Solved Slow laptop because of virus(es)

[NoobOfLameness]

I'm not exactly sure all the information I should include but...

I have a Toshiba Satellite T115-S1100 running Windows 7 Home Premium 32-bit. Installed on laptop are AVG Anti-Virus Free Edition 2012, avast! Free Antivirus, and Symantec Endpoint Protection Small Business Edition. Initially, I did not know the potentially harmful effects of having all of these at once. I know now that I should only have one of these, after attempting to search for solutions to my problem. After much searching, I realized that many of the possible solutions did not match my exact situation. There were a few valuable pieces of advice that were bought to my attention. I knew that I should not delete any programs, and that the posted solutions were often meant for only the posters.

Both AVG and Symantec had been on my laptop for quite a while now, at least for one year. On July 22, 2012, I installed avast! onto my computer. For almost a week, there had been no problems brought to my attention. But Friday, July 27, 2012 was when the problems began, and continue today. I do not know what I did to cause these problems on my laptop, but they are here now. As a brief side note, AVG did not have similar notifications, or any for that matter.

Every time I start up my laptop, a window labeled "Symantec AntiVirus Detection Results" pops up, listing numerous risks that it has found. There are hundreds and possibly thousands of these risks listed. Each entry is nearly the same except for the file name and the date and time they were quarantined. The file names are trz****.tmp, where **** represents a combination of letters and numbers. It tells me that the risk is "Trojan.Gen", that each one is "quarantined" or "pending analysis" (although the vast majority are pending analysis), and that the risk type is "file", that the original location is C:\ProgramData\SYMANTEC\SRTSP\Quarantine\, along with several other pieces of information (computer, user, status, primary and secondary actions, and what it was logged by).

In addition to the window from Symantec, I get notifications from avast! telling me every few seconds that a dropper has been blocked. These notifications say that avast! File System Shield has blocked a threat and that no further action is required. The object is C:\PROGRA~2\SYMANTEC\SRTSP\Quarantine\APQ****.tmp, where **** represents a combination of numbers and letters. The infection is MSIL: Dropper-RS [Drp]. The action is not specified, and the process is C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe.

I have scanned my laptop a couple times from the time I first received the notifications with Malwarebytes Anti-Malware and avast!. Both were updated, and both found risks, but not even close to the number of risks that had been detected.

Ever since I began to receive these notifications, my laptop has slowed drastically. Documents, files, etc. take much longer to open than they normally would. Internet connection, too, has been spotty and slow, with some pages, including YouTube videos, unable to be displayed. The CPU runs at 100% constantly. Full systems scans that would usually take around two hours now take over eight hours.

I apologize for the length of this initial post, but I wanted to be sure that I included as much information as I could. I will appreciate all help that I receive.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================

You must uninstall TWO of your AV programs to start with.
If AVG is one of them use AVG Remover: http://www.avg.com/us-en/utilities
If Norton is another one to remove use this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

When done...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[NoobOfLameness]

I have successfully uninstalled AVG from my laptop. However, I cannot uninstall Symantec. I open the Norton Removal Tool, and it tells me to remove Symantec through Add/Remove Programs before I can use it. But when I do this, Symantec is still on my laptop, and I cannot use the Norton Removal Tool.

 

[Broni]

That's fine. We'll remove Norton leftovers manually a bit later.
Go on....

 

[NoobOfLameness]

Alright. Here's the log from Malwarebytes.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.12

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Michelle :: MICHELLE-PC [administrator]

8/6/2012 3:31:29 PM
mbam-log-2012-08-06 (15-31-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 190033
Time elapsed: 1 hour(s), 8 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[NoobOfLameness]

And the Gmer log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-06 17:31:56
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.FG00
Running: el86hht2.exe; Driver: C:\Users\Michelle\AppData\Local\Temp\kwtyqkob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9970C744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

[NoobOfLameness]

Uh oh...I just realized that I forgot to disconnect from the Internet when I ran GMER...Is that alright, or should I run it again?

 

[Broni]

You're OK.

 

[NoobOfLameness]

I don't know if this is relevant, but the notifications from both avast! and Symantec stopped showing new risk detections after I re-enabled them.

 

[Broni]

Go on...

 

[NoobOfLameness]

I disabled both avast! and Symantec to run GMER. After I re-enabled them, the notifications from avast! about droppers stopped popping up. As for those from Symantec, there weren't any new detections in the Symantec AntiVirus Detection Results window. It only had the ones it had already detected.

 

[NoobOfLameness]

From DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Michelle at 18:14:06 on 2012-08-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1913.929 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-

ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-

96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\System32\TUProgSt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files

\avg\avg2012\avgdtiex.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:

\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files

\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:

\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-

1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:

\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:

\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files

\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files

\avast software\avast\aswWebRepIE.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent

\cAudioFilterAgent.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station

\ToshibaServiceStation.exe" /hide:60
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [ConexantAudioPatch] %ProgramFiles%\ConexantAudioPatch\Audioreset.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office

\office12\GrooveMonitor.exe"
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component

\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-

65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-

E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-

F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-

87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-

96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{382F570D-DAFC-4E85-94E9-592DD3F664FF} : DhcpNameServer =

192.168.1.1
TCP: Interfaces\{382F570D-DAFC-4E85-94E9-592DD3F664FF}\2375942554036323 :

DhcpNameServer = 192.168.1.254
TCP: Interfaces\{382F570D-DAFC-4E85-94E9-592DD3F664FF}\34F435D4F435 :

DhcpNameServer = 192.168.1.1
TCP: Interfaces\{382F570D-DAFC-4E85-94E9-592DD3F664FF}\4656661657C647 :

DhcpNameServer = 192.168.0.1
TCP: Interfaces\{382F570D-DAFC-4E85-94E9-

592DD3F664FF}\B696070726169716275616F577966696 : DhcpNameServer = 172.20.107.10
TCP: Interfaces\{382F570D-DAFC-4E85-94E9-592DD3F664FF}\D4164747865677 :

DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program

files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows

live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:

\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my

toshiba\MyToshiba.exe /SETUP
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michelle\appdata\roaming\mozilla\firefox\profiles

\id2aom75.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9d9b4445-8834-

4989-b890-59dd78c30a39%7D&mid=04e20c54f79b47d1b4d3d16fd89b47d7-

2ad78f517ad8eaec4c9e5364c7525c36bf78fa83&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-

06-03%2020%3A59%3A03&sap=ku&q=
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff11.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff12.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys

[2009-6-29 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows

\system32\drivers\Thpevm.sys [2009-6-29 13120]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-21 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-21 353688]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys

[2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-21 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-21

57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast

\AvastSvc.exe [2012-7-21 44808]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree

\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree

\CFSvcs.exe [2009-3-10 46448]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec

\symantec endpoint protection\Rtvscan.exe [2009-4-22 1768376]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device

Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec

shared\eengine\EraserUtilRebootDrv.sys [2012-6-1 106656]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows

\system32\drivers\IntcHdmi.sys [2009-7-10 122880]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller

(NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-7-27 51712]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-

11-5 24064]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys

[2009-6-15 9216]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers

\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-

3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update

\GoogleUpdate.exe [2011-8-7 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows

\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows

\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-29 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family

safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update

\GoogleUpdate.exe [2011-8-7 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla

maintenance service\maintenanceservice.exe [2012-6-10 129976]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers

\RtsUStor.sys [2009-11-5 171520]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
.
=============== Created Last 30 ================
.
2012-08-06 19:45:24 -------- d-----w- c:\users\michelle

\appdata\local\{BFCC8F26-1A65-4E47-9028-005DEA962E36}
2012-08-06 19:43:01 -------- d-----w- c:\users\michelle

\appdata\local\{6A30CF48-7E03-446A-9036-ADDF3FA2CB0D}
2012-08-06 07:37:34 -------- d-----w- c:\users\michelle

\appdata\local\{9CB4E815-E8D2-4BA3-8D96-141B77ED44CC}
2012-08-06 07:36:48 -------- d-----w- c:\users\michelle

\appdata\local\{C1094033-F728-493F-9BA2-C677B13ECF98}
2012-08-05 19:32:29 -------- d-----w- c:\users\michelle

\appdata\local\{86D364AD-C3B7-40D0-89BF-403335074F90}
2012-08-05 19:31:17 -------- d-----w- c:\users\michelle

\appdata\local\{8C6CFAC0-4F9B-4E39-A108-72608CADE4D1}
2012-08-04 23:10:07 -------- d-----w- c:\users\michelle

\appdata\local\{04AE7EEB-2DD0-4FE8-9CC0-837944E8D7B6}
2012-08-04 23:09:02 -------- d-----w- c:\users\michelle

\appdata\local\{DF4AB77E-B1C0-4785-8E0A-88E48862EB6A}
2012-08-04 06:46:26 -------- d-----w- c:\users\michelle

\appdata\local\{639F7353-176C-427A-863D-BEFC4DA1412A}
2012-08-04 06:45:41 -------- d-----w- c:\users\michelle

\appdata\local\{EA3191D3-CC56-4111-A45A-88DA696AD975}
2012-08-03 18:38:41 -------- d-----w- c:\users\michelle

\appdata\local\{CEB88A37-720B-46A0-B331-B7D5B70D824E}
2012-08-03 06:05:22 -------- d-----w- c:\users\michelle

\appdata\local\{FC3EAC80-C181-4D50-874A-E591562B24CA}
2012-08-03 06:03:09 -------- d-----w- c:\users\michelle

\appdata\local\{942E9982-FEC8-4D4D-A962-178EF1F40493}
2012-08-02 03:42:13 -------- d-----w- c:\users\michelle

\appdata\local\{B351B129-36CC-490B-9232-490B8D38764D}
2012-08-02 03:41:25 -------- d-----w- c:\users\michelle

\appdata\local\{03AFDB20-0078-48F4-AA74-208B313CAC61}
2012-08-01 05:59:30 -------- d-----w- c:\users\michelle

\appdata\local\{9C0BB5B5-1B58-4FE8-B760-3FE88463401E}
2012-08-01 05:59:09 -------- d-----w- c:\users\michelle

\appdata\local\{9885D7E0-76EB-4A3B-8232-F56FBD399476}
2012-07-31 17:57:22 -------- d-----w- c:\users\michelle

\appdata\local\{F4F384A6-D090-49B0-BE23-07D6546EE1F5}
2012-07-31 17:56:52 -------- d-----w- c:\users\michelle

\appdata\local\{8C62F073-1518-4077-A3C8-0D9DDC87B764}
2012-07-31 00:50:45 -------- d-----w- c:\users\michelle

\appdata\local\{8C41AB20-6846-4369-81F9-69482321D973}
2012-07-31 00:49:34 -------- d-----w- c:\users\michelle

\appdata\local\{859D9E42-5EDE-4CBC-B04E-0FD76B7F85C2}
2012-07-30 05:42:05 -------- d-----w- c:\users\michelle

\appdata\local\{388C799C-640B-4860-9E9B-A82C4580960D}
2012-07-30 05:40:42 -------- d-----w- c:\users\michelle

\appdata\local\{526A6071-315A-453C-BBA0-6B0AE19807FA}
2012-07-29 07:22:15 -------- d-----w- c:\users\michelle

\appdata\local\{BAA2A897-E757-47B9-9DC6-383B58782248}
2012-07-29 07:21:39 -------- d-----w- c:\users\michelle

\appdata\local\{059EF0F4-C748-4731-9A0E-4F86039B89CB}
2012-07-28 19:18:55 -------- d-----w- c:\users\michelle

\appdata\local\{34D76C7D-E67E-4AF1-BC9A-D4FA8E503CA2}
2012-07-28 19:18:11 -------- d-----w- c:\users\michelle

\appdata\local\{847848A5-3819-4D31-B2E8-DA75E31A2CE0}
2012-07-28 07:12:48 -------- d-----w- c:\users\michelle

\appdata\local\{0703F443-0CD7-449B-AEE3-2868069E7E44}
2012-07-28 07:11:28 -------- d-----w- c:\users\michelle

\appdata\local\{A1F56D3F-99FC-4D41-81C7-ADFA97EC02C9}
2012-07-27 19:10:24 -------- d-----w- c:\users\michelle

\appdata\local\{5947FB28-B665-4639-9F32-8EAD44844E41}
2012-07-27 19:09:10 -------- d-----w- c:\users\michelle

\appdata\local\{B902CA53-5CB6-45F8-BDC7-D70AC3A5409D}
2012-07-27 03:10:45 -------- d-----w- c:\users\michelle

\appdata\local\{E8BD7D64-AB72-4376-B553-E29FBC2B1DBD}
2012-07-27 03:09:06 -------- d-----w- c:\users\michelle

\appdata\local\{91C74592-B0AD-4147-9096-E8497E28F7D2}
2012-07-25 21:18:33 -------- d-----w- c:\users\michelle

\appdata\local\{0809194D-46FB-46FB-9A7A-05E9202F963B}
2012-07-25 21:18:13 -------- d-----w- c:\users\michelle

\appdata\local\{9E91A78F-4E94-4D59-8732-D7B9CA27642C}
2012-07-24 22:12:19 -------- d-----w- c:\users\michelle

\appdata\local\{453EEE2A-AFB5-41B7-A3C1-8B9BCDB2C883}
2012-07-24 22:12:07 -------- d-----w- c:\users\michelle

\appdata\local\{CD940024-20D9-42BF-9260-9D0DDD30AD1F}
2012-07-24 07:43:21 -------- d-----w- c:\users\michelle

\appdata\local\{49CE1462-17AC-4D0F-9A34-7EE0A49D82E5}
2012-07-24 07:42:45 -------- d-----w- c:\users\michelle

\appdata\local\{C51B86AE-61F5-4720-9C25-C222F923D2F1}
2012-07-23 19:41:55 -------- d-----w- c:\users\michelle

\appdata\local\{DBE68102-5781-4E99-A698-57CCD2478806}
2012-07-23 19:41:42 -------- d-----w- c:\users\michelle

\appdata\local\{840A63D8-873A-44C8-AA49-5F76986A91E5}
2012-07-23 00:11:44 -------- d-----w- c:\users\michelle

\appdata\local\{AA3FD721-B869-476C-9E6B-7BD80E1BDC18}
2012-07-23 00:11:17 -------- d-----w- c:\users\michelle

\appdata\local\{38535C0E-8C8E-447E-9A05-3369F40B6191}
2012-07-22 06:40:58 -------- d-----w- c:\users\michelle

\appdata\local\{72E9D56B-A573-49DF-BC19-20D0D84BBBA8}
2012-07-22 06:40:40 -------- d-----w- c:\users\michelle

\appdata\local\{F7076D82-4D9E-402B-B186-5E35509B9A16}
2012-07-22 02:27:03 44784 ----a-w- c:\windows\system32\drivers

\aswRdr2.sys
2012-07-22 02:27:02 721000 ----a-w- c:\windows\system32\drivers

\aswSnx.sys
2012-07-22 02:27:00 57656 ----a-w- c:\windows\system32\drivers

\aswMonFlt.sys
2012-07-22 02:26:03 41224 ----a-w- c:\windows\avastSS.scr
2012-07-22 02:25:10 -------- d-----w- c:\programdata\AVAST

Software
2012-07-22 02:25:10 -------- d-----w- c:\program files\AVAST

Software
2012-07-21 18:39:58 -------- d-----w- c:\users\michelle

\appdata\local\{CB031E4C-4170-476E-A911-346F179CB6D8}
2012-07-21 18:39:16 -------- d-----w- c:\users\michelle

\appdata\local\{AAD4DC4D-1F23-4C2E-B95D-6F307A0C6D28}
2012-07-21 02:51:13 -------- d-----w- c:\users\michelle

\appdata\local\{4A4F8604-E5DE-46BF-B255-DF5CFABA4D80}
2012-07-21 02:50:49 -------- d-----w- c:\users\michelle

\appdata\local\{5617A6F2-4C12-43A7-AE09-107A20BF523E}
2012-07-20 08:04:02 -------- d-----w- c:\users\michelle

\appdata\local\{B4517176-E5E8-4441-8B14-FC80192C2523}
2012-07-20 08:03:44 -------- d-----w- c:\users\michelle

\appdata\local\{E1933F6A-8C1A-4577-81B2-D7822D8BC0F5}
2012-07-19 20:03:05 -------- d-----w- c:\users\michelle

\appdata\local\{E1888377-8F89-4DCB-A888-B00866E7B84F}
2012-07-19 20:02:37 -------- d-----w- c:\users\michelle

\appdata\local\{F43A742B-98A7-4A8C-9DE6-E1AC4EB8319A}
2012-07-19 08:00:25 -------- d-----w- c:\users\michelle

\appdata\local\{A9EAD22B-107C-4381-B384-FC4F4BE90338}
2012-07-19 08:00:09 -------- d-----w- c:\users\michelle

\appdata\local\{3DAA90DE-503C-4D50-9744-11115790CE65}
2012-07-19 03:00:21 -------- d-----w- c:\users\michelle

\appdata\roaming\WhatPulse
2012-07-18 19:59:44 -------- d-----w- c:\users\michelle

\appdata\local\{FAADAF9C-D2DA-4C15-84FE-98E4F4A65521}
2012-07-18 19:59:28 -------- d-----w- c:\users\michelle

\appdata\local\{1B58A17F-8C2B-4B3E-9CF8-23B19CF65EE7}
2012-07-18 07:57:39 -------- d-----w- c:\users\michelle

\appdata\local\{C90E49CB-2D3D-4590-AF0E-F7318179384E}
2012-07-18 07:57:16 -------- d-----w- c:\users\michelle

\appdata\local\{E76BA09C-255B-4D26-803C-00E955A61236}
2012-07-17 19:56:28 -------- d-----w- c:\users\michelle

\appdata\local\{DEE03F90-807E-4E06-97BF-81F7A09C4273}
2012-07-17 19:56:07 -------- d-----w- c:\users\michelle

\appdata\local\{8C40757F-A875-4222-AD6C-9B500B927429}
2012-07-17 07:25:07 -------- d-----w- c:\users\michelle

\appdata\local\{8E9B4853-B401-4C81-8B82-0FAEC4D55A8A}
2012-07-17 07:24:49 -------- d-----w- c:\users\michelle

\appdata\local\{E92BE2FD-2765-4410-9A68-6D3A26B86398}
2012-07-16 19:24:08 -------- d-----w- c:\users\michelle

\appdata\local\{620E3E31-3B86-4422-B0E8-C99EB3B78409}
2012-07-16 19:23:51 -------- d-----w- c:\users\michelle

\appdata\local\{0A9B37B5-6857-4049-9028-36904CC31F1D}
2012-07-16 05:43:37 -------- d-----w- c:\users\michelle

\appdata\local\{9BE4EEE4-7583-4D06-881A-D5382AE72B19}
2012-07-16 05:43:22 -------- d-----w- c:\users\michelle

\appdata\local\{5EFDC351-DD2A-42B0-88B8-4E118FB36E89}
2012-07-15 17:42:39 -------- d-----w- c:\users\michelle

\appdata\local\{66DFD3A9-3A19-4CC5-8829-EBF585C76588}
2012-07-15 17:42:22 -------- d-----w- c:\users\michelle

\appdata\local\{B705973D-6B9D-4034-8351-E8C2C3E9C105}
2012-07-14 20:13:17 -------- d-----w- c:\users\michelle

\appdata\local\{396ECCD4-86A7-4B84-A94E-2203B8A65742}
2012-07-14 20:12:57 -------- d-----w- c:\users\michelle

\appdata\local\{AAF97903-AC73-4DE9-A230-4A58B3B4A029}
2012-07-14 07:56:46 -------- d-----w- c:\users\michelle

\appdata\local\{7E8FF4E9-2B91-465A-AE34-0EB9927313B7}
2012-07-14 07:56:23 -------- d-----w- c:\users\michelle

\appdata\local\{8457BD43-F5F2-4B36-8B98-8EF4A899E292}
2012-07-13 19:55:45 -------- d-----w- c:\users\michelle

\appdata\local\{3FD73982-B3B5-4711-8FB1-FCF2ADF5A53C}
2012-07-13 19:55:24 -------- d-----w- c:\users\michelle

\appdata\local\{CF1013AE-CBEA-4E53-8C4B-FA3BE1B31EB4}
2012-07-13 01:51:00 -------- d-----w- c:\users\michelle

\appdata\local\{6912EB00-0287-4209-BBF0-2680CF0B7C66}
2012-07-13 01:50:03 -------- d-----w- c:\users\michelle

\appdata\local\{AAFE17C0-80EA-4C80-82C1-0D47830C8B5E}
2012-07-12 07:52:57 -------- d-----w- c:\users\michelle

\appdata\local\{6052FFEE-48FB-4AC7-9070-19FA0E6B8979}
2012-07-11 19:52:02 -------- d-----w- c:\users\michelle

\appdata\local\{380C4034-D1D5-4FA8-9A7F-A0A445D4D661}
2012-07-11 19:51:39 -------- d-----w- c:\users\michelle

\appdata\local\{4676435E-3680-4AD1-96C9-9A321DFF8DAA}
2012-07-11 08:42:02 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 04:18:27 1019904 ----a-w- c:\program files\common files

\system\ado\msado15.dll
2012-07-11 04:18:26 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 04:18:25 352256 ----a-w- c:\program files\common files

\system\ado\msadomd.dll
2012-07-11 04:18:24 57344 ----a-w- c:\program files\common files

\system\ado\msador15.dll
2012-07-11 04:18:23 212992 ----a-w- c:\program files\common files

\system\msadc\msadco.dll
2012-07-11 04:18:23 143360 ----a-w- c:\program files\common files

\system\ado\msjro.dll
2012-07-11 04:18:22 372736 ----a-w- c:\program files\common files

\system\ado\msadox.dll
2012-07-11 04:16:01 369336 ----a-w- c:\windows\system32\drivers

\cng.sys
2012-07-11 04:16:01 134000 ----a-w- c:\windows\system32\drivers

\ksecpkg.sys
2012-07-11 04:16:00 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 04:15:59 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 04:15:57 67440 ----a-w- c:\windows\system32\drivers

\ksecdd.sys
2012-07-11 03:55:33 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 03:55:29 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 03:55:29 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 02:38:24 -------- d-----w- c:\users\michelle

\appdata\local\{CEAD9E63-1BB9-4C32-9084-B2984D82700D}
2012-07-11 02:38:02 -------- d-----w- c:\users\michelle

\appdata\local\{642E242D-07E8-432C-97E4-595AD7B23E20}
2012-07-09 20:47:47 -------- d-----w- c:\users\michelle

\appdata\local\{5012FF2A-4BEA-4D66-AD68-68F111559CD2}
2012-07-09 20:47:13 -------- d-----w- c:\users\michelle

\appdata\local\{949C5583-2BB4-4A28-BC35-7E5E3CE776E1}
2012-07-09 04:31:52 -------- d-----w- c:\users\michelle

\appdata\local\{BA64A909-A068-47FC-932E-2DC7371ABEB2}
2012-07-09 04:31:38 -------- d-----w- c:\users\michelle

\appdata\local\{56DDC57B-BDEC-430C-9961-64BFAB91D448}
.
==================== Find3M ====================
.
2012-08-06 20:32:17 123952 ----a-w- c:\windows\system32\drivers

\SYMEVENT.SYS
2012-08-03 08:32:37 426184 ----a-w- c:\windows

\system32\FlashPlayerApp.exe
2012-08-03 08:32:36 70344 ----a-w- c:\windows

\system32\FlashPlayerCPLApp.cpl
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers

\mbam.sys
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 18:18:25.01 ===============

 

[NoobOfLameness]

From Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/27/2009 11:31:45 AM
System Uptime: 8/6/2012 2:00:51 PM (4 hours ago)
.
Motherboard: TOSHIBA | | Satellite T115
Processor: Intel(R) Celeron(R) CPU 743 @ 1.30GHz | U2E1 | 1296/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 176.656 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP286: 7/11/2012 1:38:45 AM - Windows Update
RP287: 7/21/2012 7:24:35 PM - avast! Free Antivirus Setup
RP288: 7/28/2012 11:21:41 PM - Removed Symantec Endpoint Protection Small

Business Edition.
RP289: 7/28/2012 11:40:15 PM - Removed Symantec Endpoint Protection Small

Business Edition.
RP290: 8/6/2012 1:19:30 PM - Removed Symantec Endpoint Protection Small Business

Edition.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
7Zip
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
Compatibility Pack for the 2007 Office system
Conexant HD Audio
D3DX10
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java(TM) 6 Update 14
Junk Mail filter update
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MyToshiba
NetZero Launcher
OGA Notifier 2.0.0048.0
Paint.NET v3.5.10
Pando Media Booster
PlayReady PC Runtime x86
Quickbooks Financial Center
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Launcher
Symantec Endpoint Protection Client
Synaptics Pointing Device Driver
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
TOSHIBA PC Health Monitor
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
TuneUp Utilities 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit

Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 0.9.2
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
8/6/2012 4:25:12 PM, Error: ACPI [13] - : The embedded controller (EC) did not

respond within the specified timeout period. This may indicate that there is an

error in the EC hardware or firmware or that the BIOS is accessing the EC

incorrectly. You should check with your computer manufacturer for an upgraded

BIOS. In some situations, this error may cause the computer to function

incorrectly.
8/6/2012 4:20:58 PM, Error: Server [2505] - The server could not bind to the

transport \Device\NetBT_Tcpip_{382F570D-DAFC-4E85-94E9-592DD3F664FF} because

another computer on the network has the same name. The server could not start.
8/6/2012 2:04:20 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

Symantec AntiVirus service.
8/6/2012 2:02:33 PM, Error: Service Control Manager [7026] - The following

boot-start or system-start driver(s) failed to load: AVGIDSHX
8/6/2012 2:02:15 PM, Error: Service Control Manager [7023] - The TuneUp Theme

Extension service terminated with the following error: The specified procedure

could not be found.
8/6/2012 12:19:05 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the ConfigFree WiMAX Service

service to connect.
8/6/2012 12:18:35 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the TPCH Service service to

connect.
8/6/2012 12:18:35 PM, Error: Service Control Manager [7000] - The TPCH Service

service failed to start due to the following error: The service did not respond

to the start or control request in a timely fashion.
8/6/2012 12:18:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got

error "1053" attempting to start the service TPCHSrv with arguments "" in order

to run the server: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}
8/5/2012 8:29:17 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

ShellHWDetection service.
8/5/2012 8:28:26 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

Audiosrv service.
8/5/2012 12:26:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service

'WMPNetworkSvc' did not start correctly because CoCreateInstance

(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost

service is running and that the UPnPHost component of Windows is installed

properly.
8/5/2012 12:21:09 PM, Error: Service Control Manager [7001] - The HomeGroup

Provider service depends on the Function Discovery Provider Host service which

failed to start because of the following error: After starting, the service hung

in a start-pending state.
8/5/2012 12:20:26 PM, Error: Service Control Manager [7022] - The Function

Discovery Provider Host service hung on starting.
8/4/2012 4:10:17 PM, Error: Service Control Manager [7022] - The Windows Update

service hung on starting.
8/3/2012 12:59:58 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

TuneUp.ProgramStatisticsSvc service.
8/2/2012 10:51:20 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

Wlansvc service.
8/1/2012 7:08:27 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the ConfigFree Service service to

connect.
8/1/2012 7:08:27 PM, Error: Service Control Manager [7000] - The ConfigFree

Service service failed to start due to the following error: The service did not

respond to the start or control request in a timely fashion.
8/1/2012 7:07:07 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the TMachInfo service to connect.
8/1/2012 12:00:55 AM, Error: Service Control Manager [7043] - The Windows Update

service did not shut down properly after receiving a preshutdown control.
8/1/2012 11:53:47 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

Netman service.
7/31/2012 10:52:25 AM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the AVGIDSAgent service to

connect.
7/31/2012 10:52:25 AM, Error: Service Control Manager [7000] - The AVGIDSAgent

service failed to start due to the following error: The service did not respond

to the start or control request in a timely fashion.
7/30/2012 5:45:42 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the Google Update Service

(gupdate) service to connect.
7/30/2012 5:45:42 PM, Error: Service Control Manager [7000] - The Google Update

Service (gupdate) service failed to start due to the following error: The

service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

 

[Broni]

Please disable "word wrap" in Notepad as your logs are hard to read.

====================================================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==================================================

Please download the below tool named Rkill (courtesy of BleepingComputer.com) to your desktop.

There are 2 different versions. If one of them won't run then download and try to run the other one.

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

====================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[NoobOfLameness]

The log from RogueKiller:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Michelle [Admin rights]
Mode: Scan -- Date: 08/06/2012 20:08:53

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x82F25CA9 -> HOOKED (Unknown @ 0x86AC1A68)
SSDT[14] : NtAlertThread @ 0x82E78BC0 -> HOOKED (Unknown @ 0x86AB8388)
SSDT[59] : ExpInterlockedPopEntrySListResume @ 0x82EBFF59 -> HOOKED (Unknown @ 0x86955138)
SSDT[74] : NtCreateMutant @ 0x82E5828E -> HOOKED (Unknown @ 0x87C64DE8)
SSDT[87] : NtCreateThread @ 0x82F23ED6 -> HOOKED (Unknown @ 0x868CBCA8)
SSDT[145] : NtImpersonateAnonymousToken @ 0x82E3D8BC -> HOOKED (Unknown @ 0x86AC1808)
SSDT[147] : NtImpersonateThread @ 0x82EC184C -> HOOKED (Unknown @ 0x86AC1540)
SSDT[168] : NtMapViewOfSection @ 0x82E8E512 -> HOOKED (Unknown @ 0x86A6C0C0)
SSDT[177] : NtOpenEvent @ 0x82E57C8A -> HOOKED (Unknown @ 0x87C4FAC8)
SSDT[191] : NtOpenProcessToken @ 0x82EAC21F -> HOOKED (Unknown @ 0x86A3AE80)
SSDT[199] : NtOpenThreadToken @ 0x82EC0534 -> HOOKED (Unknown @ 0x869E86E0)
SSDT[304] : NtResumeThread @ 0x82EB8572 -> HOOKED (Unknown @ 0x869528F8)
SSDT[316] : NtSetContextThread @ 0x82F25755 -> HOOKED (Unknown @ 0x86A902B8)
SSDT[333] : NtSetInformationProcess @ 0x82E8076D -> HOOKED (Unknown @ 0x86A6B778)
SSDT[335] : NtSetInformationThread @ 0x82EB1CD6 -> HOOKED (Unknown @ 0x86AD2B00)
SSDT[366] : NtSuspendProcess @ 0x82F25BE3 -> HOOKED (Unknown @ 0x86AC9480)
SSDT[367] : NtSuspendThread @ 0x82EDD085 -> HOOKED (Unknown @ 0x86AB8F28)
SSDT[371] : NtTerminateThread @ 0x82EC0584 -> HOOKED (Unknown @ 0x86AD2430)
SSDT[385] : NtUnmapViewOfSection @ 0x82EAC85A -> HOOKED (Unknown @ 0x86A6B5D0)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++
--- User ---
[MBR] 7f895f6d472fef44da344aa0d5144eff
[BSP] 290c22aaaab728af5823c5614cfadfce : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228847 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471752704 | Size: 8127 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

 

[NoobOfLameness]

From Rkill:

Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/06/2012 08:21:24 PM in x86 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/06/2012 08:21:54 PM
Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)

 

[NoobOfLameness]

The log from aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-06 20:25:22
-----------------------------
20:25:22.571 OS Version: Windows 6.1.7601 Service Pack 1
20:25:22.571 Number of processors: 1 586 0x170A
20:25:22.571 ComputerName: MICHELLE-PC UserName: Michelle
20:25:42.898 Initialize success
20:25:45.347 AVAST engine defs: 12080601
20:26:21.415 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:26:21.415 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
20:26:21.461 Disk 0 MBR read successfully
20:26:21.461 Disk 0 MBR scan
20:26:21.477 Disk 0 Windows VISTA default MBR code
20:26:21.477 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:26:21.493 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228847 MB offset 3074048
20:26:21.524 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8127 MB offset 471752704
20:26:21.571 Disk 0 scanning sectors +488396800
20:26:21.664 Disk 0 scanning C:\windows\system32\drivers
20:26:34.940 Service scanning
20:27:17.715 Service Teefer2 C:\windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
20:27:26.529 Service WPS C:\windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
20:27:26.935 Service WpsHelper C:\windows\system32\drivers\WpsHelper.sys **LOCKED** 32
20:27:28.604 Modules scanning
20:27:44.578 Disk 0 trace - called modules:
20:27:44.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll ACPI.sys iaStor.sys
20:27:44.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864a9518]
20:27:44.641 3 CLASSPNP.SYS[88db359e] -> nt!IofCallDriver -> \Device\THPDRV1[0x84dc1768]
20:27:44.656 5 thpdrv.sys[88fcc99f] -> nt!IofCallDriver -> [0x856b0f08]
20:27:44.672 7 ACPI.sys[886ab3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x856eb028]
20:27:45.327 AVAST engine scan C:\windows
20:27:48.619 AVAST engine scan C:\windows\system32
20:32:33.148 AVAST engine scan C:\windows\system32\drivers
20:32:57.936 AVAST engine scan C:\Users\Michelle
20:42:35.293 AVAST engine scan C:\ProgramData
20:47:54.142 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ7A15.tmp **INFECTED** MSILropper-RS [Drp]
20:48:12.924 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQE0C5.tmp **INFECTED** MSILropper-RS [Drp]
20:48:15.420 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQE9BD.tmp **INFECTED** MSILropper-RS [Drp]
20:48:16.419 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQEC8A.tmp **INFECTED** MSILropper-RS [Drp]
20:50:21.391 Scan finished successfully
20:56:26.275 Disk 0 MBR has been saved successfully to "C:\Users\Michelle\Desktop\MBR.dat"
20:56:26.291 The log file has been saved successfully to "C:\Users\Michelle\Desktop\aswMBR.txt"

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[NoobOfLameness]

I have already uninstalled AVG, but when I tried to run ComboFix, it tells me that AVG is still active...

 

[Broni]

Ignore that warning.

 

[NoobOfLameness]

Alright. Here's the ComboFix log:

ComboFix 12-08-07.03 - Michelle 08/07/2012 17:07:34.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1913.1069 [GMT -7:00]
Running from: c:\users\Michelle\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\id2aom75.default\searchplugins\bing-zugo.xml
c:\windows\system32\pt
c:\windows\system32\pt\ThpProp.exe.mui
c:\windows\system32\pt\ThpSrv.exe.mui
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 00:22 . 2012-08-08 00:22 -------- d-----w- c:\users\Michelle\AppData\Local\temp
2012-08-08 00:22 . 2012-08-08 00:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 02:27 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-22 02:27 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-22 02:27 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-22 02:27 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-22 02:27 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-22 02:27 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-22 02:26 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-22 02:26 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-22 02:25 . 2012-07-22 02:25 -------- d-----w- c:\programdata\AVAST Software
2012-07-22 02:25 . 2012-07-22 02:25 -------- d-----w- c:\program files\AVAST Software
2012-07-19 03:00 . 2012-07-19 03:07 -------- d-----w- c:\users\Michelle\AppData\Roaming\WhatPulse
2012-07-11 08:42 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 04:18 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 04:18 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 04:18 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 04:18 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 04:18 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 04:18 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 04:18 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 04:16 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 04:16 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 04:16 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 04:15 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 04:15 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 03:55 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 03:55 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 03:55 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 20:32 . 2010-09-25 16:12 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-08-03 08:32 . 2012-04-04 00:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 08:32 . 2011-05-25 01:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2011-07-10 22:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 23:37 . 2012-06-29 23:37 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-23 04:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-23 04:52 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 04:52 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 04:51 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 04:51 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 04:52 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 04:52 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 04:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-23 04:51 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-05-25 02:15 . 2012-05-25 02:15 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-06-10 19:04 . 2012-06-10 19:04 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-20 484920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-31 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-27 1324384]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"ConexantAudioPatch"="c:\program files\ConexantAudioPatch\Audioreset.exe" [2009-09-02 214328]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-02-12 115560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswboot.exe /m:b4d05ac5e
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2009-02-12 20:02 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 22:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TUSBSleepChargeSrv]
2009-07-02 18:05 252288 ----a-w- c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2009-08-11 19:37 2446648 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-21 00:28]
.
2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 08:32]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-08 06:06]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-08 06:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\id2aom75.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9d9b4445-8834-4989-b890-59dd78c30a39%7D&mid=04e20c54f79b47d1b4d3d16fd89b47d7-2ad78f517ad8eaec4c9e5364c7525c36bf78fa83&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-03%2020%3A59%3A03&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
SafeBoot-Symantec Antvirus
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-07 17:29:52
ComboFix-quarantined-files.txt 2012-08-08 00:29
.
Pre-Run: 193,200,275,456 bytes free
Post-Run: 192,934,588,416 bytes free
.
- - End Of File - - AD79473806EC4BFD91A601749C2A014F

 

[Broni]

Looks good

Any current issues?

===================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[NoobOfLameness]

Nope, no current issues. Everything is pretty much running the way it used to.

 

[Broni]

 

[NoobOfLameness]

From OLT.txt:

OTL logfile created on: 8/7/2012 6:34:47 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Michelle\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.61% Memory free
3.74 Gb Paging File | 2.77 Gb Available in Paging File | 74.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.48 Gb Total Space | 179.75 Gb Free Space | 80.43% Space Free | Partition Type: NTFS

Computer Name: MICHELLE-PC | User Name: Michelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/07 18:32:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Michelle\Desktop\OTL.exe
PRC - [2012/07/03 09:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/11 13:45:54 | 001,295,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/12/27 13:25:27 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2009/09/17 16:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/09/17 16:36:58 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/27 14:37:10 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/26 19:00:06 | 001,324,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
PRC - [2009/08/21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/21 10:29:20 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/06 18:05:18 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009/08/06 18:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009/08/05 15:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/20 15:29:00 | 000,484,920 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2009/07/08 10:40:58 | 000,518,720 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2009/04/22 15:24:32 | 001,447,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/04/22 15:24:30 | 001,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/04/22 15:14:20 | 001,768,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/02/12 13:02:54 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/02/12 13:02:34 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 12:07:42 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/06/13 11:58:00 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 11:56:54 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/09 16:32:35 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 16:32:01 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 16:31:51 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 16:30:55 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2009/11/05 11:43:48 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/09/17 16:36:34 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/07/25 11:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/07/16 16:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/16 16:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/06/22 15:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/03/12 20:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/03 01:32:43 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/10 12:04:25 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/06/18 18:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/03 19:48:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/27 13:25:27 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/12/27 13:25:26 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/09/17 16:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/08/27 14:37:10 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/06 18:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/08 10:40:58 | 000,518,720 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2009/04/22 15:24:30 | 001,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/04/22 15:14:20 | 001,768,376 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/04/22 03:29:30 | 000,324,936 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/02/12 13:02:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/02/12 13:02:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/01/29 10:11:06 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/11/12 17:44:18 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Michelle\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/08/06 13:32:17 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/07/03 09:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 09:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 09:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 09:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 09:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/07/03 09:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/06/01 01:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/06/01 01:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/15 01:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120806.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/15 01:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120806.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/10/16 15:55:36 | 000,500,736 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/08/13 09:18:22 | 000,372,736 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2009/08/10 12:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/30 17:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/27 16:06:44 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/07/14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/10 07:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/06/29 17:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2009/06/29 11:25:24 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2009/06/22 18:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/19 20:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/06/15 14:58:22 | 000,009,216 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2009/04/22 15:26:04 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/01/30 13:52:32 | 000,319,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/01/30 13:52:32 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/01/30 13:52:32 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/11/18 18:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/14 12:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/09/09 14:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008/08/21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {FEFDAA69-4382-4CD9-A58D-2F9B12DC0BD2}
IE - HKLM\..\SearchScopes\{FEFDAA69-4382-4CD9-A58D-2F9B12DC0BD2}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1987367466-53183474-3874060569-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Michelle\Desktop
IE - HKU\S-1-5-21-1987367466-53183474-3874060569-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1987367466-53183474-3874060569-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1987367466-53183474-3874060569-1001\..\SearchScopes\{22D5E096-940A-CE47-CCFF-72BC315B9667}: "URL" = http://www.bing.com/search?q={searc...install_date=20111226&iesrc={referrer:source}
IE - HKU\S-1-5-21-1987367466-53183474-3874060569-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...c36bf78fa83&lang=en&ds=AVG&pr=fr&d=2012-06-03 20:59:03&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1987367466-53183474-3874060569-1001\..\SearchScopes\{FEFDAA69-4382-4CD9-A58D-2F9B12DC0BD2}: "URL" = http://www.google.com/search?source...ding}&oe={outputEncoding}&rlz=1I7TSNA_enUS359
IE - HKU\S-1-5-21-1987367466-53183474-3874060569-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2163
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.1.0.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={...lang=en&pr=fr&d=2012-06-03 20:59:03&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 18:10:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/21 19:26:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/10 12:04:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/10 12:04:30 | 000,000,000 | ---D | M]

[2009/12/27 13:38:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michelle\AppData\Roaming\Mozilla\Extensions
[2012/07/25 01:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\id2aom75.default\extensions
[2010/07/27 22:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/21 19:26:34 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/07/03 18:10:19 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/06/10 12:04:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/10 00:23:11 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/10 12:04:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/10 12:04:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://my.yahoo.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://my.yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: TooManyTabs for Chrome = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.9.2_0\
CHR - Extension: Graphing Calculator by Desmos.com = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\1.4_0\
CHR - Extension: Call of Gods = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjfnmklbdnbkkaihgjjkieghlebmapak\0.0.0.2_0\
CHR - Extension: YouTube = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Search by Image (by Google) = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.1.1_0\
CHR - Extension: Realm of the Mad God = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\
CHR - Extension: Realm of the Mad God = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~
CHR - Extension: AdBlock = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\
CHR - Extension: Creatures & Castles = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpeacgpdnhofhebmincihdelcemhagd\2.0_0\
CHR - Extension: avast! WebRep = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Rockify.TV = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeghnglaaghfjmikpnkolockomaggcdf\0.9.5.3_0\
CHR - Extension: AVG Safe Search = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: Numerics Calculator & Converter = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe\4.3.4_0\
CHR - Extension: Totoro Rainy Day = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff\1.15_0\
CHR - Extension: Pocket Legends = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp\1.7.5.3_0\
CHR - Extension: Plants vs Zombies = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: AVG Do Not Track = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Graph.tk = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhkaamdeplibnmodcgodlkghphdbahk\0.0.1.0_0\
CHR - Extension: Private Joe: Urban Warfare = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogmpedngmnolclkmlpcdgmfonlagkejp\1.4_0\
CHR - Extension: Bastion = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid\0.0.0.4_0\
CHR - Extension: Edgeworld = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfmpdiaehhnljpdomnggcbfofdgkmbp\1.0.1.2_0\

O1 HOSTS File: ([2012/08/07 17:22:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ConexantAudioPatch] C:\Program Files\ConexantAudioPatch\AudioReset.exe ()
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1987367466-53183474-3874060569-1001..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1987367466-53183474-3874060569-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1987367466-53183474-3874060569-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{382F570D-DAFC-4E85-94E9-592DD3F664FF}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswboot.exe /m:b4d05ac5e)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/07 18:32:00 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Michelle\Desktop\OTL.exe
[2012/08/07 17:29:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/07 17:29:55 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/08/07 17:29:55 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\temp
[2012/08/07 17:04:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/08/07 17:04:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/08/07 17:04:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/08/07 16:38:55 | 004,728,030 | R--- | C] (Swearware) -- C:\Users\Michelle\Desktop\ComboFix.exe
[2012/08/07 14:38:28 | 010,665,032 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Michelle\Desktop\AppRemover.exe
[2012/08/07 14:36:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/07 14:36:10 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/08/07 00:50:20 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{F8D2247D-9406-46AE-B9A0-8C3FC5A83A24}
[2012/08/07 00:49:39 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{1C911484-6154-4FFE-9C0B-935CB7F56FD7}
[2012/08/06 20:19:48 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Michelle\Desktop\aswMBR.exe
[2012/08/06 19:45:24 | 000,000,000 | ---D | C] -- C:\Users\Michelle\Desktop\BLEH STUFFS
[2012/08/06 12:45:24 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{BFCC8F26-1A65-4E47-9028-005DEA962E36}
[2012/08/06 12:43:01 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{6A30CF48-7E03-446A-9036-ADDF3FA2CB0D}
[2012/08/06 00:37:34 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{9CB4E815-E8D2-4BA3-8D96-141B77ED44CC}
[2012/08/06 00:36:48 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{C1094033-F728-493F-9BA2-C677B13ECF98}
[2012/08/05 12:32:29 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{86D364AD-C3B7-40D0-89BF-403335074F90}
[2012/08/05 12:31:17 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{8C6CFAC0-4F9B-4E39-A108-72608CADE4D1}
[2012/08/04 16:10:07 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{04AE7EEB-2DD0-4FE8-9CC0-837944E8D7B6}
[2012/08/04 16:09:02 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{DF4AB77E-B1C0-4785-8E0A-88E48862EB6A}
[2012/08/03 23:46:26 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{639F7353-176C-427A-863D-BEFC4DA1412A}
[2012/08/03 23:45:41 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{EA3191D3-CC56-4111-A45A-88DA696AD975}
[2012/08/03 11:38:41 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{CEB88A37-720B-46A0-B331-B7D5B70D824E}
[2012/08/02 23:05:22 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{FC3EAC80-C181-4D50-874A-E591562B24CA}
[2012/08/02 23:03:09 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{942E9982-FEC8-4D4D-A962-178EF1F40493}
[2012/08/01 20:42:13 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{B351B129-36CC-490B-9232-490B8D38764D}
[2012/08/01 20:41:25 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{03AFDB20-0078-48F4-AA74-208B313CAC61}
[2012/07/31 22:59:30 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{9C0BB5B5-1B58-4FE8-B760-3FE88463401E}
[2012/07/31 22:59:09 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{9885D7E0-76EB-4A3B-8232-F56FBD399476}
[2012/07/31 10:57:22 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{F4F384A6-D090-49B0-BE23-07D6546EE1F5}
[2012/07/31 10:56:52 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{8C62F073-1518-4077-A3C8-0D9DDC87B764}
[2012/07/30 17:50:45 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{8C41AB20-6846-4369-81F9-69482321D973}
[2012/07/30 17:49:34 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{859D9E42-5EDE-4CBC-B04E-0FD76B7F85C2}
[2012/07/29 22:42:05 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{388C799C-640B-4860-9E9B-A82C4580960D}
[2012/07/29 22:40:42 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{526A6071-315A-453C-BBA0-6B0AE19807FA}
[2012/07/29 00:22:15 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{BAA2A897-E757-47B9-9DC6-383B58782248}
[2012/07/29 00:21:39 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{059EF0F4-C748-4731-9A0E-4F86039B89CB}
[2012/07/28 23:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2012/07/28 12:18:55 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{34D76C7D-E67E-4AF1-BC9A-D4FA8E503CA2}
[2012/07/28 12:18:11 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{847848A5-3819-4D31-B2E8-DA75E31A2CE0}
[2012/07/28 00:12:48 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{0703F443-0CD7-449B-AEE3-2868069E7E44}
[2012/07/28 00:11:28 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{A1F56D3F-99FC-4D41-81C7-ADFA97EC02C9}
[2012/07/27 12:10:24 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{5947FB28-B665-4639-9F32-8EAD44844E41}
[2012/07/27 12:09:10 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{B902CA53-5CB6-45F8-BDC7-D70AC3A5409D}
[2012/07/26 20:10:45 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{E8BD7D64-AB72-4376-B553-E29FBC2B1DBD}
[2012/07/26 20:09:06 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{91C74592-B0AD-4147-9096-E8497E28F7D2}
[2012/07/25 14:18:33 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{0809194D-46FB-46FB-9A7A-05E9202F963B}
[2012/07/25 14:18:13 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{9E91A78F-4E94-4D59-8732-D7B9CA27642C}
[2012/07/24 15:12:19 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{453EEE2A-AFB5-41B7-A3C1-8B9BCDB2C883}
[2012/07/24 15:12:07 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{CD940024-20D9-42BF-9260-9D0DDD30AD1F}
[2012/07/24 00:43:21 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{49CE1462-17AC-4D0F-9A34-7EE0A49D82E5}
[2012/07/24 00:42:45 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{C51B86AE-61F5-4720-9C25-C222F923D2F1}
[2012/07/23 12:41:55 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{DBE68102-5781-4E99-A698-57CCD2478806}
[2012/07/23 12:41:42 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{840A63D8-873A-44C8-AA49-5F76986A91E5}
[2012/07/22 17:11:44 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{AA3FD721-B869-476C-9E6B-7BD80E1BDC18}
[2012/07/22 17:11:17 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{38535C0E-8C8E-447E-9A05-3369F40B6191}
[2012/07/21 23:40:58 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{72E9D56B-A573-49DF-BC19-20D0D84BBBA8}
[2012/07/21 23:40:40 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{F7076D82-4D9E-402B-B186-5E35509B9A16}
[2012/07/21 19:27:07 | 000,353,688 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2012/07/21 19:27:07 | 000,021,256 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2012/07/21 19:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/21 19:27:03 | 000,054,232 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2012/07/21 19:27:03 | 000,044,784 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2012/07/21 19:27:02 | 000,721,000 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2012/07/21 19:27:00 | 000,057,656 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2012/07/21 19:26:03 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2012/07/21 19:26:00 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2012/07/21 19:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/21 19:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/21 11:39:58 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{CB031E4C-4170-476E-A911-346F179CB6D8}
[2012/07/21 11:39:16 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{AAD4DC4D-1F23-4C2E-B95D-6F307A0C6D28}
[2012/07/20 19:51:13 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{4A4F8604-E5DE-46BF-B255-DF5CFABA4D80}
[2012/07/20 19:50:49 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{5617A6F2-4C12-43A7-AE09-107A20BF523E}
[2012/07/20 01:04:02 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{B4517176-E5E8-4441-8B14-FC80192C2523}
[2012/07/20 01:03:44 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{E1933F6A-8C1A-4577-81B2-D7822D8BC0F5}
[2012/07/19 13:03:05 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{E1888377-8F89-4DCB-A888-B00866E7B84F}
[2012/07/19 13:02:37 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{F43A742B-98A7-4A8C-9DE6-E1AC4EB8319A}
[2012/07/19 01:00:25 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{A9EAD22B-107C-4381-B384-FC4F4BE90338}
[2012/07/19 01:00:09 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{3DAA90DE-503C-4D50-9744-11115790CE65}
[2012/07/18 20:00:21 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Roaming\WhatPulse
[2012/07/18 12:59:44 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{FAADAF9C-D2DA-4C15-84FE-98E4F4A65521}
[2012/07/18 12:59:28 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{1B58A17F-8C2B-4B3E-9CF8-23B19CF65EE7}
[2012/07/18 00:57:39 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{C90E49CB-2D3D-4590-AF0E-F7318179384E}
[2012/07/18 00:57:16 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{E76BA09C-255B-4D26-803C-00E955A61236}
[2012/07/17 12:56:28 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{DEE03F90-807E-4E06-97BF-81F7A09C4273}
[2012/07/17 12:56:07 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{8C40757F-A875-4222-AD6C-9B500B927429}
[2012/07/17 00:25:07 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{8E9B4853-B401-4C81-8B82-0FAEC4D55A8A}
[2012/07/17 00:24:49 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{E92BE2FD-2765-4410-9A68-6D3A26B86398}
[2012/07/16 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{620E3E31-3B86-4422-B0E8-C99EB3B78409}
[2012/07/16 12:23:51 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{0A9B37B5-6857-4049-9028-36904CC31F1D}
[2012/07/15 22:43:37 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{9BE4EEE4-7583-4D06-881A-D5382AE72B19}
[2012/07/15 22:43:22 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{5EFDC351-DD2A-42B0-88B8-4E118FB36E89}
[2012/07/15 22:06:55 | 000,000,000 | ---D | C] -- C:\Users\Michelle\Desktop\TO SAVE KIM'S EYEBALLS
[2012/07/15 10:42:39 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{66DFD3A9-3A19-4CC5-8829-EBF585C76588}
[2012/07/15 10:42:22 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{B705973D-6B9D-4034-8351-E8C2C3E9C105}
[2012/07/14 13:13:17 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{396ECCD4-86A7-4B84-A94E-2203B8A65742}
[2012/07/14 13:12:57 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{AAF97903-AC73-4DE9-A230-4A58B3B4A029}
[2012/07/14 00:56:46 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{7E8FF4E9-2B91-465A-AE34-0EB9927313B7}
[2012/07/14 00:56:23 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{8457BD43-F5F2-4B36-8B98-8EF4A899E292}
[2012/07/13 12:55:45 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{3FD73982-B3B5-4711-8FB1-FCF2ADF5A53C}
[2012/07/13 12:55:24 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{CF1013AE-CBEA-4E53-8C4B-FA3BE1B31EB4}
[2012/07/12 18:51:00 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{6912EB00-0287-4209-BBF0-2680CF0B7C66}
[2012/07/12 18:50:03 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{AAFE17C0-80EA-4C80-82C1-0D47830C8B5E}
[2012/07/12 00:52:57 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{6052FFEE-48FB-4AC7-9070-19FA0E6B8979}
[2012/07/11 12:55:46 | 000,000,000 | ---D | C] -- C:\Users\Michelle\Desktop\RP-Light&Van
[2012/07/11 12:52:02 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{380C4034-D1D5-4FA8-9A7F-A0A445D4D661}
[2012/07/11 12:51:39 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{4676435E-3680-4AD1-96C9-9A321DFF8DAA}
[2012/07/10 19:38:24 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{CEAD9E63-1BB9-4C32-9084-B2984D82700D}
[2012/07/10 19:38:02 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{642E242D-07E8-432C-97E4-595AD7B23E20}
[2012/07/09 13:47:47 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{5012FF2A-4BEA-4D66-AD68-68F111559CD2}
[2012/07/09 13:47:13 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{949C5583-2BB4-4A28-BC35-7E5E3CE776E1}
[2012/07/09 01:28:04 | 000,000,000 | ---D | C] -- C:\Users\Michelle\Documents\My Weblog Posts
[2012/07/08 21:31:52 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{BA64A909-A068-47FC-932E-2DC7371ABEB2}
[2012/07/08 21:31:38 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\{56DDC57B-BDEC-430C-9961-64BFAB91D448}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Michelle\Desktop\*.tmp files -> C:\Users\Michelle\Desktop\*.tmp -> ]