14:19:15.0269 0828 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
14:19:15.0316 0828 athr - ok
14:19:15.0457 0828 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys
14:19:15.0457 0828 Avgfwfd - ok
14:19:15.0566 0828 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:19:15.0566 0828 Beep - ok
14:19:15.0675 0828 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:19:15.0675 0828 blbdrive - ok
14:19:15.0784 0828 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:19:15.0784 0828 bowser - ok
14:19:15.0878 0828 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:19:15.0878 0828 BrFiltLo - ok
14:19:15.0940 0828 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:19:15.0956 0828 BrFiltUp - ok
14:19:16.0034 0828 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:19:16.0049 0828 Brserid - ok
14:19:16.0081 0828 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:19:16.0081 0828 BrSerWdm - ok
14:19:16.0190 0828 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:19:16.0190 0828 BrUsbMdm - ok
14:19:16.0283 0828 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:19:16.0283 0828 BrUsbSer - ok
14:19:16.0361 0828 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:19:16.0361 0828 BTHMODEM - ok
14:19:16.0471 0828 catchme - ok
14:19:16.0580 0828 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:19:16.0580 0828 cdfs - ok
14:19:16.0642 0828 Cdr4_xp - ok
14:19:16.0736 0828 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:19:16.0783 0828 cdrom - ok
14:19:17.0126 0828 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:19:17.0141 0828 circlass - ok
14:19:17.0235 0828 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:19:17.0235 0828 CLFS - ok
14:19:17.0391 0828 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:19:17.0422 0828 CmBatt - ok
14:19:17.0453 0828 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:19:17.0453 0828 cmdide - ok
14:19:17.0500 0828 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:19:17.0516 0828 Compbatt - ok
14:19:17.0625 0828 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:19:17.0625 0828 crcdisk - ok
14:19:17.0687 0828 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:19:17.0687 0828 Crusoe - ok
14:19:17.0781 0828 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:19:17.0781 0828 DfsC - ok
14:19:17.0968 0828 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:19:17.0968 0828 disk - ok
14:19:18.0155 0828 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:19:18.0155 0828 drmkaud - ok
14:19:18.0218 0828 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:19:18.0233 0828 DXGKrnl - ok
14:19:18.0374 0828 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:19:18.0374 0828 E1G60 - ok
14:19:18.0483 0828 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:19:18.0483 0828 Ecache - ok
14:19:18.0592 0828 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:19:18.0608 0828 elxstor - ok
14:19:18.0748 0828 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:19:18.0748 0828 ErrDev - ok
14:19:18.0842 0828 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:19:18.0857 0828 exfat - ok
14:19:18.0951 0828 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:19:18.0967 0828 fastfat - ok
14:19:19.0029 0828 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:19:19.0029 0828 fdc - ok
14:19:19.0138 0828 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:19:19.0138 0828 FileInfo - ok
14:19:19.0185 0828 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:19:19.0185 0828 Filetrace - ok
14:19:19.0263 0828 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:19:19.0263 0828 flpydisk - ok
14:19:19.0357 0828 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:19:19.0372 0828 FltMgr - ok
14:19:19.0513 0828 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:19:19.0513 0828 Fs_Rec - ok
14:19:19.0591 0828 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:19:19.0591 0828 gagp30kx - ok
14:19:19.0747 0828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
14:19:19.0747 0828 GEARAspiWDM - ok
14:19:19.0871 0828 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:19:19.0887 0828 HdAudAddService - ok
14:19:19.0996 0828 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:19:20.0012 0828 HDAudBus - ok
14:19:20.0090 0828 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:19:20.0090 0828 HidBth - ok
14:19:20.0199 0828 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:19:20.0199 0828 HidIr - ok
14:19:20.0293 0828 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:19:20.0293 0828 HidUsb - ok
14:19:20.0355 0828 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:19:20.0355 0828 HpCISSs - ok
14:19:20.0480 0828 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:19:20.0480 0828 HTTP - ok
14:19:20.0573 0828 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:19:20.0573 0828 i2omp - ok
14:19:20.0667 0828 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:19:20.0683 0828 i8042prt - ok
14:19:20.0761 0828 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:19:20.0761 0828 iaStorV - ok
14:19:20.0963 0828 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:19:21.0010 0828 igfx - ok
14:19:21.0104 0828 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:19:21.0104 0828 iirsp - ok
14:19:21.0307 0828 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
14:19:21.0353 0828 IntcAzAudAddService - ok
14:19:21.0478 0828 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:19:21.0478 0828 intelide - ok
14:19:21.0509 0828 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:19:21.0509 0828 intelppm - ok
14:19:21.0572 0828 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:19:21.0572 0828 IpFilterDriver - ok
14:19:21.0619 0828 IpInIp - ok
14:19:21.0712 0828 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:19:21.0712 0828 IPMIDRV - ok
14:19:21.0759 0828 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:19:21.0759 0828 IPNAT - ok
14:19:21.0899 0828 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:19:21.0899 0828 IRENUM - ok
14:19:21.0946 0828 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:19:21.0946 0828 isapnp - ok
14:19:22.0009 0828 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:19:22.0009 0828 iScsiPrt - ok
14:19:22.0336 0828 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:19:22.0336 0828 iteatapi - ok
14:19:22.0445 0828 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:19:22.0445 0828 iteraid - ok
14:19:22.0523 0828 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
14:19:22.0523 0828 jswpslwf - ok
14:19:22.0570 0828 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:19:22.0570 0828 kbdclass - ok
14:19:22.0679 0828 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
14:19:22.0679 0828 kbdhid - ok
14:19:22.0757 0828 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
14:19:22.0773 0828 KR10I - ok
14:19:22.0851 0828 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
14:19:22.0851 0828 KR10N - ok
14:19:22.0960 0828 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
14:19:22.0976 0828 KSecDD - ok
14:19:23.0116 0828 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:19:23.0132 0828 lltdio - ok
14:19:23.0179 0828 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
14:19:23.0179 0828 LPCFilter - ok
14:19:23.0303 0828 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:19:23.0303 0828 LSI_FC - ok
14:19:23.0366 0828 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:19:23.0366 0828 LSI_SAS - ok
14:19:23.0428 0828 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:19:23.0444 0828 LSI_SCSI - ok
14:19:23.0522 0828 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:19:23.0522 0828 luafv - ok
14:19:23.0662 0828 LVcKap (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys
14:19:23.0709 0828 LVcKap - ok
14:19:23.0943 0828 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys
14:19:23.0990 0828 LVMVDrv - ok
14:19:24.0239 0828 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\Windows\system32\DRIVERS\lvpopflt.sys
14:19:24.0271 0828 lvpopflt - ok
14:19:24.0395 0828 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
14:19:24.0411 0828 LVPr2Mon - ok
14:19:24.0489 0828 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\drivers\LVUSBSta.sys
14:19:24.0489 0828 LVUSBSta - ok
14:19:24.0723 0828 LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\Windows\system32\DRIVERS\lvuvc.sys
14:19:24.0817 0828 LVUVC - ok
14:19:24.0988 0828 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:19:24.0988 0828 megasas - ok
14:19:25.0035 0828 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:19:25.0051 0828 MegaSR - ok
14:19:25.0175 0828 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:19:25.0175 0828 Modem - ok
14:19:25.0222 0828 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:19:25.0222 0828 monitor - ok
14:19:25.0300 0828 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:19:25.0300 0828 mouclass - ok
14:19:25.0378 0828 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:19:25.0378 0828 mouhid - ok
14:19:25.0441 0828 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:19:25.0441 0828 MountMgr - ok
14:19:25.0550 0828 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
14:19:25.0550 0828 MpFilter - ok
14:19:25.0612 0828 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:19:25.0612 0828 mpio - ok
14:19:25.0721 0828 MpKsl082712e8 - ok
14:19:25.0753 0828 MpKsl0fcf55b5 - ok
14:19:25.0784 0828 MpKsl266654e7 - ok
14:19:25.0893 0828 MpKsl274f4448 - ok
14:19:25.0909 0828 MpKsl29e05255 - ok
14:19:25.0924 0828 MpKsl566a92d8 - ok
14:19:25.0971 0828 MpKsl5df3622d - ok
14:19:25.0987 0828 MpKsl65e3cb49 - ok
14:19:25.0987 0828 MpKsl7748d916 - ok
14:19:26.0018 0828 MpKsl7eaab1d5 - ok
14:19:26.0033 0828 MpKslcfb3a591 - ok
14:19:26.0049 0828 MpKsld48eea5f - ok
14:19:26.0174 0828 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:19:26.0174 0828 MpNWMon - ok
14:19:26.0236 0828 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:19:26.0236 0828 mpsdrv - ok
14:19:26.0345 0828 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:19:26.0345 0828 Mraid35x - ok
14:19:26.0455 0828 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
14:19:26.0455 0828 MREMP50 - ok
14:19:26.0470 0828 MREMP50a64 - ok
14:19:26.0486 0828 MREMPR5 - ok
14:19:26.0486 0828 MRENDIS5 - ok
14:19:26.0548 0828 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
14:19:26.0548 0828 MRESP50 - ok
14:19:26.0564 0828 MRESP50a64 - ok
14:19:26.0673 0828 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:19:26.0673 0828 MRxDAV - ok
14:19:26.0735 0828 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:19:26.0735 0828 mrxsmb - ok
14:19:26.0860 0828 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:19:26.0860 0828 mrxsmb10 - ok
14:19:26.0923 0828 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:19:26.0923 0828 mrxsmb20 - ok
14:19:27.0047 0828 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
14:19:27.0047 0828 msahci - ok
14:19:27.0110 0828 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:19:27.0110 0828 msdsm - ok
14:19:27.0157 0828 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:19:27.0157 0828 Msfs - ok
14:19:27.0235 0828 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:19:27.0235 0828 msisadrv - ok
14:19:27.0531 0828 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:19:27.0531 0828 MSKSSRV - ok
14:19:27.0703 0828 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:19:27.0703 0828 MSPCLOCK - ok
14:19:27.0734 0828 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:19:27.0734 0828 MSPQM - ok
14:19:27.0781 0828 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:19:27.0781 0828 MsRPC - ok
14:19:27.0921 0828 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:19:27.0921 0828 mssmbios - ok
14:19:27.0952 0828 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:19:27.0952 0828 MSTEE - ok
14:19:27.0999 0828 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:19:27.0999 0828 Mup - ok
14:19:28.0139 0828 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:19:28.0139 0828 NativeWifiP - ok
14:19:28.0186 0828 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:19:28.0186 0828 NDIS - ok
14:19:28.0249 0828 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:19:28.0249 0828 NdisTapi - ok
14:19:28.0342 0828 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:19:28.0342 0828 Ndisuio - ok
14:19:28.0420 0828 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:19:28.0420 0828 NdisWan - ok
14:19:28.0514 0828 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:19:28.0514 0828 NDProxy - ok
14:19:28.0576 0828 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:19:28.0576 0828 NetBIOS - ok
14:19:28.0795 0828 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
14:19:28.0841 0828 NETw3v32 - ok
14:19:28.0966 0828 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:19:28.0982 0828 nfrd960 - ok
14:19:29.0029 0828 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:19:29.0029 0828 NisDrv - ok
14:19:29.0169 0828 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:19:29.0169 0828 Npfs - ok
14:19:29.0216 0828 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:19:29.0216 0828 nsiproxy - ok
14:19:29.0387 0828 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:19:29.0403 0828 Ntfs - ok
14:19:29.0497 0828 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:19:29.0497 0828 ntrigdigi - ok
14:19:29.0543 0828 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:19:29.0543 0828 Null - ok
14:19:29.0575 0828 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:19:29.0575 0828 nvraid - ok
14:19:29.0606 0828 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:19:29.0606 0828 nvstor - ok
14:19:29.0731 0828 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:19:29.0731 0828 nv_agp - ok
14:19:29.0746 0828 NwlnkFlt - ok
14:19:29.0777 0828 NwlnkFwd - ok
14:19:29.0824 0828 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:19:29.0824 0828 ohci1394 - ok
14:19:30.0011 0828 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:19:30.0011 0828 Parport - ok
14:19:30.0058 0828 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:19:30.0074 0828 partmgr - ok
14:19:30.0199 0828 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:19:30.0199 0828 Parvdm - ok
14:19:30.0261 0828 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:19:30.0261 0828 pci - ok
14:19:30.0355 0828 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
14:19:30.0355 0828 pciide - ok
14:19:30.0448 0828 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
14:19:30.0464 0828 pcmcia - ok
14:19:30.0589 0828 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:19:30.0604 0828 PEAUTH - ok
14:19:30.0729 0828 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
14:19:30.0729 0828 pnarp - ok
14:19:30.0838 0828 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:19:30.0838 0828 PptpMiniport - ok
14:19:30.0932 0828 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:19:30.0932 0828 Processor - ok
14:19:31.0041 0828 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:19:31.0041 0828 PSched - ok
14:19:31.0135 0828 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
14:19:31.0135 0828 purendis - ok
14:19:31.0213 0828 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
14:19:31.0213 0828 PxHelp20 - ok
14:19:31.0337 0828 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:19:31.0384 0828 ql2300 - ok
14:19:31.0447 0828 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:19:31.0447 0828 ql40xx - ok
14:19:31.0571 0828 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:19:31.0571 0828 QWAVEdrv - ok
14:19:31.0634 0828 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:19:31.0634 0828 RasAcd - ok
14:19:31.0696 0828 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:19:31.0696 0828 Rasl2tp - ok
14:19:31.0837 0828 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:19:31.0837 0828 RasPppoe - ok
14:19:31.0899 0828 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:19:31.0899 0828 RasSstp - ok
14:19:31.0961 0828 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:19:31.0961 0828 rdbss - ok
14:19:32.0149 0828 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:19:32.0149 0828 RDPCDD - ok
14:19:32.0242 0828 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:19:32.0242 0828 rdpdr - ok
14:19:32.0305 0828 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:19:32.0305 0828 RDPENCDD - ok
14:19:32.0383 0828 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:19:32.0398 0828 RDPWD - ok
14:19:32.0492 0828 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:19:32.0492 0828 rspndr - ok
14:19:32.0929 0828 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
14:19:32.0929 0828 RTL8169 - ok
14:19:33.0194 0828 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:19:33.0209 0828 sbp2port - ok
14:19:33.0412 0828 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
14:19:33.0412 0828 sdbus - ok
14:19:33.0490 0828 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:19:33.0490 0828 secdrv - ok
14:19:33.0615 0828 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:19:33.0615 0828 Serenum - ok
14:19:33.0693 0828 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:19:33.0693 0828 Serial - ok
14:19:33.0802 0828 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:19:33.0802 0828 sermouse - ok
14:19:33.0865 0828 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
14:19:33.0865 0828 sffdisk - ok
14:19:33.0943 0828 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:19:33.0943 0828 sffp_mmc - ok
14:19:34.0177 0828 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:19:34.0177 0828 sffp_sd - ok
14:19:34.0520 0828 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:19:34.0520 0828 sfloppy - ok
14:19:34.0879 0828 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:19:34.0879 0828 sisagp - ok
14:19:35.0035 0828 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:19:35.0081 0828 SiSRaid2 - ok
14:19:35.0128 0828 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:19:35.0128 0828 SiSRaid4 - ok
14:19:35.0269 0828 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:19:35.0269 0828 Smb - ok
14:19:35.0347 0828 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:19:35.0347 0828 spldr - ok
14:19:35.0627 0828 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:19:35.0643 0828 srv - ok
14:19:35.0924 0828 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:19:35.0924 0828 srv2 - ok
14:19:36.0439 0828 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:19:36.0454 0828 srvnet - ok
14:19:36.0719 0828 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:19:36.0719 0828 swenum - ok
14:19:36.0938 0828 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:19:36.0969 0828 Symc8xx - ok
14:19:37.0000 0828 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:19:37.0000 0828 Sym_hi - ok
14:19:37.0047 0828 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:19:37.0047 0828 Sym_u3 - ok
14:19:37.0328 0828 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
14:19:37.0328 0828 SynTP - ok
14:19:37.0593 0828 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
14:19:37.0609 0828 Tcpip - ok
14:19:38.0201 0828 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
14:19:38.0201 0828 Tcpip6 - ok
14:19:38.0576 0828 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
14:19:38.0576 0828 tcpipreg - ok
14:19:38.0685 0828 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
14:19:38.0685 0828 tdcmdpst - ok
14:19:38.0794 0828 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:19:38.0794 0828 TDPIPE - ok
14:19:38.0857 0828 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:19:38.0857 0828 TDTCP - ok
14:19:39.0044 0828 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:19:39.0044 0828 tdx - ok
14:19:39.0153 0828 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:19:39.0153 0828 TermDD - ok
14:19:39.0309 0828 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
14:19:39.0325 0828 tifm21 - ok
14:19:39.0543 0828 Tosrfcom - ok
14:19:39.0668 0828 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
14:19:39.0668 0828 tosrfec - ok
14:19:39.0839 0828 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
14:19:39.0839 0828 tos_sps32 - ok
14:19:39.0902 0828 TpChoice - ok
14:19:39.0995 0828 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:19:39.0995 0828 tssecsrv - ok
14:19:40.0042 0828 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:19:40.0042 0828 tunmp - ok
14:19:40.0105 0828 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:19:40.0120 0828 tunnel - ok
14:19:40.0307 0828 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
14:19:40.0323 0828 TVALZ - ok
14:19:40.0479 0828 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:19:40.0479 0828 uagp35 - ok
14:19:40.0557 0828 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:19:40.0573 0828 udfs - ok
14:19:40.0775 0828 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:19:40.0775 0828 uliagpkx - ok
14:19:40.0947 0828 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:19:40.0947 0828 uliahci - ok
14:19:41.0025 0828 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:19:41.0025 0828 UlSata - ok
14:19:41.0181 0828 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:19:41.0181 0828 ulsata2 - ok
14:19:41.0306 0828 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:19:41.0306 0828 umbus - ok
14:19:41.0415 0828 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:19:41.0415 0828 USBAAPL - ok
14:19:41.0540 0828 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
14:19:41.0571 0828 usbaudio - ok
14:19:41.0680 0828 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:19:41.0696 0828 usbccgp - ok
14:19:41.0774 0828 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:19:41.0774 0828 usbcir - ok
14:19:41.0899 0828 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:19:41.0899 0828 usbehci - ok
14:19:41.0945 0828 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:19:41.0961 0828 usbhub - ok
14:19:42.0055 0828 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:19:42.0055 0828 usbohci - ok
14:19:42.0133 0828 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:19:42.0133 0828 usbprint - ok
14:19:42.0242 0828 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:19:42.0242 0828 usbscan - ok
14:19:42.0351 0828 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:19:42.0351 0828 USBSTOR - ok
14:19:42.0413 0828 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:19:42.0413 0828 usbuhci - ok
14:19:42.0523 0828 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:19:42.0523 0828 usbvideo - ok
14:19:42.0647 0828 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:19:42.0647 0828 vga - ok
14:19:42.0710 0828 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:19:42.0710 0828 VgaSave - ok
14:19:42.0741 0828 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:19:42.0741 0828 viaagp - ok
14:19:42.0866 0828 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:19:42.0866 0828 ViaC7 - ok
14:19:42.0928 0828 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:19:42.0928 0828 viaide - ok
14:19:43.0022 0828 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:19:43.0022 0828 volmgr - ok
14:19:43.0115 0828 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:19:43.0131 0828 volmgrx - ok
14:19:43.0162 0828 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:19:43.0178 0828 volsnap - ok
14:19:43.0599 0828 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:19:43.0599 0828 vsmraid - ok
14:19:43.0771 0828 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:19:43.0771 0828 WacomPen - ok
14:19:43.0833 0828 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:19:43.0833 0828 Wanarp - ok
14:19:43.0849 0828 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:19:43.0849 0828 Wanarpv6 - ok
14:19:43.0911 0828 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:19:43.0911 0828 Wd - ok
14:19:44.0036 0828 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
14:19:44.0036 0828 WDC_SAM - ok
14:19:44.0129 0828 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:19:44.0145 0828 Wdf01000 - ok
14:19:44.0285 0828 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
14:19:44.0285 0828 WmiAcpi - ok
14:19:44.0426 0828 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:19:44.0426 0828 WpdUsb - ok
14:19:44.0519 0828 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:19:44.0519 0828 ws2ifsl - ok
14:19:44.0644 0828 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:19:44.0660 0828 WUDFRd - ok
14:19:44.0707 0828 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
14:19:44.0785 0828 \Device\Harddisk0\DR0 - ok
14:19:44.0800 0828 Boot (0x1200) (bcaf97a13b1d31bc3778ca91dc7dfa31) \Device\Harddisk0\DR0\Partition0
14:19:44.0800 0828 \Device\Harddisk0\DR0\Partition0 - ok
14:19:44.0816 0828 ============================================================
14:19:44.0816 0828 Scan finished
14:19:44.0816 0828 ============================================================
14:19:44.0831 1640 Detected object count: 0
14:19:44.0831 1640 Actual detected object count: 0
 
Malwarebytes log

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.24.05

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19170
ngan :: HELEN-PC [administrator]

1/24/2012 2:25:08 PM
mbam-log-2012-01-24 (14-25-08).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 340227
Time elapsed: 1 hour(s), 1 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LQWxKGCKoVDdhWT.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\LQWxKGCKoVDdhWT.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\LQWxKGCKoVDdhWT.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\ProgramData\Bp26Blb39DVrGH.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\Users\ngan\AppData\Local\Temp\0ieGm8AZ7E11Y6.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.

(end)
 
After scanning with Malwarebytes and removing infected files, I rebooted into Normal Mode, but the System Check icon is still on my desktop. Does that mean the virus is still there? Just a reminder that ComboFix still isn't able to run on Normal or Safe Mode
 
Do you have the Task Manager and Desktop back? If Unhide restored them, the commands aren't going to apply.

Let's try running the following since Combofix isn't working:
  • Download OTL from one of the links below and save it to your desktop.
    OTL.exe
    OTL.com
    OTL.scr
    You just need one. Sometimes the file extension gets blocked.

    Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
  • Double click the OTL icon to run it.
    OTL_icon.gif
  • The opened console will resemble this:
    OTLv3.1.5.0.gif
  • Set Output at the top to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy the entries in the Codebox below> Paste in the Custom Scan box.
    Code: 
    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
userinit.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Make sure all other windows are closed and to let it run uninterrupted.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
OTL.txt log

OTL logfile created on: 1/25/2012 10:51:44 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ngan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.62% Memory free
4.22 Gb Paging File | 3.20 Gb Available in Paging File | 75.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 53.20 Gb Free Space | 48.22% Space Free | Partition Type: NTFS

Computer Name: HELEN-PC | User Name: ngan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ngan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Dell AIO Printer A920\DLBKbmgr.exe (Dell)
PRC - C:\Program Files\Dell AIO Printer A920\DLBKbmon.exe (Dell)
PRC - C:\Windows\System32\dlbkcoms.exe ( )
PRC - C:\Toshiba\IVP\ISM\pinger.exe ()
PRC - C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Logitech\QuickCam\LAppRes.DLL ()
MOD - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll ()
MOD - C:\Program Files\Logitech\QuickCam\EFVal.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
MOD - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Program Files\Toshiba\Utilities\KeNotify.exe ()


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
SRV - (avgfws) -- C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (dlbk_device) -- C:\Windows\System32\dlbkcoms.exe ( )
SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (purendis) -- C:\Windows\System32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\Windows\System32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUVC) QuickCam Communicate Deluxe(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z134&install_date=20111112
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z134&install_date=20111112"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {D7B3796E-B384-4685-AE12-F8EC49B8B3DE}:1.9.1
FF - prefs.js..extensions.enabledItems: avg@toolbar:8.0.0.34.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1829
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4ce5d87e&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\ngan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/10 14:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/10 14:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/18 22:35:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/08 23:50:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/29 13:22:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D7B3796E-B384-4685-AE12-F8EC49B8B3DE}: C:\Users\ngan\AppData\Local\{D7B3796E-B384-4685-AE12-F8EC49B8B3DE} [2011/06/13 21:33:11 | 000,000,000 | ---D | M]

[2008/08/03 18:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Extensions
[2012/01/11 13:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions
[2012/01/11 13:57:09 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/09/28 13:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions\{1392B8D2-5C05-419F-A8F6-B9F15A596612}-TRASH
[2010/04/27 15:13:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/11 19:28:27 | 000,000,000 | ---D | M] (BFlix Toolbar) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}
[2009/01/12 15:01:01 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions\moveplayer@movenetworks.com
[2011/11/11 19:28:58 | 000,001,945 | ---- | M] () -- C:\Users\ngan\AppData\Roaming\Mozilla\Firefox\Profiles\pzctg0ec.default\searchplugins\bing-zugo.xml
[2011/11/30 19:53:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/18 22:35:07 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
[2011/06/13 21:33:11 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\NGAN\APPDATA\LOCAL\{D7B3796E-B384-4685-AE12-F8EC49B8B3DE}
[2012/01/08 23:50:02 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/18 22:34:17 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/08 23:49:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/01/08 23:49:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\ngan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Entanglement = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: DivX HiQ = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: AVG Safe Search = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\
CHR - Extension: Poppit = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files\bflixtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files\bflixtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dlbkbmgr.exe] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" File not found
O4 - HKCU..\Run: [Spotify] C:\Users\ngan\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F334C34-DA0E-4CC7-9B30-DD2FF09902A1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ngan\Pictures\desktopbackground\geminitowers.jpg
O24 - Desktop BackupWallPaper: C:\Users\ngan\Pictures\desktopbackground\geminitowers.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 22:48:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\ngan\Desktop\OTL.exe
[2012/01/24 17:42:57 | 000,000,000 | --SD | C] -- C:\myapp
[2012/01/23 00:48:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/23 00:48:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/23 00:48:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/23 00:48:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/23 00:44:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/22 23:38:21 | 000,000,000 | ---D | C] -- C:\Users\ngan\AppData\Roaming\AVG2012
[2012/01/22 00:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/01/22 00:16:54 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/01/22 00:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/22 00:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/22 00:15:40 | 000,000,000 | ---D | C] -- C:\Users\ngan\AppData\Roaming\TestApp
[2012/01/21 20:49:47 | 000,100,864 | ---- | C] (GMER) -- C:\awtoipow.sys
[2012/01/18 22:34:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\cache
[2012/01/07 15:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2012/01/05 15:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/05 15:56:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/05 15:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/01/05 15:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/01/05 14:58:09 | 000,000,000 | ---D | C] -- C:\Users\ngan\AppData\Roaming\AVG
[2010/03/06 16:23:24 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbkserv.dll
[2010/03/06 16:23:24 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbkusb1.dll
[2010/03/06 16:23:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbkpmui.dll
[2010/03/06 16:23:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbklmpm.dll
[2010/03/06 16:23:24 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbkinpa.dll
[2010/03/06 16:23:24 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbkiesc.dll
[2010/03/06 16:23:24 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBKhcp.dll
[2010/03/06 16:23:24 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkprox.dll
[2010/03/06 16:23:24 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbkpplc.dll
[2010/03/06 16:23:23 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbkhbn3.dll
[2010/03/06 16:23:23 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomc.dll
[2010/03/06 16:23:23 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbkcoms.exe
[2010/03/06 16:23:23 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbkih.exe
[2010/03/06 16:23:23 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbkcfg.exe
[2010/03/06 16:23:23 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbkcu.dll
[2010/03/06 16:22:54 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomm.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/25 22:48:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ngan\Desktop\OTL.exe
[2012/01/25 22:43:31 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/25 22:43:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/25 21:45:25 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 21:45:25 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 14:39:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/24 14:16:41 | 000,000,842 | ---- | M] () -- C:\Users\ngan\Desktop\iExplore - Shortcut.lnk
[2012/01/24 01:40:42 | 000,000,680 | ---- | M] () -- C:\Users\ngan\AppData\Local\d3d9caps.dat
[2012/01/22 23:05:32 | 000,684,297 | ---- | M] () -- C:\Users\ngan\Desktop\unhide.exe
[2012/01/22 00:20:43 | 002,266,381 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/01/21 20:49:47 | 000,100,864 | ---- | M] (GMER) -- C:\awtoipow.sys
[2012/01/21 19:07:08 | 000,130,716 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/01/21 14:18:30 | 000,000,272 | ---- | M] () -- C:\ProgramData\~Bp26Blb39DVrGH
[2012/01/21 14:18:30 | 000,000,168 | ---- | M] () -- C:\ProgramData\~Bp26Blb39DVrGHr
[2012/01/21 00:35:11 | 000,000,440 | ---- | M] () -- C:\ProgramData\Bp26Blb39DVrGH
[2012/01/18 15:48:16 | 000,621,032 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/01/11 21:57:53 | 000,000,894 | -HS- | M] () -- C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut
[2012/01/11 21:57:53 | 000,000,894 | -HS- | M] () -- C:\ProgramData\075x22s613657qe7ud702ut
[2012/01/11 16:19:02 | 000,185,560 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/01/11 13:55:32 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/11 13:55:31 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/30 21:29:06 | 000,145,920 | ---- | M] () -- C:\Users\ngan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 14:16:41 | 000,000,842 | ---- | C] () -- C:\Users\ngan\Desktop\iExplore - Shortcut.lnk
[2012/01/23 00:48:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/23 00:48:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/23 00:48:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/23 00:48:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/23 00:48:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/22 23:04:39 | 000,684,297 | ---- | C] () -- C:\Users\ngan\Desktop\unhide.exe
[2012/01/22 00:17:32 | 002,266,381 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/01/21 14:18:30 | 000,000,168 | ---- | C] () -- C:\ProgramData\~Bp26Blb39DVrGHr
[2012/01/21 14:18:29 | 000,000,272 | ---- | C] () -- C:\ProgramData\~Bp26Blb39DVrGH
[2012/01/21 00:31:43 | 000,000,440 | ---- | C] () -- C:\ProgramData\Bp26Blb39DVrGH
[2012/01/11 21:57:53 | 000,000,894 | -HS- | C] () -- C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut
[2012/01/11 21:57:53 | 000,000,894 | -HS- | C] () -- C:\ProgramData\075x22s613657qe7ud702ut
[2011/06/13 21:33:12 | 000,000,120 | ---- | C] () -- C:\Users\ngan\AppData\Local\Aqovaripec.dat
[2011/06/13 21:33:12 | 000,000,000 | ---- | C] () -- C:\Users\ngan\AppData\Local\Fbilesicog.bin
[2011/06/13 21:32:55 | 000,000,004 | ---- | C] () -- C:\Users\ngan\AppData\Roaming\mlog
[2011/05/11 21:53:41 | 000,011,004 | -HS- | C] () -- C:\Users\ngan\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/11 21:53:41 | 000,011,004 | -HS- | C] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/08 18:10:09 | 000,011,784 | -HS- | C] () -- C:\Users\ngan\AppData\Local\m32esmfe7c4o462rx2yg3t247
[2011/05/08 18:10:09 | 000,011,784 | -HS- | C] () -- C:\ProgramData\m32esmfe7c4o462rx2yg3t247
[2011/04/09 17:50:40 | 000,000,680 | ---- | C] () -- C:\Users\ngan\AppData\Local\d3d9caps.dat
[2010/12/16 15:00:13 | 000,000,020 | ---- | C] () -- C:\Windows\System32\AVGRSSTX.DLL
[2010/09/21 20:36:45 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/09/21 20:36:45 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/04/28 18:13:43 | 000,000,760 | ---- | C] () -- C:\Users\ngan\AppData\Roaming\setup_ldm.iss
[2010/04/17 16:15:31 | 000,000,255 | ---- | C] () -- C:\Windows\System32\dlbkcoin.ini
[2010/03/06 16:26:34 | 000,000,444 | ---- | C] () -- C:\Windows\dellstat.ini
[2010/03/06 16:23:24 | 000,462,848 | ---- | C] () -- C:\Windows\System32\dlbkjswr.dll
[2010/03/06 16:23:24 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbkutil.dll
[2010/03/06 16:23:24 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBKinst.dll
[2010/03/06 16:23:24 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbkinsb.dll
[2010/03/06 16:23:23 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbkcur.dll
[2010/03/06 16:22:55 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv5.dll
[2010/03/06 16:22:55 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv4.dll
[2010/03/06 16:22:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbkvs.dll
[2010/03/06 16:22:55 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2010/03/06 16:22:54 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbkcoin.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/30 12:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/30 12:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/02/21 21:21:48 | 000,000,000 | ---- | C] () -- C:\Windows\CastleMalloy.INI
[2008/11/16 12:55:05 | 000,000,000 | ---- | C] () -- C:\Users\ngan\AppData\Roaming\wklnhst.dat
[2008/11/03 21:03:29 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/21 09:10:45 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/08/06 09:00:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/03 13:54:33 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2008/08/03 10:20:53 | 000,000,052 | ---- | C] () -- C:\Windows\intuprof.ini
[2008/08/03 10:20:48 | 000,000,638 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/08/02 11:31:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/22 19:53:16 | 000,145,920 | ---- | C] () -- C:\Users\ngan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/20 17:41:19 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/07/20 17:41:19 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/20 11:16:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/20 11:16:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/20 11:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/20 11:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/20 11:16:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/20 11:16:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/20 11:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2008/02/20 11:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2008/02/20 11:03:54 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/02/18 18:43:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/18 18:36:45 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2008/02/18 18:33:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/18 18:33:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/18 18:33:34 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/18 18:33:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/18 17:31:59 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/10/11 17:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/09/13 14:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 14:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 14:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 14:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,370,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/11/23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/12/28 17:42:24 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Amazon
[2012/01/05 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\AVG
[2011/10/17 14:46:54 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\AVG10
[2012/01/22 23:38:21 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\AVG2012
[2010/06/29 12:27:07 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Facebook
[2011/11/11 20:00:57 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\FreeTorrentDownloader
[2010/12/10 14:11:28 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Local
[2011/12/01 19:27:25 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Smart PDF Creator
[2012/01/25 13:54:21 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Spotify
[2008/11/16 12:55:09 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Template
[2012/01/22 00:15:40 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\TestApp
[2012/01/24 16:23:34 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\TOSHIBA
[2008/07/20 21:35:56 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Ulead Systems
[2008/08/03 08:10:21 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\WinBatch
[2012/01/25 01:01:21 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/28 22:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 19:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 18:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 18:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 18:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 18:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 18:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB56859$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
 
Extras.txt log

OTL Extras logfile created on: 1/25/2012 10:51:44 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ngan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.62% Memory free
4.22 Gb Paging File | 3.20 Gb Available in Paging File | 75.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 53.20 Gb Free Space | 48.22% Space Free | Partition Type: NTFS

Computer Name: HELEN-PC | User Name: ngan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{398B1DC2-C042-46AC-8A67-1B4574303AF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A56279F2-3031-4267-86D2-B56D52EC7177}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC1BB86-E0AD-465C-B45D-35E0F8E4A868}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{14AE7395-C9F0-4304-9FE2-7579F17B4E95}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{174C72AC-9C9F-4CC1-86CB-706D845C6DF2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C0902E2-17EF-4102-BF7F-0B7281335E37}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{258DB9D0-7835-4746-A6DF-03B972EE5508}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B4832A2-0434-4F97-B5E8-3DCBD50325D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{371DC240-8433-44C9-B014-F0531C2307A5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3DC0C587-9DA3-451C-9F87-1EE97AADEA20}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{401F93C5-F93E-41DD-A834-844CF0EFA04C}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{43E81AC1-3EF9-477E-AA87-91CB7E128D20}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4AD7ED50-5937-4C2C-9F9C-2C38C74D2446}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlbkpswx.exe |
"{5A59C134-059D-4683-888B-DE478966B7D5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{6842464A-6399-4481-B2FE-E147B672E6CD}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlbkpswx.exe |
"{69FA89BF-8671-4258-9073-FEBB0AB579BA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{6AF5BE6B-1DDB-4EC0-AA32-5831B7BD2BF8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{6ED71597-596A-41A4-B5CB-FA0148D61D57}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{7E175359-5DD2-4F54-B412-8FF3E6ABA42C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{83B5BEC5-C059-4FA5-84FE-D3D7FA71DFFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DA175B7-BBDA-426A-8255-98FE64DF5D73}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B1D88B60-F8DD-4414-B3F7-CF3475DC148D}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{B5285455-5AE9-4CF4-A5BF-38EACF168374}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{B83C56B7-380F-4D78-948D-FB2FE23BCB34}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BA82EA2F-9EAD-4287-84C2-52B74346241E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{C2661AF4-7818-4BD6-85B3-0E05A9972D82}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{D0347EA0-C320-448D-8733-08069253B32D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DB58E51C-310D-4AE6-B8BB-3D7291EA0312}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{E70A27E7-3096-4C97-8B6F-8F09143622CA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F98A348A-8855-4B8D-B11C-3E249C21C51A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FD4A682D-0163-40A6-A964-A6BF3048D706}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"TCP Query User{0EF4B91D-0F5F-46F5-9D94-76C3E1DC696E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{33CB5FB4-802C-4D28-8685-F5C60DC503C4}C:\users\ngan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ngan\appdata\roaming\spotify\spotify.exe |
"TCP Query User{3E502BCF-A0C3-4DCE-9193-0B17EFAEDF2A}E:\techwizard.exe" = protocol=6 | dir=in | app=e:\techwizard.exe |
"TCP Query User{76DAF091-BEEB-410D-9E02-A19F06D39698}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C31ED26C-F95D-4E26-BBF8-1EADFB85D9BF}C:\program files\freetorrentdownloader\freetorrentdownloader.exe" = protocol=6 | dir=in | app=c:\program files\freetorrentdownloader\freetorrentdownloader.exe |
"UDP Query User{1093D98D-54D2-4693-9120-B544F7C115A9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{209302F2-CD3C-4BB2-B43E-ECCCE2415E2D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{AB8E1920-4504-4D8B-85CA-645241823A9E}E:\techwizard.exe" = protocol=17 | dir=in | app=e:\techwizard.exe |
"UDP Query User{C8E2014F-D49E-439C-86A1-A9CF9EFB8200}C:\users\ngan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ngan\appdata\roaming\spotify\spotify.exe |
"UDP Query User{DA279425-05F5-4B48-A17C-BC4180AA04E7}C:\program files\freetorrentdownloader\freetorrentdownloader.exe" = protocol=17 | dir=in | app=c:\program files\freetorrentdownloader\freetorrentdownloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700" = Canon iP1700
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90AE0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Organization Chart 2.0
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CC4C261A-B915-4F23-BD23-7E1AE5713B4E}" = Vz In Home Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"bflixtoolbar" = BFlix Toolbar
"Canon iP1700 User Registration" = Canon iP1700 User Registration
"CanonMyPrinter" = Canon My Printer
"Dell AIO Printer A920" = Dell AIO Printer A920
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.1" = Freecorder
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Help and Support" = Verizon Help and Support Tool
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/18/2010 6:02:33 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/18/2010 6:02:33 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32931390

Error - 9/18/2010 6:02:33 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32931390

Error - 9/18/2010 6:02:34 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/18/2010 6:02:34 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32932388

Error - 9/18/2010 6:02:34 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32932388

Error - 9/18/2010 6:02:35 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/18/2010 6:02:35 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32933418

Error - 9/18/2010 6:02:35 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32933418

Error - 9/18/2010 6:02:36 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Media Center Events ]
Error - 11/15/2008 4:08:43 PM | Computer Name = Helen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/30/2009 2:39:57 PM | Computer Name = Helen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/30/2009 12:06:47 AM | Computer Name = Helen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/20/2009 11:17:57 PM | Computer Name = Helen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/25/2012 5:01:10 AM | Computer Name = Helen-PC | Source = DCOM | ID = 10010
Description =

Error - 1/25/2012 5:43:25 PM | Computer Name = Helen-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 1/25/2012 5:44:29 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/25/2012 5:44:29 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/25/2012 5:44:29 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/25/2012 5:44:29 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/25/2012 5:44:29 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/25/2012 5:53:07 PM | Computer Name = Helen-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.119.373.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error
code: 0x80096001 Error description: A system-level error occurred while verifying
trust.

Error - 1/25/2012 9:55:31 PM | Computer Name = Helen-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.119.373.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error
code: 0x80096001 Error description: A system-level error occurred while verifying
trust.

Error - 1/26/2012 2:53:50 AM | Computer Name = Helen-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.119.373.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error
code: 0x80096001 Error description: A system-level error occurred while verifying
trust.


< End of report >
 
Okay, I have script set up to run in OTL, but there are errors indicating there might be an activation problem. Let's check that out first as there are an exceptional number of entries to remove:

Please run the MGA Diagnostics tool
  • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
  • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
  • You must choose to Run this tool when prompted.
  • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
  • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
  • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
  • Please return to this thread and Paste the results here for review.
------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
 
The Resolve Button did not show up, so this is just the MGA Diagnostics. I took out the Product Key and Product ID:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012

Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=

Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {589CE5F3-BCE1-45A9-BA30-D330CDF1CC28}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.111025-0338
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Allowed
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{589CE5F3-BCE1-45A9-BA30-D330CDF1CC28}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-2397746768-2885083860-4240868168</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite A205</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V2.20</Version><SMBIOSVersion major="2" minor="4"/><Date>20080310000000.000000+000</Date></BIOS><HWID>A6323507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B90A82CB9436500</Val><Hash>QkyZNrhgPP7BeMX/VkVt7x/e8Zg=</Hash><Pid>73931-640-1545006-57628</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500237-02-1033-6001.0000-2022008
Installation ID: 021031851315911800272176831322876354573851108312068914
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: RJ34F
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: OAAAAAEABAABAAIAAQABAAAAAwABAAEAJJQcldS/cscoSwYMRoOuZdYA4N/y9OZJBPO20KxWsg0=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC INTEL CRESTLNE
FACP TOSCPL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
TCPA Intel CRESTLNE
TMOR PTLTD
SLIC TOSCPL TOSCPL00
OSFR TOSHIB A+2nd ID
APIC INTEL CRESTLNE
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
 
Lots to copy here- be sure you get it all:
OTL Custom Scan Fixes
  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
    Code: 
    :OTL
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
[2008/08/03 18:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Extensions
[2012/01/11 13:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions
[2012/01/11 13:57:09 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/09/28 13:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{1392B8D2-5C05-419F-A8F6-B9F15A596612}-TRASH
[2011/11/11 19:28:27 | 000,000,000 | ---D | M] (BFlix Toolbar) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}
[2011/11/11 19:28:58 | 000,001,945 | ---- | M] () -- C:\Users\ngan\AppData\Roaming\Mozilla\Firefox\Profiles\pzctg0ec.default\sea rchplugins\bing-zugo.xml
[2012/01/08 23:49:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O2 - BHO: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files\bflixtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files\bflixtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
[2012/01/21 14:18:30 | 000,000,272 | ---- | M] () -- C:\ProgramData\~Bp26Blb39DVrGH
[2012/01/21 14:18:30 | 000,000,168 | ---- | M] () -- C:\ProgramData\~Bp26Blb39DVrGHr
[2012/01/21 00:35:11 | 000,000,440 | ---- | M] () -- C:\ProgramData\Bp26Blb39DVrGH
[2012/01/11 21:57:53 | 000,000,894 | -HS- | M] () -- C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut
[2012/01/11 21:57:53 | 000,000,894 | -HS- | M] () -- C:\ProgramData\075x22s613657qe7ud702ut
[2012/01/11 21:57:53 | 000,000,894 | -HS- | C] () -- C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut
[2012/01/11 21:57:53 | 000,000,894 | -HS- | C] () -- C:\ProgramData\075x22s613657qe7ud702ut
[2011/06/13 21:33:12 | 000,000,120 | ---- | C] () -- C:\Users\ngan\AppData\Local\Aqovaripec.dat
[2011/06/13 21:33:12 | 000,000,000 | ---- | C] () -- C:\Users\ngan\AppData\Local\Fbilesicog.bin
2011/05/11 21:53:41 | 000,011,004 | -HS- | C] () -- C:\Users\ngan\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/11 21:53:41 | 000,011,004 | -HS- | C] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/08 18:10:09 | 000,011,784 | -HS- | C] () -- C:\Users\ngan\AppData\Local\m32esmfe7c4o462rx2yg3t247
[2011/05/08 18:10:09 | 000,011,784 | -HS- | C] () -- C:\ProgramData\m32esmfe7c4o462rx2yg3t247
[2008/02/18 17:31:59 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[C:\Windows\$NtUninstallKB56859$] -> -> Unknown point type
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
helpfile [open] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" =-
"VistaSp2" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bflixtoolbar" =-
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" =-
"bflixtoolbar" =-
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.1" =-
:Files
:Commands
[purity]
[emptyjava]
[resethosts]
[CreateRestorePoint]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
==========================================
You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that
    a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
===========================================
Please leave new log for OTL in new reply.
 
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
C:\Program Files\Freecorder\prxtbFre2.dll moved successfully.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
C:\Users\ngan\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Users\ngan\AppData\Roaming\mozilla\Extensions folder moved successfully.
Folder C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\ not found.
Folder C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Folder C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{1392B8D2-5C05-419F-A8F6-B9F15A596612}-TRASH\ not found.
Folder C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ not found.
File C:\Users\ngan\AppData\Roaming\Mozilla\Firefox\Profiles\pzctg0ec.default\sea rchplugins\bing-zugo.xml not found.
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old moved successfully.
::1 localhost removed from HOSTS file successfully
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ deleted successfully.
C:\Program Files\bflixtoolbar\vmntemplateX.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ not found.
File C:\Program Files\bflixtoolbar\vmntemplateX.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre2.dll not found.
C:\ProgramData\~Bp26Blb39DVrGH moved successfully.
C:\ProgramData\~Bp26Blb39DVrGHr moved successfully.
C:\ProgramData\Bp26Blb39DVrGH moved successfully.
C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut moved successfully.
C:\ProgramData\075x22s613657qe7ud702ut moved successfully.
File C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut not found.
File C:\ProgramData\075x22s613657qe7ud702ut not found.
C:\Users\ngan\AppData\Local\Aqovaripec.dat moved successfully.
C:\Users\ngan\AppData\Local\Fbilesicog.bin moved successfully.
C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62 moved successfully.
C:\Users\ngan\AppData\Local\m32esmfe7c4o462rx2yg3t247 moved successfully.
C:\ProgramData\m32esmfe7c4o462rx2yg3t247 moved successfully.
C:\Windows\fdbpinger.exe moved successfully.
Unable to remove Unknown point type C:\Windows\$NtUninstallKB56859$
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp2 scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\bflixtoolbar not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{63A6E9A9-A190-46D4-9430-2DB28654AFD8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63A6E9A9-A190-46D4-9430-2DB28654AFD8}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\bflixtoolbar not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\"Freecorder Toolbar" | Freecorder Toolbar /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Freecorder4.1 not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest

User: ngan
->Java cache emptied: 1469386 bytes

User: Public

Total Java Files Cleaned = 1.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


OTL by OldTimer - Version 3.2.31.0 log created on 02022012_173937

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp2 scheduled to be deleted on reboot.
 
Status
Not open for further replies.

Similar threads

R
Solved Norton blocked attack by: System Infected: Miner.Bitcoinminer Activity #
2
Replies
32
Views
3K
Broni
Broni
Marlo Walker
Nvidia GPU (GTX 1060 6gb) not detected by system
Replies
1
Views
1K
Marlo Walker
Marlo Walker
Scorpus
Nvidia app launches in beta: Nvidia's new GPU control panel is much faster, no log in...
2
Replies
28
Views
608
RaXelliX
R

Latest posts

Back