Hi there,

So My google and bing searches on Chrome and Firefox keep redirecting to shoppinghornet, fabusearch, etc. I ran Avg scan, Trend Micro Housecall scan, Spybot: Search & Destroy scan, and, Malwarebytes Anti-Malware scan, but the problem persists. I am pasting the DDS log below and also attaching the Attach zip file as instructed.

Thanks for your help.


============================================================


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by kpn at 23:10:14 on 2012-05-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.1930 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dgdersvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\windows\SysWOW64\cryptainersrv.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?o=14597&l=dis
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader

Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll
uURLSearchHooks: H - No File
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure

Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion

\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier

\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller

Plug-in\TOSHIBAMediaControllerIE.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE

\5.6\youtubedownloaderToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure

Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE

\5.6\youtubedownloaderToolbarIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\kpn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [googletalk] C:\Users\kpn\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [KiesTrayAgent]
uRun: [AROReminder]
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [<NO NAME>]
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\windows\system32\rundll32.exe"

"C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
StartupFolder: C:\Users\kpn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files

(x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\kpn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files

(x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\kpn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PMBMED~1.LNK - C:\Program Files

(x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion

\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{26A4DF69-F04F-42A7-BBD9-3A4DBE1B1780} : NameServer = 0.0.0.0
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831} : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\2435E4C4F51405 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\3757E6279637560296E6E6D27657563747 : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\55453547162736F6D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\A5854435C40253331324 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\F65727E6564777F627B6 : DhcpNameServer = 192.168.2.1 75.75.75.75
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller

\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure

Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live

\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier

\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media

Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE

\5.6\youtubedownloaderToolbarIE.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs

\cpn0\YTSingleInstance.dll
TB-X64: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure

Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE

\5.6\youtubedownloaderToolbarIE.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun-x64: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [(Default)]
mRunOnce-x64: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\windows\system32\rundll32.exe"

"C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kpn\AppData\Roaming\Mozilla\Firefox\Profiles\7miejhmd.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0128156d-c895-47fe-967c-

36727009b0b3%7D&mid=780c9225fd3742409beb0c50ee940207-

969f2c32528dfb9c262d3100a75dbdb79ddf8785&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-28%2010%3A07%3A30&sap=ku&q=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.71\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\kpn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\kpn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS

\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS

\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 ssoftnt4;ssoftnt4;\??\C:\windows\system32\Drivers\ssoftnt4.sys --> C:\windows\system32\Drivers\ssoftnt4.sys [?]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\windows\system32\DRIVERS\tmlwf.sys --> C:\windows\system32\DRIVERS\tmlwf.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 acedrv11;acedrv11;\??\C:\windows\system32\drivers\acedrv11.sys --> C:\windows\system32\drivers\acedrv11.sys [?]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-4-23 785304]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 dgdersvc;Device Error Recovery Service;C:\Windows\System32\dgdersvc.exe [2010-12-19 95568]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-12-29

404992]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData

\DatacardService\HWDeviceService64.exe -/service [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-6-28

1604200]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-23 1153368]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\windows\system32\DRIVERS\tmwfp.sys --> C:\windows\system32\DRIVERS\tmwfp.sys [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys -->

C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine

Components\UNS\UNS.exe [2010-6-28 2320920]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater

\10.2.0\ToolbarUpdater.exe [2012-3-16 918880]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-12-29 911360]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 bpenum;bpenum;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;bpmp;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-12-19 18120]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys

[?]
R3 huawei_enumerator;huawei_enumerator;C:\windows\system32\DRIVERS\ew_jubusenum.sys --> C:\windows\system32\DRIVERS

\ew_jubusenum.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:

\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\windows\system32\DRIVERS\stdriver64.sys --> C:\windows\system32\DRIVERS

\stdriver64.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-28 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5

137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\windows\system32\drivers\WsAudioDevice_383S(1).sys --> C:\windows

\system32\drivers\WsAudioDevice_383S(1).sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 135664]
S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch

Off\swoff.exe -service [?]
S2 SwOffWeb;Airytec Switch Off - Web Interface;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off

\swoff.exe -service [?]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[2012-4-7 253088]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-12

1025352]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\windows

\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 135664]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office

\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24

129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-12 340240]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:

\windows\system32\DRIVERS\NETw5s64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

[2010-1-9 4925184]
S3 pwdrvio;pwdrvio;\??\C:\windows\system32\pwdrvio.sys --> C:\windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\windows\system32\pwdspio.sys --> C:\windows\system32\pwdspio.sys [?]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2012-3-8 16392]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat

\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-

10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn

\SQLAGENT.EXE [2010-9-17 370008]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-08 00:56:55 -------- d-----w- C:\Program Files\HitmanPro
2012-05-08 00:56:48 -------- d-----w- C:\ProgramData\HitmanPro
2012-05-07 21:46:41 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-05-07 21:43:58 251528 ----a-w- C:\windows\System32\drivers\PCTSD64.sys
2012-05-07 21:43:57 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-05-07 21:43:32 -------- d-----w- C:\ProgramData\PC Tools
2012-05-07 21:43:29 -------- d-----w- C:\Users\kpn\AppData\Roaming\TestApp
2012-05-07 18:30:10 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-05-07 18:30:10 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-05-07 18:30:10 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-05-07 08:56:48 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-07 08:56:48 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-05-07 08:56:48 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-07 08:56:48 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-07 08:56:47 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-07 08:56:47 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-07 08:56:47 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-05-01 00:40:22 -------- d-----w- C:\Users\kpn\AppData\Local\DuplicateCleaner
2012-04-30 22:39:29 662288 ----a-w- C:\windows\SysWow64\mscomct2.ocx
2012-04-30 22:39:29 609824 ----a-w- C:\windows\SysWow64\comctl32.ocx
2012-04-30 22:39:29 40960 ----a-w- C:\windows\SysWow64\ssubtmr6.dll
2012-04-30 22:39:29 36864 ----a-w- C:\windows\SysWow64\trayicon_handler.ocx
2012-04-30 22:39:29 28672 ----a-w- C:\windows\SysWow64\mousewheel.ocx
2012-04-30 22:39:29 164144 ----a-w- C:\windows\SysWow64\comct232.ocx
2012-04-30 22:39:28 212240 ----a-w- C:\windows\SysWow64\richtx32.ocx
2012-04-30 22:39:28 -------- d-----w- C:\Program Files (x86)\DVD Flick
2012-04-27 15:38:10 -------- d-----w- C:\Users\kpn\AppData\Local\{7D45108C-9B76-4A0B-80EF-5C964723E039}
2012-04-27 15:37:51 -------- d-----w- C:\Users\kpn\AppData\Local\{5E343AB7-0367-4381-982B-2999EE6895BF}
2012-04-27 04:16:40 -------- d-----w- C:\Program Files (x86)\Audiograbber
2012-04-27 03:51:55 611840 ----a-w- C:\windows\SysWow64\DVD43.dll
2012-04-27 03:51:55 -------- d-----w- C:\Program Files (x86)\DVD43 Plug-in
2012-04-25 04:03:28 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-23 09:06:36 -------- d-----w- C:\Users\kpn\AppData\Local\DDMSettings
2012-04-23 06:49:12 -------- d-----w- C:\Users\kpn\AppData\Roaming\DonationCoder
2012-04-23 06:48:58 -------- d-----w- C:\Program Files (x86)\WinPcap
2012-04-23 06:48:20 -------- d-----w- C:\ProgramData\DonationCoder
2012-04-23 06:48:19 -------- d-----w- C:\Program Files (x86)\URLSnooper2
2012-04-23 01:38:09 118784 ----a-w- C:\windows\SysWow64\MSSTDFMT.DLL
2012-04-23 01:38:09 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-04-22 03:36:41 -------- d-----w- C:\Program Files (x86)\ARO 2012
2012-04-22 03:35:42 -------- d-----w- C:\Users\kpn\AppData\Roaming\ProgSense
2012-04-22 03:34:49 -------- d-----w- C:\Users\kpn\AppData\Roaming\GrabPro
2012-04-22 03:34:49 -------- d-----w- C:\downloads
2012-04-22 03:34:41 -------- d-----w- C:\Users\kpn\AppData\Roaming\OpenCandy
2012-04-22 03:34:41 -------- d-----w- C:\Program Files (x86)\Orbitdownloader
2012-04-20 22:41:59 -------- d-----w- C:\Program Files (x86)\FotoSketcher
2012-04-20 05:53:09 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-04-20 05:53:09 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-04-20 05:53:09 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-04-20 05:52:24 -------- d-----w- C:\Program Files\iPod
2012-04-20 05:52:23 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-20 05:52:23 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-20 05:52:22 -------- d-----w- C:\Program Files\iTunes
2012-04-20 05:49:03 -------- d-----w- C:\Program Files\Bonjour
2012-04-20 05:49:03 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-04-16 18:16:51 -------- d-----w- C:\Users\kpn\AppData\Local\{33BC3F30-A221-4416-B869-77410CCF67A7}
2012-04-13 16:10:58 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-13 16:10:57 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-13 16:10:57 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-13 16:05:58 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-13 16:05:58 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-13 16:05:58 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-13 16:05:58 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-13 16:05:57 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-13 16:05:57 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-13 16:05:57 220672 ----a-w- C:\windows\System32\wintrust.dll
.
==================== Find3M ====================
.
2012-05-01 17:11:31 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-01 17:11:31 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 22:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-02-28 06:39:37 1188864 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-14 19:09:44 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
.
============= FINISH: 23:11:15.92 ===============

Hi,

Disable word wrap in notepad.


Download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply. Post fresh DDS logs too.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-14 11:09:10
-----------------------------
11:09:10.639 OS Version: Windows x64 6.1.7601 Service Pack 1
11:09:10.639 Number of processors: 4 586 0x2505
11:09:10.640 ComputerName: KPN_TOSHIBA_II UserName: kpn
11:09:13.037 Initialize success
11:13:16.922 AVAST engine defs: 12051400
11:18:24.018 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:18:24.021 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
11:18:24.039 Disk 0 MBR read successfully
11:18:24.042 Disk 0 MBR scan
11:18:24.046 Disk 0 Windows VISTA default MBR code
11:18:24.086 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:18:24.091 Disk 0 Partition - 00 0F Extended LBA 233648 MB offset 3084480
11:18:24.118 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 230902 MB offset 481596570
11:18:24.146 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10881 MB offset 954488832
11:18:24.179 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 233648 MB offset 3084543
11:18:24.217 Disk 0 scanning C:\windows\system32\drivers
11:18:40.130 Service scanning
11:19:22.588 Modules scanning
11:19:22.929 Disk 0 trace - called modules:
11:19:22.953 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
11:19:22.958 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007028060]
11:19:22.964 3 CLASSPNP.SYS[fffff880017a843f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8007027060]
11:19:22.969 5 thpdrv.sys[fffff88001bb0cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005009050]
11:19:23.927 AVAST engine scan C:\windows
11:19:29.090 AVAST engine scan C:\windows\system32
11:25:21.800 AVAST engine scan C:\windows\system32\drivers
11:25:44.897 AVAST engine scan C:\Users\kpn
11:39:32.860 AVAST engine scan C:\ProgramData
11:43:20.741 Scan finished successfully
11:46:25.070 Disk 0 MBR has been saved successfully to "C:\Users\kpn\Desktop\MBR.dat"
11:46:25.076 The log file has been saved successfully to "C:\Users\kpn\Desktop\aswMBR.txt"




------------------------------------------------------------------


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by kpn at 11:54:05 on 2012-05-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.1367 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dgdersvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\SysWOW64\cryptainersrv.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\nvvsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
C:\Program Files (x86)\Orbitdownloader\Grab.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
mURLSearchHooks: H - No File
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [googletalk] C:\Users\kpn\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\Users\kpn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\kpn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\kpn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PMBMED~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{26A4DF69-F04F-42A7-BBD9-3A4DBE1B1780} : NameServer = 0.0.0.0
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\2435E4C4F51405 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\3757E6279637560296E6E6D27657563747 : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\55453547162736F6D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\8444740323 : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\A5854435C40253331324 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\F65727E6564777F627B6 : DhcpNameServer = 192.168.2.1 75.75.75.75
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun-x64: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kpn\AppData\Roaming\Mozilla\Firefox\Profiles\7miejhmd.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0128156d-c895-47fe-967c-36727009b0b3%7D&mid=780c9225fd3742409beb0c50ee940207-969f2c32528dfb9c262d3100a75dbdb79ddf8785&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-28%2010%3A07%3A30&sap=ku&q=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\kpn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\kpn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 ssoftnt4;ssoftnt4;\??\C:\windows\system32\Drivers\ssoftnt4.sys --> C:\windows\system32\Drivers\ssoftnt4.sys [?]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\windows\system32\DRIVERS\tmlwf.sys --> C:\windows\system32\DRIVERS\tmlwf.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 acedrv11;acedrv11;\??\C:\windows\system32\drivers\acedrv11.sys --> C:\windows\system32\drivers\acedrv11.sys [?]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-4-23 785304]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 dgdersvc;Device Error Recovery Service;C:\Windows\System32\dgdersvc.exe [2010-12-19 95568]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-6-28 1604200]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-23 1153368]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\windows\system32\DRIVERS\tmwfp.sys --> C:\windows\system32\DRIVERS\tmwfp.sys [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-6-28 2320920]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-16 918880]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 bpenum;bpenum;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;bpmp;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-12-19 18120]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\windows\system32\DRIVERS\ew_jubusenum.sys --> C:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\windows\system32\DRIVERS\stdriver64.sys --> C:\windows\system32\DRIVERS\stdriver64.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-28 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\windows\system32\drivers\WsAudioDevice_383S(1).sys --> C:\windows\system32\drivers\WsAudioDevice_383S(1).sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 135664]
S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S2 SwOffWeb;Airytec Switch Off - Web Interface;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 257696]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-12 1025352]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 135664]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-12 340240]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pwdrvio;pwdrvio;\??\C:\windows\system32\pwdrvio.sys --> C:\windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\windows\system32\pwdspio.sys --> C:\windows\system32\pwdspio.sys [?]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2012-3-8 16392]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 370008]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-10 23:00:23 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-10 04:38:45 -------- d-----w- C:\ProgramData\F-Secure
2012-05-10 03:46:40 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-10 03:13:59 -------- d-----w- C:\ComboFix
2012-05-10 02:46:52 98816 ----a-w- C:\windows\sed.exe
2012-05-10 02:46:52 518144 ----a-w- C:\windows\SWREG.exe
2012-05-10 02:46:52 256000 ----a-w- C:\windows\PEV.exe
2012-05-10 02:46:52 208896 ----a-w- C:\windows\MBR.exe
2012-05-09 20:00:55 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-09 19:32:54 -------- d-----w- C:\Users\kpn\AppData\Local\NPE
2012-05-09 16:41:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-09 05:15:08 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-05-09 05:15:07 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-05-09 05:15:04 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-09 05:15:03 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 05:15:03 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-05-09 05:15:01 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-09 05:12:09 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-05-09 05:11:32 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-05-09 05:11:24 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 05:11:24 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 05:11:24 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 05:11:24 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 05:11:24 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 06:59:44 -------- d-----w- C:\Users\kpn\AppData\Roaming\Nullsoft
2012-05-08 00:56:55 -------- d-----w- C:\Program Files\HitmanPro
2012-05-08 00:56:48 -------- d-----w- C:\ProgramData\HitmanPro
2012-05-07 21:46:41 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-05-07 21:43:58 251528 ----a-w- C:\windows\System32\drivers\PCTSD64.sys
2012-05-07 21:43:57 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-05-07 21:43:32 -------- d-----w- C:\ProgramData\PC Tools
2012-05-07 21:43:29 -------- d-----w- C:\Users\kpn\AppData\Roaming\TestApp
2012-05-07 18:30:10 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-05-07 18:30:10 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-05-07 18:30:10 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-05-07 08:56:48 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-07 08:56:48 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-05-07 08:56:48 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-07 08:56:48 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-07 08:56:47 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-07 08:56:47 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-07 08:56:47 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-05-01 00:40:22 -------- d-----w- C:\Users\kpn\AppData\Local\DuplicateCleaner
2012-04-30 22:39:29 662288 ----a-w- C:\windows\SysWow64\mscomct2.ocx
2012-04-30 22:39:29 609824 ----a-w- C:\windows\SysWow64\comctl32.ocx
2012-04-30 22:39:29 40960 ----a-w- C:\windows\SysWow64\ssubtmr6.dll
2012-04-30 22:39:29 36864 ----a-w- C:\windows\SysWow64\trayicon_handler.ocx
2012-04-30 22:39:29 28672 ----a-w- C:\windows\SysWow64\mousewheel.ocx
2012-04-30 22:39:29 164144 ----a-w- C:\windows\SysWow64\comct232.ocx
2012-04-30 22:39:28 212240 ----a-w- C:\windows\SysWow64\richtx32.ocx
2012-04-30 22:39:28 -------- d-----w- C:\Program Files (x86)\DVD Flick
2012-04-27 15:38:10 -------- d-----w- C:\Users\kpn\AppData\Local\{7D45108C-9B76-4A0B-80EF-5C964723E039}
2012-04-27 15:37:51 -------- d-----w- C:\Users\kpn\AppData\Local\{5E343AB7-0367-4381-982B-2999EE6895BF}
2012-04-27 04:16:40 -------- d-----w- C:\Program Files (x86)\Audiograbber
2012-04-27 03:51:55 611840 ----a-w- C:\windows\SysWow64\DVD43.dll
2012-04-27 03:51:55 -------- d-----w- C:\Program Files (x86)\DVD43 Plug-in
2012-04-25 04:03:28 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-23 09:06:36 -------- d-----w- C:\Users\kpn\AppData\Local\DDMSettings
2012-04-23 06:49:12 -------- d-----w- C:\Users\kpn\AppData\Roaming\DonationCoder
2012-04-23 06:48:58 -------- d-----w- C:\Program Files (x86)\WinPcap
2012-04-23 06:48:20 -------- d-----w- C:\ProgramData\DonationCoder
2012-04-23 06:48:19 -------- d-----w- C:\Program Files (x86)\URLSnooper2
2012-04-23 01:38:09 118784 ----a-w- C:\windows\SysWow64\MSSTDFMT.DLL
2012-04-23 01:38:09 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-04-22 03:36:41 -------- d-----w- C:\Program Files (x86)\ARO 2012
2012-04-22 03:35:42 -------- d-----w- C:\Users\kpn\AppData\Roaming\ProgSense
2012-04-22 03:34:49 -------- d-----w- C:\Users\kpn\AppData\Roaming\GrabPro
2012-04-22 03:34:49 -------- d-----w- C:\downloads
2012-04-22 03:34:41 -------- d-----w- C:\Users\kpn\AppData\Roaming\OpenCandy
2012-04-22 03:34:41 -------- d-----w- C:\Program Files (x86)\Orbitdownloader
2012-04-20 22:41:59 -------- d-----w- C:\Program Files (x86)\FotoSketcher
2012-04-20 05:53:09 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-04-20 05:53:09 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-04-20 05:53:09 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-04-20 05:52:24 -------- d-----w- C:\Program Files\iPod
2012-04-20 05:52:23 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-20 05:52:23 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-20 05:52:22 -------- d-----w- C:\Program Files\iTunes
2012-04-20 05:49:03 -------- d-----w- C:\Program Files\Bonjour
2012-04-20 05:49:03 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-04-16 18:16:51 -------- d-----w- C:\Users\kpn\AppData\Local\{33BC3F30-A221-4416-B869-77410CCF67A7}
.
==================== Find3M ====================
.
2012-05-10 23:00:30 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-10 23:00:30 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 22:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-01 06:46:16 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-14 19:09:44 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 11:55:24.21 ===============


Thanks. Let me know if you need anything else.

Hi

I think you missed Please do NOT run 'FIXES' (ComboFix etc) without being asked (http://forums.spybot.info/showthread.php?t=16806) (ran ComboFix though it shouldn't be used without supervision) sticky. Post contents of c:\ComboFix.txt file.

ComboFix 12-05-09.01 - kpn 05/09/2012 20:15:28.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.1302 [GMT -7:00]
Running from: c:\users\kpn\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\kpn\AppData\Local\TempDIR
c:\users\kpn\AppData\Roaming\Adobe\plugs
c:\users\kpn\AppData\Roaming\Adobe\shed
c:\users\Mini\AppData\Local\TempDIR
c:\windows\SysWow64\Temp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-10 03:24 . 2012-05-10 03:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-10 03:24 . 2012-05-10 03:24 -------- d-----w- c:\users\Mini\AppData\Local\temp
2012-05-10 03:24 . 2012-05-10 03:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-10 03:24 . 2012-05-10 03:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-09 20:00 . 2012-05-09 20:00 -------- d-----w- c:\program files (x86)\ESET
2012-05-09 19:32 . 2012-05-09 19:47 -------- d-----w- c:\users\kpn\AppData\Local\NPE
2012-05-09 16:41 . 2012-05-09 16:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-08 06:59 . 2012-05-08 06:59 -------- d-----w- c:\users\kpn\AppData\Roaming\Nullsoft
2012-05-08 01:42 . 2012-05-08 01:47 -------- d-----w- c:\program files (x86)\ERUNT
2012-05-08 00:56 . 2012-05-08 00:57 -------- d-----w- c:\program files\HitmanPro
2012-05-08 00:56 . 2012-05-08 00:57 -------- d-----w- c:\programdata\HitmanPro
2012-05-07 21:46 . 2012-05-07 22:08 -------- d-----w- c:\program files (x86)\PC Tools
2012-05-07 21:43 . 2012-03-20 20:50 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-05-07 21:43 . 2012-05-08 00:17 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-05-07 21:43 . 2012-05-07 22:25 -------- d-----w- c:\programdata\PC Tools
2012-05-07 21:43 . 2012-05-07 21:43 -------- d-----w- c:\users\kpn\AppData\Roaming\TestApp
2012-05-07 18:30 . 2012-05-07 18:30 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2012-05-07 18:30 . 2012-05-07 18:30 -------- d-----w- c:\program files (x86)\Application Updater
2012-05-07 18:30 . 2012-05-07 18:30 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-05-07 08:56 . 2012-05-07 08:56 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-07 08:56 . 2012-05-07 08:56 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-05-07 08:56 . 2012-05-07 08:56 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-07 08:56 . 2012-05-07 08:56 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-07 08:56 . 2012-05-07 08:56 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-07 08:56 . 2012-05-07 08:56 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-07 08:56 . 2012-05-07 08:56 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-05-01 00:40 . 2012-05-01 01:43 -------- d-----w- c:\users\kpn\AppData\Local\DuplicateCleaner
2012-04-30 22:39 . 2008-08-31 20:27 28672 ----a-w- c:\windows\SysWow64\mousewheel.ocx
2012-04-30 22:39 . 2007-09-01 01:36 36864 ----a-w- c:\windows\SysWow64\trayicon_handler.ocx
2012-04-30 22:39 . 2004-03-09 07:00 662288 ----a-w- c:\windows\SysWow64\mscomct2.ocx
2012-04-30 22:39 . 2004-03-09 07:00 609824 ----a-w- c:\windows\SysWow64\comctl32.ocx
2012-04-30 22:39 . 2003-01-26 20:41 40960 ----a-w- c:\windows\SysWow64\ssubtmr6.dll
2012-04-30 22:39 . 1998-06-24 07:00 164144 ----a-w- c:\windows\SysWow64\comct232.ocx
2012-04-30 22:39 . 2012-04-30 22:39 -------- d-----w- c:\program files (x86)\DVD Flick
2012-04-30 22:39 . 2004-03-09 07:00 212240 ----a-w- c:\windows\SysWow64\richtx32.ocx
2012-04-27 04:16 . 2012-04-27 04:16 -------- d-----w- c:\program files (x86)\Audiograbber
2012-04-27 04:01 . 2012-04-27 04:01 -------- d-----w- c:\program files (x86)\Smart Projects
2012-04-27 03:51 . 2012-04-27 03:55 -------- d-----w- c:\program files (x86)\DVD43 Plug-in
2012-04-27 03:51 . 2010-05-25 22:26 611840 ----a-w- c:\windows\SysWow64\DVD43.dll
2012-04-25 04:03 . 2012-04-25 04:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-23 09:06 . 2012-04-23 09:06 -------- d-----w- c:\users\kpn\AppData\Local\DDMSettings
2012-04-23 06:49 . 2012-04-23 06:49 -------- d-----w- c:\users\kpn\AppData\Roaming\DonationCoder
2012-04-23 06:48 . 2012-04-23 06:48 -------- d-----w- c:\program files (x86)\WinPcap
2012-04-23 06:48 . 2012-04-23 06:48 -------- d-----w- c:\programdata\DonationCoder
2012-04-23 06:48 . 2012-04-23 06:49 -------- d-----w- c:\program files (x86)\URLSnooper2
2012-04-23 01:38 . 2012-05-09 21:26 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-04-23 01:38 . 2010-01-11 01:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-04-22 03:36 . 2012-04-22 03:36 -------- d-----w- c:\program files (x86)\ARO 2012
2012-04-22 03:35 . 2012-04-22 03:35 -------- d-----w- c:\users\kpn\AppData\Roaming\ProgSense
2012-04-22 03:34 . 2012-05-09 19:32 -------- d-----w- C:\downloads
2012-04-22 03:34 . 2012-04-22 03:34 -------- d-----w- c:\users\kpn\AppData\Roaming\GrabPro
2012-04-22 03:34 . 2012-05-10 02:39 -------- d-----w- c:\users\kpn\AppData\Roaming\Orbit
2012-04-22 03:34 . 2012-04-22 03:34 -------- d-----w- c:\users\kpn\AppData\Roaming\OpenCandy
2012-04-22 03:34 . 2012-04-22 03:34 -------- d-----w- c:\program files (x86)\Orbitdownloader
2012-04-20 22:41 . 2012-04-20 22:42 -------- d-----w- c:\program files (x86)\FotoSketcher
2012-04-20 05:53 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-20 05:53 . 2008-04-17 19:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-04-20 05:53 . 2008-04-17 19:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-04-20 05:52 . 2012-04-20 05:52 -------- d-----w- c:\program files\iPod
2012-04-20 05:52 . 2012-04-20 05:53 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-20 05:52 . 2012-04-20 05:53 -------- d-----w- c:\program files (x86)\iTunes
2012-04-20 05:52 . 2012-04-20 05:53 -------- d-----w- c:\program files\iTunes
2012-04-20 05:49 . 2012-04-20 05:49 -------- d-----w- c:\program files\Common Files\Apple
2012-04-20 05:49 . 2012-04-20 05:49 -------- d-----w- c:\program files\Bonjour
2012-04-20 05:49 . 2012-04-20 05:49 -------- d-----w- c:\program files (x86)\Bonjour
2012-04-13 16:10 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 16:10 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-13 16:10 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-13 16:05 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 16:05 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 16:05 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 16:05 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 16:05 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 16:05 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 16:05 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 17:11 . 2012-04-08 01:05 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-01 17:11 . 2011-05-16 18:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 22:56 . 2011-06-29 20:11 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 14:10 . 2012-03-02 14:11 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-03-02 14:10 . 2012-03-02 14:11 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-03-02 14:10 . 2012-03-02 14:11 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-03-02 14:10 . 2012-03-02 14:11 421376 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2012-03-02 14:10 . 2012-03-02 14:11 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-03-02 14:10 . 2012-03-02 14:11 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-03-02 14:10 . 2012-03-02 14:11 221312 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-03-02 14:10 . 2012-03-02 14:11 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-03-02 14:10 . 2012-03-02 14:11 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-03-02 14:10 . 2012-03-02 14:11 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-03-02 14:10 . 2012-03-02 14:11 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-03-02 14:10 . 2012-03-02 14:11 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-03-02 14:10 . 2012-03-02 14:11 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-03-02 14:10 . 2008-03-27 22:51 1490656 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2012-02-17 06:38 . 2012-03-16 02:52 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-16 02:52 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-16 02:52 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-16 02:52 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-16 03:08 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-16 03:08 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-17 03:49 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-17 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-13 1242448]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-29 39408]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
"googletalk"="c:\users\kpn\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"adm_tray.exe"="c:\program files (x86)\Acronis\DriveMonitor\adm_tray.exe" [2010-08-26 531664]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-17 982880]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-05 928096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\kpn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
PMB Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2011-1-4 333088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 135664]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2010-07-13 177664]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2010-07-13 177664]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
R3 ALSysIO;ALSysIO;c:\users\kpn\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-12 340240]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-12-20 16392]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 370008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 ssoftnt4;ssoftnt4;c:\windows\system32\Drivers\ssoftnt4.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-04-24 785304]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-12-20 119632]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-05-05 1604200]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-17 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-12-20 20552]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [x]
S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 17:11]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 03:05]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 03:05]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-703103886-71020440-1456911322-1001Core.job
- c:\users\kpn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 17:55]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-703103886-71020440-1456911322-1001UA.job
- c:\users\kpn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 17:55]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-05 17412200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-01-27 1445888]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-08-14 462400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-12 1931536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com/?o=14597&l=dis
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{26A4DF69-F04F-42A7-BBD9-3A4DBE1B1780}: NameServer = 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\kpn\AppData\Roaming\Mozilla\Firefox\Profiles\7miejhmd.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0128156d-c895-47fe-967c-36727009b0b3%7D&mid=780c9225fd3742409beb0c50ee940207-969f2c32528dfb9c262d3100a75dbdb79ddf8785&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-28%2010%3A07%3A30&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-KiesTrayAgent - (no file)
Wow6432Node-HKCU-Run-AROReminder - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
SafeBoot-50486150.sys
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{29BAD36F-F421-40F8-A128-E03382E59C70} - c:\users\kpn\AppData\Local\{5553977E-AF8B-4870-AEB6-53B6C1BC822D}\Sins_of_a_Solar_Empire_setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-703103886-71020440-1456911322-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-703103886-71020440-1456911322-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-703103886-71020440-1456911322-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:1f,7e,78,c1,9e,89,ce,59,03,12,d3,30,23,34,cd,6c,84,3c,e8,63,c4,4c,3e,
10,44,27,67,62,8d,9a,cd,ff,ce,28,36,ad,8e,91,1f,54,f3,25,1f,f9,77,52,58,ba,\
"??"=hex:4e,5b,94,3c,fd,7c,e9,4e,cd,39,69,eb,e3,76,76,ba
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\windows\SysWOW64\cryptainersrv.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-05-09 20:37:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 03:37
.
Pre-Run: 98,672,111,616 bytes free
Post-Run: 98,544,791,552 bytes free
.
- - End Of File - - 7B9AA92BFAE7667CA6058E511C59101F

Hi,

Since you had run tools after topic starter it's possible remaining symptoms are not the same. So, what are current problems with the system?

Hi there,

The symptoms are the same as before. search results from search engines keep redirecting to bogus links like fabusearch.com, shoppingcove.com, etc.

Thanks a lot for your help.

Hi,

Does IE have this redirect issue too or just Firefox and Chrome?

Hi there,

After testing IE quite a bit, it seems to be safe from the issues. Only Chrome and Firefox are the ones with the problem.

Thanks again for ur time and hard work.

Hi,


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

OTL logfile created on: 5/16/2012 10:21:02 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\kpn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 63.88% Memory free
7.60 Gb Paging File | 5.44 Gb Available in Paging File | 71.57% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 225.49 Gb Total Space | 89.19 Gb Free Space | 39.55% Space Free | Partition Type: NTFS
Drive K: | 228.17 Gb Total Space | 61.13 Gb Free Space | 26.79% Space Free | Partition Type: NTFS

Computer Name: KPN_TOSHIBA_II | User Name: kpn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\kpn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe (Acronis)
PRC - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\SysWOW64\cryptainersrv.exe (Cypherix Software (India) Pvt. Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll ()
MOD - C:\Program Files (x86)\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (dgdersvc) -- C:\Windows\SysNative\dgdersvc.exe (Devguru Co., Ltd.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (SwOffWeb) -- C:\Program Files\Airytec\Switch Off\swoff.exe (Airytec)
SRV:64bit: - (SwOffScheduler) -- C:\Program Files\Airytec\Switch Off\swoff.exe (Airytec)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ssoftservice) -- C:\Windows\SysWOW64\cryptainersrv.exe (Cypherix Software (India) Pvt. Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (stdriver) -- C:\Windows\SysNative\drivers\stdriver64.sys (NCH Software)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (WsAudioDevice_383S(1)) WsAudioDevice_383S(1) -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys (Wondershare)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\drivers\tmwfp.sys (Trend Micro Inc.)
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\drivers\tmlwf.sys (Trend Micro Inc.)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (ssoftnt4) -- C:\Windows\SysNative\drivers\ssoftnt4.sys (Cypherix Software (India) Pvt. Ltd.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (bpmp) -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation)
DRV:64bit: - (bpusb) -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (UnlockerDriver5) -- C:\downloads\unlocker1.9.0-portable\x86\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2AAFB7CD-4E27-4DE8-BD59-530CBF9065EA}
IE:64bit: - HKLM\..\SearchScopes\{2AAFB7CD-4E27-4DE8-BD59-530CBF9065EA}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {AE23EA7C-E6D4-4D7D-9FC4-AEC22ADD2800}
IE - HKLM\..\SearchScopes\{AE23EA7C-E6D4-4D7D-9FC4-AEC22ADD2800}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 97 5A 65 01 B8 A7 B5 41 87 7C 5B E4 4B 7B EC EF [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F5755FCC-CFB7-45F4-8C68-8395DB19E365}&mid=780c9225fd3742409beb0c50ee940207-969f2c32528dfb9c262d3100a75dbdb79ddf8785&lang=en&ds=AVG&pr=fr&d=2011-10-28 10:07:30&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AE23EA7C-E6D4-4D7D-9FC4-AEC22ADD2800}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS396
IE - HKCU\..\SearchScopes\{D5787A73-9389-44FD-BB5E-82006236A865}: "URL" = http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\kpn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\kpn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\kpn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/04 21:58:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/16 20:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/23 02:05:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/07 01:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/16 18:17:42 | 000,000,000 | ---D | M]

[2010/09/08 21:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kpn\AppData\Roaming\Mozilla\Extensions
[2012/05/10 17:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kpn\AppData\Roaming\Mozilla\Firefox\Profiles\7miejhmd.default\extensions
[2012/01/30 08:57:51 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\kpn\AppData\Roaming\Mozilla\Firefox\Profiles\7miejhmd.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/07/11 01:44:58 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\kpn\AppData\Roaming\Mozilla\Firefox\Profiles\7miejhmd.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011/03/22 11:30:42 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\kpn\AppData\Roaming\Mozilla\Firefox\Profiles\7miejhmd.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/09/09 21:32:18 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\kpn\AppData\Roaming\Mozilla\Firefox\Profiles\7miejhmd.default\extensions\DefaultManager@Microsoft
[2012/04/25 13:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kpn\AppData\Roaming\Mozilla\Firefox\Profiles\7miejhmd.default\extensions\firefoxbingsearch.full@microsoft.com
[2011/03/22 11:30:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kpn\AppData\Roaming\Mozilla\Firefox\Profiles\7miejhmd.default\extensions\nostmp
[2012/04/25 13:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/10 14:17:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\searchsettings@spigot.com
[2010/11/10 14:17:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\youtubedownloader@mybrowserbar.com
[2012/04/25 13:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/04/25 13:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\firefoxbingsearch.full@microsoft.com
[2012/05/07 01:56:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/07/12 09:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/03/16 20:49:37 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/05/07 01:56:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/07 01:56:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\kpn\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\kpn\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\kpn\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\kpn\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\kpn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\kpn\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2012/05/09 20:31:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [googletalk] C:\Users\kpn\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\kpn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\kpn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
>

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26A4DF69-F04F-42A7-BBD9-3A4DBE1B1780}: NameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx - No CLSID value found
O18:64bit: - Protocol\Handler\tmtb - No CLSID value found
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\tmbp - No CLSID value found
O18 - Protocol\Handler\tmpx - No CLSID value found
O18 - Protocol\Handler\tmtb - No CLSID value found
O18 - Protocol\Handler\tmtbim - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 01:38:49 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\kpn\Desktop\OTL.exe
[2012/05/14 11:07:38 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\kpn\Desktop\aswMBR.exe
[2012/05/12 12:03:42 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/05/12 12:03:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/05/12 12:03:40 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/05/12 12:03:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/05/12 12:03:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/05/12 12:03:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/05/12 12:03:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/05/12 12:03:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/05/12 12:03:38 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/05/12 12:03:38 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/05/12 12:03:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/05/12 12:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/12 12:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/12 12:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/10 21:57:21 | 000,000,000 | ---D | C] -- C:\Users\kpn\Desktop\BleepComp_Post
[2012/05/10 17:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012/05/10 17:22:58 | 004,519,768 | ---- | C] (www.orbitdownloader.com ) -- C:\Users\kpn\Desktop\OrbitDownloaderSetup.exe
[2012/05/10 16:00:23 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/10 11:41:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2012/05/10 11:41:38 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2012/05/10 11:41:38 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2012/05/10 11:41:37 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2012/05/10 11:41:37 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2012/05/10 11:41:36 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieakeng.dll
[2012/05/10 11:41:36 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2012/05/10 11:41:36 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2012/05/10 11:41:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2012/05/10 11:41:34 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2012/05/10 11:41:34 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2012/05/10 11:41:33 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2012/05/10 11:41:33 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2012/05/10 11:41:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2012/05/10 11:41:32 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ie4uinit.exe
[2012/05/10 11:41:32 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2012/05/10 11:41:31 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2012/05/10 11:41:31 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2012/05/10 11:41:30 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2012/05/10 11:41:30 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2012/05/10 11:41:29 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2012/05/10 11:41:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2012/05/10 11:41:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/05/10 11:41:26 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieaksie.dll
[2012/05/10 11:41:26 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2012/05/10 11:41:26 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admparse.dll
[2012/05/10 11:41:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieakui.dll
[2012/05/10 11:41:24 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2012/05/10 11:41:24 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2012/05/10 11:41:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2012/05/10 11:41:21 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll
[2012/05/10 11:41:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/05/10 11:41:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll
[2012/05/10 11:41:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2012/05/10 11:41:21 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll
[2012/05/10 11:41:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2012/05/10 11:41:21 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2012/05/10 11:41:20 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2012/05/10 11:41:20 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2012/05/10 11:41:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2012/05/10 11:41:18 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll
[2012/05/10 11:41:18 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2012/05/10 11:41:18 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2012/05/10 11:41:17 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2012/05/10 11:41:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2012/05/10 11:41:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2012/05/10 11:41:16 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2012/05/10 11:41:16 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2012/05/10 11:41:16 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2012/05/10 11:41:15 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2012/05/10 11:41:15 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2012/05/10 11:41:15 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2012/05/10 11:41:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2012/05/10 11:41:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2012/05/10 11:41:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2012/05/10 11:41:12 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2012/05/10 11:41:11 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2012/05/10 11:41:11 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2012/05/10 11:41:11 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2012/05/10 11:41:10 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/05/10 11:41:10 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/05/09 21:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/05/09 20:46:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/09 20:37:59 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/05/09 20:13:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/09 19:46:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/05/09 19:46:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/05/09 19:46:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/05/09 19:46:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/09 13:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/05/09 12:32:54 | 000,000,000 | ---D | C] -- C:\Users\kpn\AppData\Local\NPE
[2012/05/09 09:41:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/09 09:39:38 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\kpn\Desktop\tdsskiller.exe
[2012/05/09 09:19:17 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\kpn\Desktop\FixTDSS.exe
[2012/05/08 22:15:08 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/05/08 22:15:04 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/05/08 22:15:03 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/05/08 22:15:01 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/05/07 23:59:44 | 000,000,000 | ---D | C] -- C:\Users\kpn\AppData\Roaming\Nullsoft
[2012/05/07 23:18:41 | 000,000,000 | ---D | C] -- C:\Users\kpn\Desktop\tdsskiller
[2012/05/07 18:47:47 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/05/07 18:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/05/07 18:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/05/07 17:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/05/07 17:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/05/07 14:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/05/07 14:43:58 | 000,251,528 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTSD64.sys
[2012/05/07 14:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/05/07 14:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/05/07 14:43:29 | 000,000,000 | ---D | C] -- C:\Users\kpn\AppData\Roaming\TestApp
[2012/05/07 11:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar
[2012/05/07 11:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012/05/07 11:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012/05/01 10:14:10 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\kpn\Desktop\ccsetup318.exe
[2012/04/30 17:40:22 | 000,000,000 | ---D | C] -- C:\Users\kpn\AppData\Local\DuplicateCleaner
[2012/04/30 15:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
[2012/04/30 15:39:29 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mscomct2.ocx
[2012/04/30 15:39:29 | 000,609,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\comctl32.ocx
[2012/04/30 15:39:29 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\comct232.ocx
[2012/04/30 15:39:29 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\windows\SysWow64\ssubtmr6.dll
[2012/04/30 15:39:29 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\windows\SysWow64\trayicon_handler.ocx
[2012/04/30 15:39:29 | 000,028,672 | ---- | C] (-) -- C:\windows\SysWow64\mousewheel.ocx
[2012/04/30 15:39:28 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\richtx32.ocx
[2012/04/30 15:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Flick
[2012/04/27 08:38:10 | 000,000,000 | ---D | C] -- C:\Users\kpn\AppData\Local\{7D45108C-9B76-4A0B-80EF-5C964723E039}
[2012/04/27 08:37:51 | 000,000,000 | ---D | C] -- C:\Users\kpn\AppData\Local\{5E343AB7-0367-4381-982B-2999EE6895BF}
[2012/04/26 21:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
[2012/04/26 21:16:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audiograbber
[2012/04/26 21:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2012/04/26 21:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[2012/04/26 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD43 Plug-in
[2012/04/24 21:35:54 | 002,405,568 | ---- | C] (Trend Micro Inc.) -- C:\Users\kpn\Desktop\HousecallLauncher64.exe
[2012/04/24 21:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/24 21:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/24 19:58:07 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\kpn\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/23 02:06:36 | 000,000,000 | ---D | C] -- C:\Users\kpn\AppData\Local\DDMSettings
[2012/04/22 23:49:12 | 000,000,000 | ---D | C] -- C:\Users\kpn\Documents\DonationCoder
[2012/04/22 23:49:12 | 000,000,000 | ---D | C] -- C:\Users\kpn\AppData\Roaming\DonationCoder
[2012/04/22 23:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/04/22 23:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/04/22 23:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URLSnooper2
[2012/04/22 23:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\DonationCoder
[2012/04/22 23:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\URLSnooper2
[2012/04/22 18:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/04/22 18:38:09 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSSTDFMT.DLL
[2012/04/22 18:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/04/21 20:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARO 2012
[2012/04/21 20:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ARO 2012
[2012/04/21 20:35:42 | 000,000,000 | ---D | C] -- C:\Users\kpn\AppData\Roaming\ProgSense
[2012/04/21 20:34:49 | 000,000,000 | ---D | C] -- C:\Users\kpn\AppData\Roaming\GrabPro
[2012/04/21 20:34:49 | 000,000,000 | ---D | C] -- C:\downloads
[2012/04/21 20:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orbitdownloader
[2012/04/21 20:34:41 | 000,000,000 | ---D | C] -- C:\Users\kpn\AppData\Roaming\Orbit
[2012/04/21 20:34:41 | 000,000,000 | ---D | C] -- C:\Users\kpn\AppData\Roaming\OpenCandy
[2012/04/20 15:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FotoSketcher
[2012/04/20 15:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FotoSketcher
[2012/04/19 22:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/19 22:53:09 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\GEARAspi64.dll
[2012/04/19 22:53:09 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysWow64\GEARAspi.dll
[2012/04/19 22:53:09 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2012/04/19 22:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/19 22:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/04/19 22:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/04/19 22:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/19 22:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/04/19 22:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/04/19 22:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/04/16 11:16:51 | 000,000,000 | ---D | C] -- C:\Users\kpn\AppData\Local\{33BC3F30-A221-4416-B869-77410CCF67A7}
[6 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/16 10:13:01 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/16 10:04:01 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-703103886-71020440-1456911322-1001UA.job
[2012/05/16 10:04:00 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-703103886-71020440-1456911322-1001Core.job
[2012/05/16 10:00:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/05/16 09:50:23 | 098,325,467 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/05/16 09:44:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/16 01:38:49 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\kpn\Desktop\OTL.exe
[2012/05/16 00:13:01 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/15 23:56:35 | 000,888,142 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/05/15 23:56:35 | 000,738,080 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/05/15 23:56:35 | 000,150,406 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/05/15 21:08:08 | 000,002,401 | ---- | M] () -- C:\Users\kpn\Desktop\Google Chrome.lnk
[2012/05/15 21:00:58 | 000,452,028 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/15 16:27:44 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/15 16:27:44 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/15 16:18:05 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 20:21:54 | 000,039,883 | ---- | M] () -- C:\Users\kpn\Desktop\292274_10150795566827424_29158237423_9848374_2075640706_n.jpg
[2012/05/14 15:18:09 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012/05/14 12:00:39 | 000,004,213 | ---- | M] () -- C:\Users\kpn\Desktop\Attach.zip
[2012/05/14 11:46:25 | 000,000,512 | ---- | M] () -- C:\Users\kpn\Desktop\MBR.dat
[2012/05/14 11:08:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\kpn\Desktop\aswMBR.exe
[2012/05/10 17:27:20 | 000,001,058 | ---- | M] () -- C:\Users\kpn\Desktop\Orbit.lnk
[2012/05/10 17:23:19 | 004,519,768 | ---- | M] (www.orbitdownloader.com ) -- C:\Users\kpn\Desktop\OrbitDownloaderSetup.exe
[2012/05/10 16:00:30 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/05/10 16:00:30 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/10 16:00:23 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/10 14:12:53 | 000,001,444 | ---- | M] () -- C:\Users\kpn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/10 14:04:45 | 000,443,224 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/05/10 11:41:41 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2012/05/10 11:41:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2012/05/10 11:41:38 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2012/05/10 11:41:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2012/05/10 11:41:37 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2012/05/10 11:41:36 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieakeng.dll
[2012/05/10 11:41:36 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2012/05/10 11:41:36 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2012/05/10 11:41:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2012/05/10 11:41:34 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2012/05/10 11:41:34 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2012/05/10 11:41:33 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2012/05/10 11:41:33 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2012/05/10 11:41:32 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2012/05/10 11:41:32 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ie4uinit.exe
[2012/05/10 11:41:32 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2012/05/10 11:41:32 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2012/05/10 11:41:31 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2012/05/10 11:41:31 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2012/05/10 11:41:30 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2012/05/10 11:41:30 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2012/05/10 11:41:29 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2012/05/10 11:41:28 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2012/05/10 11:41:27 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/05/10 11:41:26 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieaksie.dll
[2012/05/10 11:41:26 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2012/05/10 11:41:26 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\admparse.dll
[2012/05/10 11:41:25 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieakui.dll
[2012/05/10 11:41:24 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2012/05/10 11:41:24 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2012/05/10 11:41:22 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2012/05/10 11:41:21 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll
[2012/05/10 11:41:21 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/05/10 11:41:21 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll
[2012/05/10 11:41:21 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2012/05/10 11:41:21 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll
[2012/05/10 11:41:21 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2012/05/10 11:41:21 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2012/05/10 11:41:20 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2012/05/10 11:41:20 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2012/05/10 11:41:19 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2012/05/10 11:41:19 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2012/05/10 11:41:18 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll
[2012/05/10 11:41:18 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2012/05/10 11:41:17 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2012/05/10 11:41:17 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2012/05/10 11:41:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2012/05/10 11:41:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2012/05/10 11:41:16 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2012/05/10 11:41:16 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2012/05/10 11:41:16 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2012/05/10 11:41:15 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2012/05/10 11:41:15 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2012/05/10 11:41:14 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2012/05/10 11:41:14 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2012/05/10 11:41:14 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2012/05/10 11:41:14 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2012/05/10 11:41:12 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2012/05/10 11:41:11 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2012/05/10 11:41:11 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2012/05/10 11:41:11 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2012/05/10 11:41:10 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/05/10 11:41:10 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/05/09 20:31:08 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/05/09 20:10:53 | 000,000,844 | ---- | M] () -- C:\Users\kpn\Desktop\Video_Lects - Shortcut.lnk
[2012/05/09 09:40:03 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\kpn\Desktop\tdsskiller.exe
[2012/05/09 09:19:18 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\kpn\Desktop\FixTDSS.exe
[2012/05/07 23:59:55 | 000,001,113 | ---- | M] () -- C:\Users\kpn\Desktop\Continue Windows Essentials Codec Pack Installation.lnk
[2012/05/07 23:16:04 | 002,055,783 | ---- | M] () -- C:\Users\kpn\Desktop\tdsskiller.zip
[2012/05/07 22:43:30 | 000,145,229 | ---- | M] () -- C:\Users\kpn\AppData\Local\ars.cache
[2012/05/07 18:47:38 | 000,001,111 | ---- | M] () -- C:\Users\kpn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/07 18:47:36 | 000,000,931 | ---- | M] () -- C:\Users\kpn\Desktop\NTREGOPT.lnk
[2012/05/07 18:47:36 | 000,000,912 | ---- | M] () -- C:\Users\kpn\Desktop\ERUNT.lnk
[2012/05/07 14:45:56 | 002,107,470 | ---- | M] () -- C:\windows\SysNative\drivers\Cat.DB
[2012/05/04 14:13:08 | 000,025,600 | ---- | M] () -- C:\Users\kpn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/01 10:14:44 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/01 10:14:11 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Users\kpn\Desktop\ccsetup318.exe
[2012/04/30 17:40:11 | 000,001,117 | ---- | M] () -- C:\Users\kpn\Desktop\Duplicate Cleaner.lnk
[2012/04/30 17:39:44 | 000,906,894 | ---- | M] () -- C:\Users\kpn\Desktop\DuplicateCleaner_setup.exe
[2012/04/30 15:39:34 | 000,001,921 | ---- | M] () -- C:\Users\kpn\Desktop\DVD Flick.lnk
[2012/04/29 00:29:09 | 000,000,359 | ---- | M] () -- C:\Users\kpn\Desktop\Recycle Bin - Shortcut.lnk
[2012/04/28 11:37:52 | 000,257,345 | ---- | M] () -- C:\Users\kpn\Desktop\Raza_Access_Numbers.jpg
[2012/04/26 21:16:41 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2012/04/26 21:01:16 | 000,001,199 | ---- | M] () -- C:\Users\kpn\Desktop\IsoBuster.lnk
[2012/04/25 13:41:15 | 000,002,055 | ---- | M] () -- C:\Users\kpn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/25 13:40:57 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/25 02:31:09 | 007,443,121 | ---- | M] () -- C:\Users\kpn\AppData\Local\census.cache
[2012/04/24 21:36:33 | 000,000,036 | ---- | M] () -- C:\Users\kpn\AppData\Local\housecall.guid.cache
[2012/04/24 21:35:56 | 002,405,568 | ---- | M] (Trend Micro Inc.) -- C:\Users\kpn\Desktop\HousecallLauncher64.exe
[2012/04/24 19:58:29 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/24 19:58:07 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\kpn\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/23 12:28:33 | 000,000,661 | ---- | M] () -- C:\Users\kpn\Documents\_TV-Release_Net_Young_Justice_S01E21_HDTV_XviD-2HD_avi.mht
[2012/04/22 23:49:12 | 000,000,046 | ---- | M] () -- C:\windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2012/04/22 23:48:21 | 000,001,045 | ---- | M] () -- C:\Users\kpn\Desktop\URLSnooper 2.lnk
[2012/04/22 18:38:10 | 000,001,086 | ---- | M] () -- C:\Users\kpn\Desktop\SpywareBlaster.lnk
[2012/04/21 20:36:45 | 000,001,875 | ---- | M] () -- C:\Users\kpn\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2012/04/21 20:36:45 | 000,001,869 | ---- | M] () -- C:\Users\kpn\Desktop\Check PC For Errors.lnk
[2012/04/20 15:59:35 | 000,000,105 | ---- | M] () -- C:\Users\kpn\AppData\Roaming\FotoSketcher.ini
[2012/04/20 15:42:10 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\FotoSketcher.lnk
[2012/04/19 22:53:16 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/17 10:19:35 | 007,412,966 | ---- | M] () -- C:\Users\kpn\Desktop\IMG_7204.JPG
[2012/04/17 00:15:03 | 000,257,273 | ---- | M] () -- C:\Users\kpn\Desktop\g1.jpg
[2012/04/16 18:17:47 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[6 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/14 20:21:59 | 000,039,883 | ---- | C] () -- C:\Users\kpn\Desktop\292274_10150795566827424_29158237423_9848374_2075640706_n.jpg
[2012/05/14 11:46:25 | 000,000,512 | ---- | C] () -- C:\Users\kpn\Desktop\MBR.dat
[2012/05/10 14:12:53 | 000,001,416 | ---- | C] () -- C:\Users\kpn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/05/10 11:41:32 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2012/05/10 11:41:14 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2012/05/09 19:46:52 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/05/09 19:46:52 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/05/09 19:46:52 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/05/09 19:46:52 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/05/09 19:46:52 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/05/07 23:59:55 | 000,001,113 | ---- | C] () -- C:\Users\kpn\Desktop\Continue Windows Essentials Codec Pack Installation.lnk
[2012/05/07 23:35:20 | 000,004,213 | ---- | C] () -- C:\Users\kpn\Desktop\Attach.zip
[2012/05/07 18:47:36 | 000,000,931 | ---- | C] () -- C:\Users\kpn\Desktop\NTREGOPT.lnk
[2012/05/07 18:42:49 | 000,001,111 | ---- | C] () -- C:\Users\kpn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/07 18:42:45 | 000,000,912 | ---- | C] () -- C:\Users\kpn\Desktop\ERUNT.lnk
[2012/05/07 14:44:09 | 002,107,470 | ---- | C] () -- C:\windows\SysNative\drivers\Cat.DB
[2012/04/30 17:39:44 | 000,906,894 | ---- | C] () -- C:\Users\kpn\Desktop\DuplicateCleaner_setup.exe
[2012/04/30 15:39:34 | 000,001,921 | ---- | C] () -- C:\Users\kpn\Desktop\DVD Flick.lnk
[2012/04/29 00:29:09 | 000,000,359 | ---- | C] () -- C:\Users\kpn\Desktop\Recycle Bin - Shortcut.lnk
[2012/04/28 11:37:51 | 000,257,345 | ---- | C] () -- C:\Users\kpn\Desktop\Raza_Access_Numbers.jpg
[2012/04/26 21:16:41 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2012/04/26 21:01:16 | 000,001,199 | ---- | C] () -- C:\Users\kpn\Desktop\IsoBuster.lnk
[2012/04/26 20:51:55 | 000,611,840 | ---- | C] () -- C:\windows\SysWow64\DVD43.dll
[2012/04/25 02:31:09 | 007,443,121 | ---- | C] () -- C:\Users\kpn\AppData\Local\census.cache
[2012/04/25 02:24:32 | 000,145,229 | ---- | C] () -- C:\Users\kpn\AppData\Local\ars.cache
[2012/04/24 21:36:33 | 000,000,036 | ---- | C] () -- C:\Users\kpn\AppData\Local\housecall.guid.cache
[2012/04/23 12:28:33 | 000,000,661 | ---- | C] () -- C:\Users\kpn\Documents\_TV-Release_Net_Young_Justice_S01E21_HDTV_XviD-2HD_avi.mht
[2012/04/22 23:49:12 | 000,000,046 | ---- | C] () -- C:\windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2012/04/22 23:48:21 | 000,001,045 | ---- | C] () -- C:\Users\kpn\Desktop\URLSnooper 2.lnk
[2012/04/22 18:38:10 | 000,001,086 | ---- | C] () -- C:\Users\kpn\Desktop\SpywareBlaster.lnk
[2012/04/22 18:32:58 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 20:36:45 | 000,001,875 | ---- | C] () -- C:\Users\kpn\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2012/04/21 20:36:45 | 000,001,869 | ---- | C] () -- C:\Users\kpn\Desktop\Check PC For Errors.lnk
[2012/04/21 20:34:44 | 000,001,058 | ---- | C] () -- C:\Users\kpn\Desktop\Orbit.lnk
[2012/04/20 15:59:35 | 000,000,105 | ---- | C] () -- C:\Users\kpn\AppData\Roaming\FotoSketcher.ini
[2012/04/20 15:42:10 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\FotoSketcher.lnk
[2012/04/19 22:53:16 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/17 10:19:08 | 007,412,966 | ---- | C] () -- C:\Users\kpn\Desktop\IMG_7204.JPG
[2012/04/17 00:15:02 | 000,257,273 | ---- | C] () -- C:\Users\kpn\Desktop\g1.jpg
[2011/06/06 14:39:50 | 000,069,632 | ---- | C] () -- C:\windows\SysWow64\xmltok.dll
[2011/06/06 14:39:50 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\xmlparse.dll
[2011/04/19 10:59:03 | 000,001,123 | ---- | C] () -- C:\Users\kpn\AppData\Local\Images.fl
[2011/04/14 23:53:44 | 000,000,186 | ---- | C] () -- C:\Users\kpn\AppData\Roaming\wklnhst.dat
[2011/01/12 19:47:17 | 000,882,358 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/12/19 23:44:34 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2010/12/19 23:44:34 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2010/12/19 23:44:34 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2010/12/19 23:44:34 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2010/12/19 23:43:30 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2010/09/12 16:02:20 | 000,007,168 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys
[2010/09/10 03:35:42 | 000,025,600 | ---- | C] () -- C:\Users\kpn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/09 16:20:32 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\CmdLineExt03.dll
[2010/09/02 00:53:48 | 000,108,032 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2010/07/29 06:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/07/29 06:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2010/06/23 12:35:52 | 000,790,528 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2010/06/23 12:35:52 | 000,134,144 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll

========== Files - Unicode (All) ==========
[2011/06/02 18:32:24 | 000,000,017 | ---- | M] ()(C:\windows\SysWow64\?ú) -- C:\windows\SysWow64\ú
[2011/06/02 18:32:23 | 000,000,017 | ---- | C] ()(C:\windows\SysWow64\?ú) -- C:\windows\SysWow64\ú

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report

OTL Extras logfile created on: 5/16/2012 10:21:02 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\kpn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 63.88% Memory free
7.60 Gb Paging File | 5.44 Gb Available in Paging File | 71.57% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 225.49 Gb Total Space | 89.19 Gb Free Space | 39.55% Space Free | Partition Type: NTFS
Drive K: | 228.17 Gb Total Space | 61.13 Gb Free Space | 26.79% Space Free | Partition Type: NTFS

Computer Name: KPN_TOSHIBA_II | User Name: kpn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030B6FF8-F37D-4F82-879E-E88FC4616853}" = lport=10255 | protocol=6 | dir=in | name=tmc_plugin_port |
"{08B74247-A80D-4A7B-AF3E-DCF9F25800B2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{108D39A3-8F5B-4058-A18D-B57DF05CC4B5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{17970655-344B-4048-A57B-19ED6365D52B}" = lport=1935 | protocol=6 | dir=in | name=broadcam video streaming server flash video server |
"{295C4B38-1997-4D2C-B87D-B05BDA50487A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4CF79848-8F87-4350-B5A7-9825BF1D6DDD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52008DBB-3884-4C5F-BB15-FC5847C1EBB8}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port |
"{7AA4E030-3383-40E6-881B-D5C8857B5190}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{83C06A92-6EA3-4CE7-BBCC-70A3F001F054}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8B070AD8-E3CF-4F4D-99A1-8EA324FD384A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F313C5E-5DB3-4D54-8757-F632D9F18142}" = lport=86 | protocol=6 | dir=in | name=broadcam video streaming server web server |
"{A644A0D2-F4CD-42DF-918B-6FD726848CD9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B9165D6F-102F-419B-A461-EB3E353F628A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B9B2AFFE-1C25-4675-A133-1BD5883B9965}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB24823B-F81A-44EB-B2BE-9AD9C6BA961E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DCC583E8-53AE-4ECC-8BE7-1AB76FFCA55D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E3BAD5C3-0E0C-4386-830D-2064CC89A7B5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F79323C6-2CC9-4D64-8895-9458C90CE65F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{FE165F35-8A42-4143-A8DB-49983B42B1F4}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A1C6135-7B1A-4A81-A60E-64672A7C8F7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B2E928F-7F25-43B8-8008-C2FC3E24F58D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0E1CB168-D394-4A84-8E6D-24D20BF087A3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1DC52372-2A63-4677-8C1B-177D34974BA1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{22C71476-A870-44A1-9598-2F07FCAC5001}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{255FE6CF-71AE-4AD4-8A48-3B82738A6D39}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{266F7C9E-A7AC-46AE-A277-5E84BAA52D46}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2A7D780E-0537-441E-BC3C-475741B07B79}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{319AAA1A-8D8E-44FC-9A25-45388E14BFAF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{385A0A36-E3D4-4547-B48E-F4AA30634B7F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F5E9883-9F0F-4054-B9BD-0249A3665D33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4074487D-DAB7-4B4C-8F00-90C0D3EB6260}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{41B3BFDB-0344-4F9D-BC88-911FA34E9F79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{44E8FDE4-A4BE-47B4-8D98-752A51E435F2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{45D58A23-DBDF-4B28-9D86-AFBA41AE45DD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{534939B4-4656-4B05-AE75-4A11651D925E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{5539EA80-4B2A-498E-9E3F-D34D59FEF875}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5A2F6F84-6C30-426B-A525-6665F990AE65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{5C0DCA03-553B-40D7-AA36-9EA9BB761BFD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{5FCD984F-7905-4C41-BF60-0AB7BD17708F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{616CE81F-ED12-4E3B-8C0D-DBC471EFC169}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{666AF885-2215-41F2-B5D7-D689B798ADF2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6713CE7B-33E5-4036-BD60-769A09FEBF11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{689A79CB-6F9D-4320-B832-CC7BDEA96483}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6BDBA150-6A46-4227-A566-F1B8052FC0B8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6CE1D8B7-7824-4195-9FB9-88D8E803C176}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{703B4EF9-E8D1-475E-8EB8-A0AC27B99505}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{71D2E15B-BA93-4603-82A1-FD5994A4924E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{741516BF-1A17-49BA-9FA8-78FC11B28D9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7419613D-462D-433B-AD23-44626B41C194}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{763CA454-A546-48D4-AE69-033ED07706FB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7696A75B-FC8F-4D5D-94AD-4C836EF59A1D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{76FEEBD2-89E9-44B6-9392-973BA950AA20}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{7BCA6F1C-F30A-4336-885D-5509D946309D}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{7D9D8BDD-B3DE-461C-AD19-DEC616E01652}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{806508DC-8630-4049-8167-D1E196FC41FC}" = protocol=6 | dir=out | app=system |
"{8333802E-0D62-4935-A118-F4607D3F0227}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{84F16681-4398-4C26-A075-C1122DF57E13}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{89183D8B-D2B8-48B3-AAA2-DA647B531288}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{896B9329-9869-4128-BC0E-F3F786D1E6A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{8FF58026-CA9E-432D-ACFF-9888BFDB0BB2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{900FFA41-B7FB-4F7F-BFB4-23DDFC19C46A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9ED9275E-3884-43D5-BFE4-0F90F9386309}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{A1FAF842-6A9D-422B-82C6-C6736FA9292B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{A31152F0-4C39-4B9B-BE3A-48B0183E1D6A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{A44E5831-40CE-4A4A-98F2-AB8CB8C13CDB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5B78668-AAA5-4361-8909-6E92763B4C03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A5DCEE00-3B38-4B22-BF17-2554E1AB89D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{A8E08DD6-87D2-44A2-A1CC-632D9E0C56BF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{ADF8A6B7-9B52-4538-B259-95C4F46E3ADE}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{AE4F0352-58C1-4236-94AD-823FB17A035D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{AE5CB165-953A-49AE-9B92-6E7BCFBED3AC}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{B31CEB73-8E12-4341-9D09-4172D279BE29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B33ED6CF-B6EF-4CA5-8931-35C7D06E75AA}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{BB78BA93-053E-4B16-B5AE-FCBED75F3B22}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C3345CA3-4BBD-442F-9750-CC6A2679CAFF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{C50E6D88-F836-4D42-927D-46FE88929010}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C7DA807E-6B2B-473A-93D3-4F6FBBE30C62}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{C8A01060-2E56-4DC4-90D7-4CAFB1448D20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D2628334-5C13-4C7C-A95C-0B09244AE9E7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{D28AA409-C076-4278-BE28-AB406788CC07}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4FE4008-DC82-47F4-9723-36895C36AA5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{D60820F7-FB0B-46A3-9076-E6F0D9DDD3B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{D930F61B-FE4B-400F-8D73-CB6336F7A0CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D9948039-9272-4985-ACFB-68E636DA5CF3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E4DD3A31-1BF8-45FF-9B32-5FAFA664FD8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{E99E9EA7-EB9B-42A9-9713-E0D303A5B84A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{E9F2812A-D952-42A1-A645-BE81F0C57401}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F588D1D6-1782-4DA8-83DE-3302B8665959}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{F80C8D14-7299-4862-A537-6D204CA5E1DA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F8AB3684-C96E-419B-B749-7CCD708B75D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{F972F1FF-51BE-4FD3-9AC0-1EC79C358907}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{FA618F0F-2B00-4706-823B-E636FAEEC76F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{FD4A6F32-B6D2-45E0-8609-4DC0482D2A1D}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"TCP Query User{206421A9-CACE-4EE2-9957-0E1DA5FFABC4}C:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe |
"TCP Query User{4C1CAC55-3C16-4C3A-BD6D-D4E909DB230A}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{7183AF0B-DDF5-484A-B23E-947A57D785EF}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{7CA9B977-A9A9-4D17-BD41-7F98A09F35DB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{9DEE31F1-76B5-4CA8-BF59-CA1A20B692F6}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{A3997EF4-C815-4EA4-8837-CC8B63EC60EA}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{DB0D5650-EDC3-4B11-B716-E0DBBBFC6A90}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{EB80E08B-9FE1-4C1E-80DE-451654075C05}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{5C9996F5-8B4F-465B-A6A8-6603EA4F32A7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{5DF57735-B278-4821-893C-38D96D738EB8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{6103A1BF-F291-415D-8BE3-F9CD35839CA8}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{68D47380-5D16-43AA-BD06-1F86BEE9FE0A}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{6BF97C3E-CA2F-4791-BC13-944BB09FAA19}C:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe |
"UDP Query User{9DF406B0-538F-479D-B73E-CBAD782390A6}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{A32B15A7-1AB1-45DF-83BD-0924832153A5}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{F32A4F6D-5DD4-493C-8474-17D8E760CE41}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{23170F69-40C1-2702-0916-000001000000}" = 7-Zip 9.16 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{AB67B5F9-B19A-42F4-A57D-46114D71060E}" = Intel(R) PROSet/Wireless WiFi Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C3AF5BD8-30D5-41F5-AF61-705D98146B0F}" = Microsoft SQL Server 2008 Native Client
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Airytec Switch Off" = Airytec Switch Off
"ARO 2012_is1" = ARO 2012
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38FA7EE0-0222-4F98-9464-A084C15744B0}" = Daily Alarm Clock
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5B161932-9D42-4D5E-858D-29BF4C670944}" = Microsoft SQL Server 2008 Setup Support Files
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{706AE61D-40A4-4F50-8359-FE8F6F7FA461}" = Acronis Drive Monitor
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.3.6
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A4879FAF-1A81-4189-91FB-9D2109EB49B4}" = MovieTracer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B3618069-84A2-4767-9855-463C971C1959}" = ASUS RT-N10 Wireless Router Utilities
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB5F1FBF-57DB-4E22-83B0-FEC53C389762}" = YouTube Downloader Toolbar v5.6
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1" = FotoSketcher 2.30
"{E989D16F-0B39-4E74-8BD5-149BEE1477FE}" = Microsoft SQL Server 2008 RsFx Driver
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AudibleManager" = AudibleManager
"Audiograbber" = Audiograbber 1.83 SE
"Avi Previewer DEMO_is1" = Avi Previewer 2.31 DEMO
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Debut" = Debut Video Capture Software
"DivX Setup" = DivX Setup
"Duplicate Cleaner" = Duplicate Cleaner 2.1b
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD43 Plug-in_is1" = DVD43 Plug-in v1.0.0.5
"DVDStyler_is1" = DVDStyler v1.8.1
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FormatFactory" = FormatFactory 2.60
"Free Sound Recorder_is1" = Free Sound Recorder v9.2.7
"GOM Player" = GOM Player
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IsoBuster_is1" = IsoBuster 3.0
"Kindle Auto eBook Converter" = Kindle Auto eBook Converter 0.4.50
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Media Cope_is1" = Media Cope 1.0.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Moo0 SystemMonitor" = Moo0 SystemMonitor 1.59
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Notepad++" = Notepad++
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Orbit_is1" = Orbit Downloader
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PhotoPerfect Express_is1" = PhotoPerfect Express 1.00
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 12.0" = RealPlayer
"Reliance Netconnect - Broadband+" = Reliance Netconnect - Broadband+
"Sacred Underworld_is1" = Sacred Underworld
"SoundTap" = SoundTap Streaming Audio Recorder
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.6
"sscrLE_is1" = Cryptainer LE
"Steam App 24980" = Mass Effect 2
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Tata Photon+" = Tata Photon+
"Unlocker" = Unlocker 1.9.0
"URLSnooper 2_is1" = URL Snooper v2.29.01
"VideoPad" = VideoPad Video Editor
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wondershare DVD Slideshow Builder Free_is1" = Wondershare DVD Slideshow Builder Free(Build 6.0.2.27)
"Wondershare Streaming Audio Recorder_is1" = Wondershare Streaming Audio Recorder(Build 1.0.11.3)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/16/2012 5:04:57 AM | Computer Name = kpn_Toshiba_II | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2527

Error - 5/16/2012 5:04:59 AM | Computer Name = kpn_Toshiba_II | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/16/2012 5:04:59 AM | Computer Name = kpn_Toshiba_II | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5039

Error - 5/16/2012 5:04:59 AM | Computer Name = kpn_Toshiba_II | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5039

Error - 5/16/2012 5:05:02 AM | Computer Name = kpn_Toshiba_II | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/16/2012 5:05:02 AM | Computer Name = kpn_Toshiba_II | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7862

Error - 5/16/2012 5:05:02 AM | Computer Name = kpn_Toshiba_II | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7862

Error - 5/16/2012 12:19:36 PM | Computer Name = kpn_Toshiba_II | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/16/2012 12:19:36 PM | Computer Name = kpn_Toshiba_II | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2589

Error - 5/16/2012 12:19:36 PM | Computer Name = kpn_Toshiba_II | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2589

[ Media Center Events ]
Error - 12/20/2011 11:51:53 PM | Computer Name = kpn_Toshiba_II | Source = MCUpdate | ID = 0
Description = 9:21:53 AM - Error connecting to the internet. 9:21:53 AM - Unable
to contact server..

Error - 12/20/2011 11:52:08 PM | Computer Name = kpn_Toshiba_II | Source = MCUpdate | ID = 0
Description = 9:21:59 AM - Error connecting to the internet. 9:21:59 AM - Unable
to contact server..

Error - 12/28/2011 11:06:28 AM | Computer Name = kpn_Toshiba_II | Source = MCUpdate | ID = 0
Description = 8:36:27 PM - Error connecting to the internet. 8:36:28 PM - Unable
to contact server..

Error - 12/28/2011 11:06:47 AM | Computer Name = kpn_Toshiba_II | Source = MCUpdate | ID = 0
Description = 8:36:33 PM - Error connecting to the internet. 8:36:33 PM - Unable
to contact server..

Error - 12/30/2011 10:44:54 PM | Computer Name = kpn_Toshiba_II | Source = MCUpdate | ID = 0
Description = 8:14:54 AM - Error connecting to the internet. 8:14:54 AM - Unable
to contact server..

Error - 12/30/2011 10:45:37 PM | Computer Name = kpn_Toshiba_II | Source = MCUpdate | ID = 0
Description = 8:14:59 AM - Error connecting to the internet. 8:14:59 AM - Unable
to contact server..

Error - 1/2/2012 12:51:22 AM | Computer Name = kpn_Toshiba_II | Source = MCUpdate | ID = 0
Description = 10:21:22 AM - Error connecting to the internet. 10:21:22 AM - Unable
to contact server..

Error - 1/2/2012 12:51:36 AM | Computer Name = kpn_Toshiba_II | Source = MCUpdate | ID = 0
Description = 10:21:28 AM - Error connecting to the internet. 10:21:28 AM - Unable
to contact server..

Error - 1/3/2012 12:54:36 PM | Computer Name = kpn_Toshiba_II | Source = MCUpdate | ID = 0
Description = 10:24:36 PM - Error connecting to the internet. 10:24:36 PM - Unable
to contact server..

Error - 1/3/2012 12:54:55 PM | Computer Name = kpn_Toshiba_II | Source = MCUpdate | ID = 0
Description = 10:24:42 PM - Error connecting to the internet. 10:24:42 PM - Unable
to contact server..

[ System Events ]
Error - 5/9/2012 11:25:10 PM | Computer Name = kpn_Toshiba_II | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/9/2012 11:25:12 PM | Computer Name = kpn_Toshiba_II | Source = DCOM | ID = 10010
Description =

Error - 5/9/2012 11:26:49 PM | Computer Name = kpn_Toshiba_II | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 5/9/2012 11:49:36 PM | Computer Name = kpn_Toshiba_II | Source = DCOM | ID = 10010
Description =

Error - 5/11/2012 2:26:09 PM | Computer Name = kpn_Toshiba_II | Source = Application Popup | ID = 1060
Description = \??\C:\downloads\unlocker1.9.0-portable\x86\UnlockerDriver5.sys has
been blocked from loading due to incompatibility with this system. Please contact
your software vendor for a compatible version of the driver.

Error - 5/11/2012 2:26:09 PM | Computer Name = kpn_Toshiba_II | Source = Application Popup | ID = 1060
Description = \??\C:\downloads\unlocker1.9.0-portable\x86\UnlockerDriver5.sys has
been blocked from loading due to incompatibility with this system. Please contact
your software vendor for a compatible version of the driver.

Error - 5/11/2012 2:29:46 PM | Computer Name = kpn_Toshiba_II | Source = Application Popup | ID = 1060
Description = \??\C:\downloads\unlocker1.9.0-portable\x86\UnlockerDriver5.sys has
been blocked from loading due to incompatibility with this system. Please contact
your software vendor for a compatible version of the driver.

Error - 5/11/2012 2:29:47 PM | Computer Name = kpn_Toshiba_II | Source = Application Popup | ID = 1060
Description = \??\C:\downloads\unlocker1.9.0-portable\x86\UnlockerDriver5.sys has
been blocked from loading due to incompatibility with this system. Please contact
your software vendor for a compatible version of the driver.

Error - 5/15/2012 7:19:29 PM | Computer Name = kpn_Toshiba_II | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
Security Center Service service to connect.

Error - 5/15/2012 7:19:29 PM | Computer Name = kpn_Toshiba_II | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%1053


< End of report >

Hi again,

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer


Open notepad and copy/paste the text in the quotebox below into it:



Folder::
C:\Program Files (x86)\Common Files\Spigot
DirLook::
C:\Program Files (x86)\Application Updater
C:\Users\kpn\AppData\Local\{7D45108C-9B76-4A0B-80EF-5C964723E039}
C:\Users\kpn\AppData\Local\{5E343AB7-0367-4381-982B-2999EE6895BF}
C:\Users\kpn\AppData\Local\{33BC3F30-A221-4416-B869-77410CCF67A7}
Registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SearchSettings"=-



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 7 Update 3 (http://www.oracle.com/technetwork/java/javase/downloads/index.html).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u3-windows-i586.exe to install the newest version.


Run ESET Online scanner that you seem to have installed there.

Post back its report, a fresh otl.txt log and above mentioned ComboFix resultant log.

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.