PDA

View Full Version : Hello I recently had some help in r/o



renparenp
2012-08-12, 23:44
the spybot section and am hoping I have the Babylon and About Blank issues solved however could you take a look at my dds and aswMBR to see if its indeed solved or if there are any other issues? Much Thanks

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Karen at 10:30:11 on 2012-08-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.274 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: {9E41E4C4-8C5C-4758-BBDC-30B04F93A23C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {3BBD3C14-4C16-4989-8366-95BC9179779D} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [POEngine5]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
TCP: Interfaces\{59404E89-05E5-4783-AA01-6FE99D348ACD} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D5E2B96E-7FD7-4362-BD71-0C6D17465BC6} : DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-2 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-9-8 809296]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-20 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-11 20:38:29 -------- d-----w- c:\users\karen\appdata\local\CRE
2012-07-17 21:32:25 -------- d-----w- c:\program files\Oracle
2012-07-17 21:30:41 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
.
==================== Find3M ====================
.
2012-08-05 08:28:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-05 08:28:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 05:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 10:33:06.27 ===============

9791


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-11 21:46:04
-----------------------------
21:46:04.049 OS Version: Windows 6.0.6002 Service Pack 2
21:46:04.049 Number of processors: 2 586 0xF02
21:46:04.049 ComputerName: KAREN-PC UserName: Karen
21:46:10.304 Initialize success
21:48:00.759 AVAST engine defs: 12081101
21:48:04.456 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:48:04.456 Disk 0 Vendor: TOSHIBA_MK1637GSX DL030M Size: 152627MB BusType: 3
21:48:04.488 Disk 0 MBR read successfully
21:48:04.488 Disk 0 MBR scan
21:48:04.628 Disk 0 Windows VISTA default MBR code
21:48:04.644 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:48:04.659 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 140886 MB offset 3074048
21:48:04.706 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10240 MB offset 291608576
21:48:04.737 Disk 0 scanning sectors +312580096
21:48:04.878 Disk 0 scanning C:\Windows\system32\drivers
21:48:31.928 Service scanning
21:49:11.786 Modules scanning
21:49:22.051 Disk 0 trace - called modules:
21:49:22.082 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
21:49:22.082 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bb7ac8]
21:49:22.082 3 CLASSPNP.SYS[8689e8b3] -> nt!IofCallDriver -> [0x843ff918]
21:49:22.082 5 acpi.sys[862426bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x843e1030]
21:49:23.814 AVAST engine scan C:\Windows
21:49:28.072 AVAST engine scan C:\Windows\system32
21:55:32.771 AVAST engine scan C:\Windows\system32\drivers
21:55:53.878 AVAST engine scan C:\Users\Karen
22:00:24.865 Disk 0 MBR has been saved successfully to "C:\Users\Karen\Documents\MBR.dat"
22:00:24.896 The log file has been saved successfully to "C:\Users\Karen\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-12 10:02:47
-----------------------------
10:02:47.927 OS Version: Windows 6.0.6002 Service Pack 2
10:02:47.927 Number of processors: 2 586 0xF02
10:02:47.927 ComputerName: KAREN-PC UserName: Karen
10:03:32.278 Initialize success
10:03:50.561 AVAST engine defs: 12081101
10:03:57.222 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:03:57.238 Disk 0 Vendor: TOSHIBA_MK1637GSX DL030M Size: 152627MB BusType: 3
10:03:57.254 Disk 0 MBR read successfully
10:03:57.269 Disk 0 MBR scan
10:03:57.363 Disk 0 Windows VISTA default MBR code
10:03:57.394 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
10:03:57.410 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 140886 MB offset 3074048
10:03:57.456 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10240 MB offset 291608576
10:03:57.488 Disk 0 scanning sectors +312580096
10:03:57.706 Disk 0 scanning C:\Windows\system32\drivers
10:04:21.278 Service scanning
10:05:07.594 Modules scanning
10:05:19.824 Disk 0 trace - called modules:
10:05:19.871 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
10:05:19.871 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bb6ac8]
10:05:19.887 3 CLASSPNP.SYS[8649a8b3] -> nt!IofCallDriver -> [0x843df550]
10:05:19.887 5 acpi.sys[826496bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x843fa030]
10:05:21.915 AVAST engine scan C:\Windows
10:05:26.330 AVAST engine scan C:\Windows\system32
10:09:30.548 AVAST engine scan C:\Windows\system32\drivers
10:09:54.057 AVAST engine scan C:\Users\Karen
10:29:31.794 Disk 0 MBR has been saved successfully to "C:\Users\Karen\Documents\MBR.dat"
10:29:31.872 The log file has been saved successfully to "C:\Users\Karen\Documents\aswMBR.txt"

its still here(Babylon ). It doesn"t come up with adaware but its still coming up on my toolbar and search. Any help appreciated. Thanks
Karen.

Sorry I meant Spybot.

ken545
2012-08-16, 00:07
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR



Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please







Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is NOT TICKED, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

renparenp
2012-08-16, 23:24
There were no threats found on the malwarebytes when scanned as administrator.
No threats found on the EST scan either.
I am also reposting my Ddds and aswMBR because i have done windows updates and they appear different now.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Karen at 20:12:43 on 2012-08-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.169 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
StartupFolder: c:\users\karen\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\ssv.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
TCP: Interfaces\{59404E89-05E5-4783-AA01-6FE99D348ACD} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D5E2B96E-7FD7-4362-BD71-0C6D17465BC6} : DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-2 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-9-8 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-20 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-15 00:36:32 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 00:20:18 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 16:59:04 -------- d-----w- c:\users\karen\appdata\roaming\AVG
2012-08-14 03:18:50 -------- d-----w- c:\users\karen\appdata\local\Apps
2012-08-14 03:12:14 -------- d-----w- c:\users\karen\appdata\local\MigWiz
2012-08-11 20:38:29 -------- d-----w- c:\users\karen\appdata\local\CRE
2012-07-30 21:52:13 103904 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-07-17 21:32:25 -------- d-----w- c:\program files\Oracle
2012-07-17 21:30:41 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
.
==================== Find3M ====================
.
2012-08-14 21:44:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 21:44:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 05:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-07 03:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 20:16:37.49 ===============


9799

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-14 20:23:26
-----------------------------
20:23:26.292 OS Version: Windows 6.0.6002 Service Pack 2
20:23:26.292 Number of processors: 2 586 0xF02
20:23:26.292 ComputerName: KAREN-PC UserName: Karen
20:23:40.316 Initialize success
20:25:05.859 AVAST engine defs: 12081401
20:25:09.208 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:25:09.208 Disk 0 Vendor: TOSHIBA_MK1637GSX DL030M Size: 152627MB BusType: 3
20:25:09.239 Disk 0 MBR read successfully
20:25:09.239 Disk 0 MBR scan
20:25:09.364 Disk 0 Windows VISTA default MBR code
20:25:09.379 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:25:09.395 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 140886 MB offset 3074048
20:25:09.442 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10240 MB offset 291608576
20:25:09.473 Disk 0 scanning sectors +312580096
20:25:09.691 Disk 0 scanning C:\Windows\system32\drivers
20:25:44.423 Service scanning
20:26:24.162 Modules scanning
20:26:37.423 Disk 0 trace - called modules:
20:26:37.442 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:26:37.444 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bb6ac8]
20:26:37.445 3 CLASSPNP.SYS[868a18b3] -> nt!IofCallDriver -> [0x84400878]
20:26:37.445 5 acpi.sys[862456bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x843fe030]
20:26:39.114 AVAST engine scan C:\Windows
20:26:47.471 AVAST engine scan C:\Windows\system32
20:32:13.022 AVAST engine scan C:\Windows\system32\drivers
20:32:33.257 AVAST engine scan C:\Users\Karen
20:36:29.090 Disk 0 MBR has been saved successfully to "C:\Users\Karen\Desktop\MBR.dat"
20:36:29.121 The log file has been saved successfully to "C:\Users\Karen\Desktop\aswMBR.txt"

There were no threats found with malwarebytes when I ran it as administrator.
No threats found on EST scan.

ken545
2012-08-17, 00:01
Logs look fine,

You can run this quick scanner and post the log and we can use it to clean you up some

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

renparenp
2012-08-17, 01:06
OTL Extras logfile created on: 16/08/2012 2:41:25 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Karen\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 471.40 Mb Available Physical Memory | 46.52% Memory free
2.23 Gb Paging File | 0.91 Gb Available in Paging File | 40.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.58 Gb Total Space | 15.01 Gb Free Space | 10.91% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-960491262-2195050847-907181488-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{105349C1-0DF5-4F23-B8E5-A25BA0C3AD99}" = rport=139 | protocol=6 | dir=out | app=system |
"{23C03F00-485E-4B30-901D-1721449A043D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{270D0449-35AE-468F-95AD-BE39AE069C00}" = lport=138 | protocol=17 | dir=in | app=system |
"{36553287-31AA-46DF-829F-CF9D5B98D1B2}" = rport=445 | protocol=6 | dir=out | app=system |
"{37A20DE8-C155-4175-9297-56621EAB7FE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{473E45D5-85A2-4D56-92D7-2CC6121B432F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{47AFE207-4C35-4B33-9AF5-D1656CD1604B}" = rport=137 | protocol=17 | dir=out | app=system |
"{79FC19AB-9A36-45C3-A0D5-1E0A2A35A856}" = lport=137 | protocol=17 | dir=in | app=system |
"{7CFAD557-2F17-483A-8791-25E41FB6D5E7}" = lport=445 | protocol=6 | dir=in | app=system |
"{7EAD7A08-FC80-4BED-A21B-3D35A6807D23}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A0860CC3-1193-4250-9571-D688C2B5F7E4}" = lport=139 | protocol=6 | dir=in | app=system |
"{ADECA176-471E-4423-B455-62B649DB6078}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B9F8B451-8E1D-4689-92B7-BE1F4F3CBF35}" = rport=138 | protocol=17 | dir=out | app=system |
"{C6A73625-E520-4983-8492-AD3A13B62D84}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D91974C0-EFAE-4826-B6B2-7F5856C50202}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03806A66-7C4D-46E9-BE2D-C005FE4C8AAB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0A69EA76-511A-4494-A3A9-7BE4ECEF8532}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{1344CF4E-4796-49CE-858D-8390F08D637C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{3004DA26-F629-46CA-AA59-2C382F656EAA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{35D371FE-CF52-409E-BC44-32B9A1DE0060}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{3A8E9964-3D4A-4386-B5A3-E9D3BCC57EB3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3CA44EEB-0579-438C-9118-A8F0DC288C55}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{434223CE-4F33-4AD0-86B0-091617D11111}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{5A11302B-FDAF-4076-8BD1-7F1F0A28BC81}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5E5ED51E-DCE3-45BA-A867-49C8BDA90D6B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{64B74BF1-709C-45D7-BAE0-5641884C5572}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{77FA1978-84E2-41F2-A950-F1FEC2EF5FE2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{8072C338-7F4A-4314-9B7F-C67316B8DA85}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{9B2F1FC4-B4ED-46D4-A105-759FAB542092}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AB2BFE24-B2ED-4E42-B7D4-1926572F3355}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF11CE5D-A5D9-40E0-BA92-08A798401640}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D29D57D9-F005-4C26-8DFF-6A50AF208FBB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D8203CEB-C9FF-43FB-9F59-390251F02B2C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{E84D8DF3-B1BE-4598-8E95-670A94D029FD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F1DC7F97-CE7E-4C1D-B987-DD1D19190EF3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{F76828B2-E6AA-4771-BBF6-7E7C7A8E8E81}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{F80E4247-0325-41C9-BEFD-092A35ABE2F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{88C9A605-843E-4615-AA40-ECC23031391F}" = StudioTax 2011
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E41E4C4-8C5C-4758-BBDC-30B04F93A23C}" = Mirar
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2012
"CameraUserGuide-PSA3100ISandPSA3000IS" = Canon PowerShot A3100 IS and PowerShot A3000 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"GoFTP_is1" = GoFTP v2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MyCamera" = Canon Utilities MyCamera
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Poker PlayNow.com" = Poker PlayNow.com
"PokerStars" = PokerStars
"PROHYBRIDR" = 2007 Microsoft Office system
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"uTorrent" = µTorrent
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/08/2012 5:55:54 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e94 Start Time: 01cd780ae3f41f6d Termination Time: 7722

Error - 11/08/2012 6:04:48 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1408 Start Time: 01cd780c5e2d0b1d Termination Time: 12605

Error - 11/08/2012 10:41:31 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 14c8 Start Time: 01cd7833ab103aa4 Termination Time: 78

Error - 12/08/2012 12:33:20 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1770 Start Time: 01cd78a570bc0680 Termination Time: 118

Error - 12/08/2012 2:39:03 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: cbc Start Time: 01cd78b99f4910c3 Termination Time: 28

Error - 13/08/2012 1:28:48 AM | Computer Name = Karen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16447, time stamp
0x4fc9cd53, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967,
exception code 0xc0000005, fault offset 0x0003fc56, process id 0x674, application
start time 0x01cd78d0976f5d23.

Error - 13/08/2012 6:18:51 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 2fc0 Start Time: 01cd79a058007a93 Termination Time: 78

Error - 14/08/2012 1:09:25 AM | Computer Name = Karen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16447, time stamp
0x4fc9cd53, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000081, process id 0x2d88, application start time
0x01cd79c427343863.

Error - 14/08/2012 5:10:27 PM | Computer Name = Karen-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: Failed to get state for bits job HResult:
0x80080008.

Error - 14/08/2012 9:56:23 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ed4 Start Time: 01cd7a890a85b353 Termination Time: 15

Error - 16/08/2012 3:31:52 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b44 Start Time: 01cd7be5b0ace2d9 Termination Time: 150

[ Media Center Events ]
Error - 16/04/2008 2:26:10 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 01/10/2008 1:38:44 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/11/2008 1:22:06 AM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 15/01/2009 11:46:54 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 18/01/2009 8:53:52 AM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/03/2009 1:14:12 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 29/04/2009 10:46:26 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 20/05/2009 11:38:43 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/06/2009 3:42:09 AM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 08/05/2010 2:51:58 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 15/07/2009 8:01:34 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/07/2009 8:02:14 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/07/2009 8:04:26 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/09/2009 8:39:57 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 14/08/2012 5:04:01 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10005
Description =

Error - 14/08/2012 5:04:01 PM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 14/08/2012 5:04:01 PM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/08/2012 5:08:21 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 14/08/2012 5:09:23 PM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 14/08/2012 5:09:56 PM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 14/08/2012 8:49:19 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 14/08/2012 10:50:39 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 15/08/2012 1:30:01 AM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 15/08/2012 2:02:56 AM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =


< End of report >


OTL logfile created on: 16/08/2012 2:41:25 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Karen\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 471.40 Mb Available Physical Memory | 46.52% Memory free
2.23 Gb Paging File | 0.91 Gb Available in Paging File | 40.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.58 Gb Total Space | 15.01 Gb Free Space | 10.91% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Karen\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\885464a66959861e3989120c21a8b1ad\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
MOD - C:\Program Files\TOSHIBA\ConfigFree\NotifyCFF.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 69 60 70 92 79 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - No CLSID value found
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112454&babsrc=SP_ss&mntrId=82cd616e0000000000000019d2b927cd
IE - HKCU\..\SearchScopes\{5723B224-B21B-44E9-9459-427A5EAE7992}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
IE - HKCU\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH
IE - HKCU\..\SearchScopes\{FF2584F9-D3AE-4DA2-867A-3CB9524BB963}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=9M&apn_dtid=OSJ000&apn_uid=DF4FC017-0237-4D8F-B806-E6BEFEA40F3B&apn_sauid=74661D54-4BB9-45EF-9BC3-A71669337471
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/28 08:19:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/28 08:17:32 | 000,000,000 | ---D | M]

[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions
[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/08/11 13:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions
[2012/08/11 13:40:18 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

O1 HOSTS File: ([2012/08/12 22:29:44 | 000,262,913 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9121 more lines...
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59404E89-05E5-4783-AA01-6FE99D348ACD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5E2B96E-7FD7-4362-BD71-0C6D17465BC6}: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 10:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/14 17:37:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/14 17:37:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/14 17:37:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/14 17:37:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/14 17:37:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/14 17:37:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/14 17:37:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 17:36:32 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/14 09:59:04 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\AVG
[2012/08/14 09:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/13 20:18:50 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\Apps
[2012/08/13 20:12:14 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\MigWiz
[2012/08/12 13:07:03 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/12 13:07:03 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/11 21:08:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/11 13:38:29 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\CRE
[2012/07/31 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator_files
[2012/07/31 15:56:02 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus_files
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/16 14:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/16 14:35:45 | 000,000,520 | ---- | M] () -- C:\Users\Karen\Desktop\OTL - Shortcut.lnk
[2012/08/16 14:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/16 13:05:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 13:05:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 22:06:06 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/15 17:48:59 | 103,922,008 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/14 23:05:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 22:28:16 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 20:36:29 | 000,000,512 | ---- | M] () -- C:\Users\Karen\Desktop\MBR.dat
[2012/08/14 20:22:38 | 000,000,505 | ---- | M] () -- C:\Users\Karen\Desktop\Attach - Shortcut.lnk
[2012/08/14 20:22:24 | 000,003,529 | ---- | M] () -- C:\Users\Karen\Documents\Attach.zip
[2012/08/14 19:42:08 | 000,000,924 | ---- | M] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | M] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | M] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/14 17:57:16 | 000,420,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 17:43:20 | 000,453,846 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/14 14:44:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/14 14:44:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/14 14:04:28 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/14 09:24:05 | 000,002,517 | ---- | M] () -- C:\Users\Karen\Desktop\HiJackThis.lnk
[2012/08/13 12:39:16 | 000,000,954 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/12 22:29:44 | 000,262,913 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/12 11:22:51 | 000,001,090 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/12 11:22:51 | 000,001,066 | ---- | M] () -- C:\Users\Karen\Desktop\Spybot - Search & Destroy.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | M] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | M] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | M] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/08/11 13:36:19 | 000,000,787 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/08/11 13:36:19 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/07/31 15:57:26 | 000,089,174 | ---- | M] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:56:03 | 000,048,358 | ---- | M] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2012/07/27 22:39:55 | 000,131,584 | ---- | M] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/16 14:35:45 | 000,000,520 | ---- | C] () -- C:\Users\Karen\Desktop\OTL - Shortcut.lnk
[2012/08/14 22:28:16 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 20:36:29 | 000,000,512 | ---- | C] () -- C:\Users\Karen\Desktop\MBR.dat
[2012/08/14 20:22:38 | 000,000,505 | ---- | C] () -- C:\Users\Karen\Desktop\Attach - Shortcut.lnk
[2012/08/14 20:22:24 | 000,003,529 | ---- | C] () -- C:\Users\Karen\Documents\Attach.zip
[2012/08/14 19:42:08 | 000,000,924 | ---- | C] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | C] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | C] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | C] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | C] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | C] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/07/31 15:57:23 | 000,089,174 | ---- | C] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:55:59 | 000,048,358 | ---- | C] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2010/12/27 21:49:36 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/27 21:49:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/18 11:27:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/21 15:17:51 | 004,146,115 | ---- | C] () -- C:\Users\Karen\IMG_0024.JPG
[2010/07/20 15:55:35 | 000,011,806 | -H-- | C] () -- C:\Users\Karen\ZbThumbnail.info
[2010/07/20 15:55:34 | 002,222,142 | ---- | C] () -- C:\Users\Karen\IMG_0014.JPG
[2009/07/02 20:27:47 | 000,000,036 | ---- | C] () -- C:\Users\Karen\AppData\Local\housecall.guid.cache
[2007/11/06 11:48:03 | 000,001,356 | ---- | C] () -- C:\Users\Karen\AppData\Local\d3d9caps.dat
[2007/08/28 20:45:27 | 000,131,584 | ---- | C] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/14 10:02:12 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG
[2011/10/12 11:57:10 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG2012
[2007/12/26 19:35:44 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\F-Secure
[2011/02/07 23:23:48 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Gygan
[2008/10/14 23:53:13 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\HouseCall 6.6
[2010/02/23 00:37:32 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Image Zone Express
[2007/12/26 20:36:06 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\InterVideo
[2011/02/07 23:35:24 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Local
[2011/01/16 12:09:20 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\mjusbsp
[2010/12/24 14:04:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\MusicNet
[2010/06/19 19:10:26 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\OpenOffice.org
[2007/12/29 10:12:29 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Printer Info Cache
[2011/08/18 10:19:15 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Sammsoft
[2012/08/14 23:02:21 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SoftGrid Client
[2010/07/23 15:07:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TP
[2011/04/12 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Transcend
[2012/08/13 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\uTorrent
[2012/08/14 23:03:49 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

ken545
2012-08-17, 01:32
A few entries need to go including one from Babylon.

After you run the fix and post the report, also let me know how you feel your system is behaving now ?




Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL
IE - HKLM\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112454&babsrc=SP_ss&mntrId=82cd616e0000000000000019d2b927cd
IE - HKCU\..\SearchScopes\{5723B224-B21B-44E9-9459-427A5EAE7992}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
IE - HKCU\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH
IE - HKCU\..\SearchScopes\{FF2584F9-D3AE-4DA2-867A-3CB9524BB963}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=9M&apn_dtid=OSJ000&apn_uid=DF4FC017-0237-4D8F-B806-E6BEFEA40F3B&apn_sauid=74661D54-4BB9-45EF-9BC3-A71669337471
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

renparenp
2012-08-17, 02:03
through fixing.
I had to shut down.
I now have 3 Sronclarke word document icons on my desktop. I also have
2 utility icons.
How should I proceed?
Thanks for your help.

ken545
2012-08-17, 04:17
Not sure what your referring to, can you be more specific, can you post the results of the fix log please

renparenp
2012-08-17, 05:10
was that when I clicked the Run Fix button of OTL It ran for about a minute then froze. It said "not responding" and i had to turn off my computer and reboot.
I tried several times.

renparenp
2012-08-17, 05:11
it left the icons and there was no logfile.

ken545
2012-08-17, 13:45
ok, just delete them and run it the same way with this new script


Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL
IE - HKLM\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112454&babsrc=SP_ss&mntrId=82cd616e0000000000000019d2b927cd
IE - HKCU\..\SearchScopes\{5723B224-B21B-44E9-9459-427A5EAE7992}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
IE - HKCU\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH
IE - HKCU\..\SearchScopes\{FF2584F9-D3AE-4DA2-867A-3CB9524BB963}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=9M&apn_dtid=OSJ000&apn_uid=DF4FC017-0237-4D8F-B806-E6BEFEA40F3B&apn_sauid=74661D54-4BB9-45EF-9BC3-A71669337471


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

renparenp
2012-08-17, 18:42
It ran for about 20 seconds and "not responding" came up at the top next to the OTL name.
Down at the bottom in the code box it stalled with only this left in it:
[emptytemp]
[start explorer]
[Reboot]

No icons were left on my desktop this time(i had deleted the other ones like you asked me to).
Should I have AVG temporarily disabled when i"m running OTL?
Thanks.

ken545
2012-08-17, 18:50
Yes, disable AVG and give it another shot, you may have an abundance of temp files that is choking on so run this cleaner first



Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean



use this new script


:processes
killallprocesses

:OTL
IE - HKLM\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112454&babsrc=SP_ss&mntrId=82cd616e0000000000000019d2b927cd
IE - HKCU\..\SearchScopes\{5723B224-B21B-44E9-9459-427A5EAE7992}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
IE - HKCU\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH
IE - HKCU\..\SearchScopes\{FF2584F9-D3AE-4DA2-867A-3CB9524BB963}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=9M&apn_dtid=OSJ000&apn_uid=DF4FC017-0237-4D8F-B806-E6BEFEA40F3B&apn_sauid=74661D54-4BB9-45EF-9BC3-A71669337471

:Services

:Reg

:Files

:Commands
[emptytemp]
[start explorer]
[Reboot]

renparenp
2012-08-17, 19:27
when i ran it,it froze almost right away. I rebooted,went to internet options and deleted browsing history(temp files,cookies etc). Am I ok to disable AVG(this makes me abit nervous) and try running OTL again?

ken545
2012-08-17, 19:50
Yes, you can just re enable AVG after the fix

renparenp
2012-08-17, 20:09
by right clicking the Icon and chose disable until restart.
I tried to run OTL but it froze as before at the same spot.
I rebooted,made sure AVG was enabled again and here I am now.
Thanks for your patience.

ken545
2012-08-17, 21:11
Not a problem, thanks for hanging in with me,

Lets do this instead and make sure that something is not hiding and preventing fixes from working


Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

renparenp
2012-08-17, 22:09
ComboFix 12-08-17.03 - Karen 17/08/2012 11:34:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.250 [GMT -7:00]
Running from: c:\users\Karen\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Karen\AppData\Roaming\Local
c:\windows\security\Database\tmp.edb
c:\windows\system32\SET6602.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 18:49 . 2012-08-17 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 22:44 . 2012-08-16 22:44 -------- d-----w- C:\_OTL
2012-08-15 02:41 . 2012-08-15 02:42 -------- d-----w- c:\program files\ERUNT
2012-08-15 00:36 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 00:20 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 16:59 . 2012-08-14 17:02 -------- d-----w- c:\users\Karen\AppData\Roaming\AVG
2012-08-14 03:18 . 2012-08-14 03:18 -------- d-----w- c:\users\Karen\AppData\Local\Apps
2012-08-14 03:12 . 2012-08-14 03:12 -------- d-----w- c:\users\Karen\AppData\Local\MigWiz
2012-08-11 20:38 . 2012-08-11 20:38 -------- d-----w- c:\users\Karen\AppData\Local\CRE
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 21:44 . 2012-04-21 00:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 21:44 . 2011-06-14 04:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 05:06 . 2012-07-17 21:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 05:06 . 2010-06-20 01:57 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 20:46 . 2011-01-09 02:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 14:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 14:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 14:47 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-27 07:36 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-27 07:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 07:39 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 07:38 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 07:38 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-27 07:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-27 07:39 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-27 07:36 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-27 07:38 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 00:04 . 2012-07-11 14:47 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 14:47 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"NDSTray.exe"="NDSTray.exe" [BU]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
.
c:\users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-960491262-2195050847-907181488-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 21:44]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 02:26]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 02:26]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
URLSearchHooks-{3bbd3c14-4c16-4989-8366-95bc9179779d} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-17 11:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????'m?R+???? 9?? 9???9?(?9?H?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-08-17 11:56:04
ComboFix-quarantined-files.txt 2012-08-17 18:55
.
Pre-Run: 15,177,019,392 bytes free
Post-Run: 15,176,880,128 bytes free
.
- - End Of File - - 4CECF297E613F1FE920D9776BDDC6BD9

ken545
2012-08-17, 23:01
Good,

What I would like you to do first is backup your registry with ERUNT, I see you have it to back up on startup so reboot and let it make a backup, if not run it and create a new back up.




Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::




Registry::
[-HKLM\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}]
[-HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKCU\..\SearchScopes\{5723B224-B21B-44E9-9459-427A5EAE7992}]
[-HKCU\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}]
[-HKCU\..\SearchScopes\{FF2584F9-D3AE-4DA2-867A-3CB9524BB963}]


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.




Then run a new scan with OTL (Not the fix) and post a new log and lets see if there gone

renparenp
2012-08-18, 00:22
ComboFix 12-08-17.03 - Karen 17/08/2012 13:40:38.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.362 [GMT -7:00]
Running from: c:\users\Karen\Desktop\ComboFix.exe
Command switches used :: c:\users\Karen\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 20:58 . 2012-08-17 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 22:44 . 2012-08-16 22:44 -------- d-----w- C:\_OTL
2012-08-15 02:41 . 2012-08-15 02:42 -------- d-----w- c:\program files\ERUNT
2012-08-15 00:36 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 00:20 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 16:59 . 2012-08-14 17:02 -------- d-----w- c:\users\Karen\AppData\Roaming\AVG
2012-08-14 03:18 . 2012-08-14 03:18 -------- d-----w- c:\users\Karen\AppData\Local\Apps
2012-08-14 03:12 . 2012-08-14 03:12 -------- d-----w- c:\users\Karen\AppData\Local\MigWiz
2012-08-11 20:38 . 2012-08-11 20:38 -------- d-----w- c:\users\Karen\AppData\Local\CRE
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 21:44 . 2012-04-21 00:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 21:44 . 2011-06-14 04:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 05:06 . 2012-07-17 21:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 05:06 . 2010-06-20 01:57 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 20:46 . 2011-01-09 02:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 14:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 14:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 14:47 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-27 07:36 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-27 07:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 07:39 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 07:38 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 07:38 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-27 07:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-27 07:39 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-27 07:36 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-27 07:38 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 00:04 . 2012-07-11 14:47 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 14:47 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"NDSTray.exe"="NDSTray.exe" [BU]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
.
c:\users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-960491262-2195050847-907181488-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 21:44]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 02:26]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 02:26]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-17 13:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????'m?R+???? 9?? 9???9?(?9?H?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-08-17 14:05:06
ComboFix-quarantined-files.txt 2012-08-17 21:04
ComboFix2.txt 2012-08-17 18:56
.
Pre-Run: 15,030,415,360 bytes free
Post-Run: 14,992,470,016 bytes free
.
- - End Of File - - 7F4E52C3C0B560356AF5A3BABEECBCFE


OTL logfile created on: 17/08/2012 2:06:57 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Karen\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 163.50 Mb Available Physical Memory | 16.13% Memory free
2.23 Gb Paging File | 1.04 Gb Available in Paging File | 46.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.58 Gb Total Space | 14.02 Gb Free Space | 10.19% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Karen\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\ComboFix\PEV.exe ()
PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\885464a66959861e3989120c21a8b1ad\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\ComboFix\PEV.exe ()
MOD - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
MOD - C:\Program Files\TOSHIBA\ConfigFree\NotifyCFF.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Karen\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 26 9B 55 AC 7C CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/28 08:19:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/28 08:17:32 | 000,000,000 | ---D | M]

[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions
[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/08/11 13:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions
[2012/08/11 13:40:18 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

O1 HOSTS File: ([2012/08/17 11:49:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59404E89-05E5-4783-AA01-6FE99D348ACD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5E2B96E-7FD7-4362-BD71-0C6D17465BC6}: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 14:05:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/17 13:36:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/17 11:30:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/17 11:30:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/17 11:30:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/17 11:30:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/17 11:21:47 | 004,733,838 | R--- | C] (Swearware) -- C:\Users\Karen\Desktop\ComboFix.exe
[2012/08/17 09:07:48 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\TFC.exe
[2012/08/16 15:44:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/14 17:37:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/14 17:37:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/14 17:37:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/14 17:37:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/14 17:37:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/14 17:37:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/14 17:37:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 17:36:32 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/14 09:59:04 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\AVG
[2012/08/14 09:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/13 20:18:50 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\Apps
[2012/08/13 20:12:14 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\MigWiz
[2012/08/12 13:07:03 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/12 13:07:03 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/11 21:08:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/11 13:38:29 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\CRE
[2012/07/31 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator_files
[2012/07/31 15:56:02 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus_files
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/17 14:06:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/17 14:02:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 14:02:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 13:44:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/17 12:03:13 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/17 12:02:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/17 11:49:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/17 11:21:52 | 004,733,838 | R--- | M] (Swearware) -- C:\Users\Karen\Desktop\ComboFix.exe
[2012/08/17 09:56:04 | 104,129,718 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/17 09:07:48 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\TFC.exe
[2012/08/16 14:35:45 | 000,000,520 | ---- | M] () -- C:\Users\Karen\Desktop\OTL - Shortcut.lnk
[2012/08/14 22:28:16 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 20:36:29 | 000,000,512 | ---- | M] () -- C:\Users\Karen\Desktop\MBR.dat
[2012/08/14 20:22:38 | 000,000,505 | ---- | M] () -- C:\Users\Karen\Desktop\Attach - Shortcut.lnk
[2012/08/14 20:22:24 | 000,003,529 | ---- | M] () -- C:\Users\Karen\Documents\Attach.zip
[2012/08/14 19:42:08 | 000,000,924 | ---- | M] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | M] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | M] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/14 17:57:16 | 000,420,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 17:43:20 | 000,453,846 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/14 14:44:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/14 14:44:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/14 14:04:28 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/14 09:24:05 | 000,002,517 | ---- | M] () -- C:\Users\Karen\Desktop\HiJackThis.lnk
[2012/08/13 12:39:16 | 000,000,954 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/12 11:22:51 | 000,001,090 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/12 11:22:51 | 000,001,066 | ---- | M] () -- C:\Users\Karen\Desktop\Spybot - Search & Destroy.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | M] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | M] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | M] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/08/11 13:36:19 | 000,000,787 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/08/11 13:36:19 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/07/31 15:57:26 | 000,089,174 | ---- | M] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:56:03 | 000,048,358 | ---- | M] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2012/07/27 22:39:55 | 000,131,584 | ---- | M] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 11:30:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/17 11:30:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/17 11:30:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/17 11:30:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/17 11:30:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/16 14:35:45 | 000,000,520 | ---- | C] () -- C:\Users\Karen\Desktop\OTL - Shortcut.lnk
[2012/08/14 22:28:16 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 20:36:29 | 000,000,512 | ---- | C] () -- C:\Users\Karen\Desktop\MBR.dat
[2012/08/14 20:22:38 | 000,000,505 | ---- | C] () -- C:\Users\Karen\Desktop\Attach - Shortcut.lnk
[2012/08/14 20:22:24 | 000,003,529 | ---- | C] () -- C:\Users\Karen\Documents\Attach.zip
[2012/08/14 19:42:08 | 000,000,924 | ---- | C] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | C] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | C] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | C] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | C] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | C] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/07/31 15:57:23 | 000,089,174 | ---- | C] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:55:59 | 000,048,358 | ---- | C] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2010/12/27 21:49:36 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/27 21:49:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/18 11:27:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/21 15:17:51 | 004,146,115 | ---- | C] () -- C:\Users\Karen\IMG_0024.JPG
[2010/07/20 15:55:35 | 000,011,806 | -H-- | C] () -- C:\Users\Karen\ZbThumbnail.info
[2010/07/20 15:55:34 | 002,222,142 | ---- | C] () -- C:\Users\Karen\IMG_0014.JPG
[2009/07/02 20:27:47 | 000,000,036 | ---- | C] () -- C:\Users\Karen\AppData\Local\housecall.guid.cache
[2007/11/06 11:48:03 | 000,001,356 | ---- | C] () -- C:\Users\Karen\AppData\Local\d3d9caps.dat
[2007/08/28 20:45:27 | 000,131,584 | ---- | C] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/14 10:02:12 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG
[2011/10/12 11:57:10 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG2012
[2007/12/26 19:35:44 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\F-Secure
[2011/02/07 23:23:48 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Gygan
[2008/10/14 23:53:13 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\HouseCall 6.6
[2010/02/23 00:37:32 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Image Zone Express
[2007/12/26 20:36:06 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\InterVideo
[2011/01/16 12:09:20 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\mjusbsp
[2010/12/24 14:04:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\MusicNet
[2010/06/19 19:10:26 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\OpenOffice.org
[2007/12/29 10:12:29 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Printer Info Cache
[2011/08/18 10:19:15 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Sammsoft
[2012/08/17 11:59:25 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SoftGrid Client
[2010/07/23 15:07:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TP
[2011/04/12 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Transcend
[2012/08/13 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\uTorrent
[2012/08/17 12:00:26 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

ken545
2012-08-18, 01:01
This one didn't take, the rest are gone


Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::




Registry::
[-HKLM\..\SearchScopes,DefaultScope = {DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}]
[-HKLM\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}]


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


Again, scan with OTL and let me see a new log please

renparenp
2012-08-18, 02:01
I got a message saying OTL.exe directory name is invalid. I"m unsure what to do about that.
I did however get a combo fix log:
ComboFix 12-08-17.03 - Karen 17/08/2012 15:18:41.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.268 [GMT -7:00]
Running from: c:\users\Karen\Desktop\ComboFix.exe
Command switches used :: c:\users\Karen\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 22:40 . 2012-08-17 22:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 22:44 . 2012-08-16 22:44 -------- d-----w- C:\_OTL
2012-08-15 02:41 . 2012-08-15 02:42 -------- d-----w- c:\program files\ERUNT
2012-08-15 00:36 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 00:20 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 16:59 . 2012-08-14 17:02 -------- d-----w- c:\users\Karen\AppData\Roaming\AVG
2012-08-14 03:18 . 2012-08-14 03:18 -------- d-----w- c:\users\Karen\AppData\Local\Apps
2012-08-14 03:12 . 2012-08-14 03:12 -------- d-----w- c:\users\Karen\AppData\Local\MigWiz
2012-08-11 20:38 . 2012-08-11 20:38 -------- d-----w- c:\users\Karen\AppData\Local\CRE
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 21:44 . 2012-04-21 00:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 21:44 . 2011-06-14 04:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 05:06 . 2012-07-17 21:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 05:06 . 2010-06-20 01:57 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 20:46 . 2011-01-09 02:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 14:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 14:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 14:47 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-27 07:36 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-27 07:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 07:39 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 07:38 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 07:38 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-27 07:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-27 07:39 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-27 07:36 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-27 07:38 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 00:04 . 2012-07-11 14:47 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 14:47 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"NDSTray.exe"="NDSTray.exe" [BU]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
.
c:\users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-960491262-2195050847-907181488-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 21:44]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 02:26]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 02:26]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-17 15:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????'m?R+???? 9?? 9???9?(?9?H?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-08-17 15:47:34
ComboFix-quarantined-files.txt 2012-08-17 22:47
ComboFix2.txt 2012-08-17 21:05
ComboFix3.txt 2012-08-17 18:56
.
Pre-Run: 14,905,798,656 bytes free
Post-Run: 14,872,195,072 bytes free
.
- - End Of File - - 68ADEB1A9DACC7BA8FE085ACD6940EB0

ken545
2012-08-18, 03:39
Do this, drag OTL to the trash and lets download an updated copy



OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

renparenp
2012-08-18, 04:22
when i go to run it I get the "otl.exe directory name is invalid" still.:confused:

ken545
2012-08-18, 04:28
Try this scanner instead

Download OTS.exe (http://oldtimer.geekstogo.com/OTS.exe) by OldTimer to your Desktop.
Close any open browsers.
Double-click on OTS.exe to start the program.
Leave all settings as they appear as default, except for the following:
Under Drivers, select "All".
Under Additional Scans, click on the "Extra" button.

Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, Attach the file ).

renparenp
2012-08-18, 04:51
did with OTL.
I clicked the save to desktop(the icon is there). A warning came up saying it could harm my computer. I chose the allow anyway. When i clicked run I got the directory name invalid again.

ken545
2012-08-18, 04:58
After downloading either OTL or OTS, reboot your system and try it again


If a no go try this



Please download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) and save it to your desktop.
Double click the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/OTMdesktopicon.png icon on your desktop.
Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/pasteline.png area.
Do not include the word "Code".



:Processes
explorer.exe

:Services

:Reg
Registry::
[-HKLM\..\SearchScopes,DefaultScope = {DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}]
[-HKLM\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}]

:Files



:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/btnmoveit.png button.
OTM may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/results.png line here in your next reply.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

renparenp
2012-08-18, 05:49
(i didn"t try OTS)
The Otl.txt came up but not the Extras.txt.
I have looked for it in the folder and its not there. I did a search and found its shortcut at c users karen app data roaming microsoft windows but when i click, it says its been changed or moved. I don"t see it on the desktop or anywhere else. I"m not very experienced in this area but will keep looking. Please let me know if you can give me suggestions on where it is.

Here is the newest OTL log:
OTL logfile created on: 17/08/2012 7:10:36 PM - Run 3
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Karen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 195.58 Mb Available Physical Memory | 19.30% Memory free
2.23 Gb Paging File | 1.14 Gb Available in Paging File | 50.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.58 Gb Total Space | 13.80 Gb Free Space | 10.03% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Karen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\885464a66959861e3989120c21a8b1ad\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
MOD - C:\Program Files\TOSHIBA\ConfigFree\NotifyCFF.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Karen\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C E3 1E 02 CD 7C CD 01 [binary data]
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/28 08:19:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/28 08:17:32 | 000,000,000 | ---D | M]

[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions
[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/08/11 13:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions
[2012/08/11 13:40:18 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

O1 HOSTS File: ([2012/08/17 11:49:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-18..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-21-960491262-2195050847-907181488-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59404E89-05E5-4783-AA01-6FE99D348ACD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5E2B96E-7FD7-4362-BD71-0C6D17465BC6}: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 19:06:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/17 19:02:06 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012/08/17 15:45:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/17 15:14:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/17 11:30:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/17 11:30:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/17 11:30:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/17 11:30:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/17 11:21:47 | 004,733,838 | R--- | C] (Swearware) -- C:\Users\Karen\Desktop\ComboFix.exe
[2012/08/17 09:07:48 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\TFC.exe
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/14 17:37:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/14 17:37:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/14 17:37:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/14 17:37:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/14 17:37:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/14 17:37:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/14 17:37:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 17:36:32 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/14 09:59:04 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\AVG
[2012/08/14 09:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/13 20:18:50 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\Apps
[2012/08/13 20:12:14 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\MigWiz
[2012/08/12 13:07:03 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/12 13:07:03 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/11 21:08:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/11 13:38:29 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\CRE
[2012/07/31 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator_files
[2012/07/31 15:56:02 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus_files
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/17 19:07:29 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/17 19:06:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 19:06:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 19:06:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/17 19:02:24 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012/08/17 18:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/17 18:06:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/17 17:08:10 | 104,175,320 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/17 11:49:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/17 11:21:52 | 004,733,838 | R--- | M] (Swearware) -- C:\Users\Karen\Desktop\ComboFix.exe
[2012/08/17 09:07:48 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\TFC.exe
[2012/08/14 22:28:16 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 20:36:29 | 000,000,512 | ---- | M] () -- C:\Users\Karen\Desktop\MBR.dat
[2012/08/14 20:22:38 | 000,000,505 | ---- | M] () -- C:\Users\Karen\Desktop\Attach - Shortcut.lnk
[2012/08/14 20:22:24 | 000,003,529 | ---- | M] () -- C:\Users\Karen\Documents\Attach.zip
[2012/08/14 19:42:08 | 000,000,924 | ---- | M] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | M] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | M] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/14 17:57:16 | 000,420,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 17:43:20 | 000,453,846 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/14 14:44:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/14 14:44:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/14 14:04:28 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/14 09:24:05 | 000,002,517 | ---- | M] () -- C:\Users\Karen\Desktop\HiJackThis.lnk
[2012/08/13 12:39:16 | 000,000,954 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/12 11:22:51 | 000,001,090 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/12 11:22:51 | 000,001,066 | ---- | M] () -- C:\Users\Karen\Desktop\Spybot - Search & Destroy.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | M] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | M] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | M] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/08/11 13:36:19 | 000,000,787 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/08/11 13:36:19 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/07/31 15:57:26 | 000,089,174 | ---- | M] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:56:03 | 000,048,358 | ---- | M] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2012/07/27 22:39:55 | 000,131,584 | ---- | M] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 11:30:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/17 11:30:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/17 11:30:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/17 11:30:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/17 11:30:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/14 22:28:16 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 20:36:29 | 000,000,512 | ---- | C] () -- C:\Users\Karen\Desktop\MBR.dat
[2012/08/14 20:22:38 | 000,000,505 | ---- | C] () -- C:\Users\Karen\Desktop\Attach - Shortcut.lnk
[2012/08/14 20:22:24 | 000,003,529 | ---- | C] () -- C:\Users\Karen\Documents\Attach.zip
[2012/08/14 19:42:08 | 000,000,924 | ---- | C] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | C] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | C] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | C] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | C] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | C] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/07/31 15:57:23 | 000,089,174 | ---- | C] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:55:59 | 000,048,358 | ---- | C] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2010/12/27 21:49:36 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/27 21:49:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/18 11:27:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/21 15:17:51 | 004,146,115 | ---- | C] () -- C:\Users\Karen\IMG_0024.JPG
[2010/07/20 15:55:35 | 000,011,806 | -H-- | C] () -- C:\Users\Karen\ZbThumbnail.info
[2010/07/20 15:55:34 | 002,222,142 | ---- | C] () -- C:\Users\Karen\IMG_0014.JPG
[2009/07/02 20:27:47 | 000,000,036 | ---- | C] () -- C:\Users\Karen\AppData\Local\housecall.guid.cache
[2007/11/06 11:48:03 | 000,001,356 | ---- | C] () -- C:\Users\Karen\AppData\Local\d3d9caps.dat
[2007/08/28 20:45:27 | 000,131,584 | ---- | C] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/14 10:02:12 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG
[2011/10/12 11:57:10 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG2012
[2007/12/26 19:35:44 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\F-Secure
[2011/02/07 23:23:48 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Gygan
[2008/10/14 23:53:13 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\HouseCall 6.6
[2010/02/23 00:37:32 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Image Zone Express
[2007/12/26 20:36:06 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\InterVideo
[2011/01/16 12:09:20 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\mjusbsp
[2010/12/24 14:04:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\MusicNet
[2010/06/19 19:10:26 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\OpenOffice.org
[2007/12/29 10:12:29 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Printer Info Cache
[2011/08/18 10:19:15 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Sammsoft
[2012/08/17 19:02:53 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SoftGrid Client
[2010/07/23 15:07:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TP
[2011/04/12 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Transcend
[2012/08/13 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\uTorrent
[2012/08/17 19:04:08 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

ken545
2012-08-18, 14:16
Good Morning,

You have done well, those entries are gone. They where just leftovers but where related to Mirasearch and Babylon. Dont fret over the extras log, OTL just creates one on the first run and none after that so you wont find it.

How are things running now ?

renparenp
2012-08-18, 18:47
I can"t thank you enough!
I"m so glad to be rid of Babylon especially.
Is it ok for me to now remove dds,otl,combofix? Is there a good way of doing so? Should I make a new restore point once I have?
*One note: After I sent the last otl.exe log and couldn"t find the extras(which i now know wouldn"t be there) I tried to save OTM file and got a secutity warning from AVG. I"m pretty sure it was disabled but it said it was a backdoor trojan so I didn"t allow it and i see it was quarantined. Not sure if that matters but thought I should mention it.

ken545
2012-08-18, 19:25
Hi,

So glad things are running well for you again, helping you has been my pleasure.

When you run OTL, you will just get the extras log on the first run and none on any other runs.

Some Antivirus programs sometimes flag our tools as a trojan, but any tools your asked to run in our removal forums are safe to run, remember we are here to help you clean your system, not infect it.




Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png




Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

renparenp
2012-08-18, 19:57
up as toolbar so i"m not sure if I should go ahead with the combofix uninstall and cleanup yet.
I had just been on facebook when it switched to about blank.
What should i do now?
Thanks so much.

ken545
2012-08-18, 20:37
Go ahead with the clean up, we will just download any tools we may need nice a fresh and updated.

Open IE and go to Tools> Internet Options> Advanced Tab> Reset Internet Explorers Settings > Reset.....it will take a few seconds, when its done close IE and reopen it and try surfing to a few sites that you frequent and see if the problem goes away

renparenp
2012-08-18, 22:24
No appearance of about blank after visiting a few sites including facebook.
I have my fingers crossed that all the bad guys are gone.
Thank you very,very much for taking the time out of your days over the last few. I appreciate it immensely. I will be making a contribution here on my next paycheque day.
Cheers and enoy the weekend ken45. :thanks:

ken545
2012-08-18, 22:39
Lets do this, I will leave this thread open for your for a few days, post back if you experience any problems. If the thread is closed you can either PM me or an administrator to reopen it.

Take care,
Ken

renparenp
2012-08-20, 18:32
AboutBlank occasionally popping up as my toolbar.

ken545
2012-08-20, 19:18
Lets run a new scan with OTL, if its still on your desktop drag it to the trash and grab an updated version

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

renparenp
2012-08-20, 20:32
OTL logfile created on: 20/08/2012 10:10:10 AM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Karen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 469.79 Mb Available Physical Memory | 46.36% Memory free
2.42 Gb Paging File | 1.00 Gb Available in Paging File | 41.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.58 Gb Total Space | 18.16 Gb Free Space | 13.20% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Karen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\885464a66959861e3989120c21a8b1ad\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
MOD - C:\Program Files\TOSHIBA\ConfigFree\NotifyCFF.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 69 E1 77 6C 7D CD 01 [binary data]
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/08/19 08:11:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/19 08:11:00 | 000,000,000 | ---D | M]

[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions
[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/08/11 13:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions
[2012/08/11 13:40:18 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

O1 HOSTS File: ([2012/08/17 11:49:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-18..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-21-960491262-2195050847-907181488-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59404E89-05E5-4783-AA01-6FE99D348ACD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5E2B96E-7FD7-4362-BD71-0C6D17465BC6}: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 10:08:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012/08/19 08:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/18 10:49:49 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/17 19:06:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/17 15:45:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/14 17:37:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/14 17:37:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/14 17:37:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/14 17:37:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/14 17:37:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/14 17:37:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/14 17:37:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 17:36:32 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/14 09:59:04 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\AVG
[2012/08/14 09:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/13 20:18:50 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\Apps
[2012/08/13 20:12:14 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\MigWiz
[2012/08/12 13:07:03 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/12 13:07:03 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/11 21:08:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/11 13:38:29 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\CRE
[2012/07/31 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator_files
[2012/07/31 15:56:02 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus_files
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/20 10:08:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012/08/20 08:58:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/20 08:58:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/20 08:03:57 | 104,413,376 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/19 23:38:00 | 000,002,517 | ---- | M] () -- C:\Users\Karen\Desktop\HiJackThis.lnk
[2012/08/19 23:24:45 | 000,369,239 | ---- | M] () -- C:\Users\Karen\Desktop\C_paper.pdf
[2012/08/19 19:06:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/19 18:44:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/19 08:11:25 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/18 22:06:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/18 15:58:14 | 000,131,584 | ---- | M] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/18 10:58:07 | 000,420,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/18 10:57:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/17 11:49:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/14 22:28:16 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 19:42:08 | 000,000,924 | ---- | M] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | M] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | M] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/14 17:43:20 | 000,453,846 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/14 14:44:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/14 14:44:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/14 14:04:28 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/13 12:39:16 | 000,000,954 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/12 11:22:51 | 000,001,090 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/12 11:22:51 | 000,001,066 | ---- | M] () -- C:\Users\Karen\Desktop\Spybot - Search & Destroy.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | M] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | M] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | M] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/08/11 13:36:19 | 000,000,787 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/08/11 13:36:19 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/07/31 15:57:26 | 000,089,174 | ---- | M] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:56:03 | 000,048,358 | ---- | M] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/19 23:24:44 | 000,369,239 | ---- | C] () -- C:\Users\Karen\Desktop\C_paper.pdf
[2012/08/14 22:28:16 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 19:42:08 | 000,000,924 | ---- | C] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | C] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | C] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | C] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | C] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | C] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/07/31 15:57:23 | 000,089,174 | ---- | C] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:55:59 | 000,048,358 | ---- | C] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2010/12/27 21:49:36 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/27 21:49:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/18 11:27:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/21 15:17:51 | 004,146,115 | ---- | C] () -- C:\Users\Karen\IMG_0024.JPG
[2010/07/20 15:55:35 | 000,011,806 | -H-- | C] () -- C:\Users\Karen\ZbThumbnail.info
[2010/07/20 15:55:34 | 002,222,142 | ---- | C] () -- C:\Users\Karen\IMG_0014.JPG
[2009/07/02 20:27:47 | 000,000,036 | ---- | C] () -- C:\Users\Karen\AppData\Local\housecall.guid.cache
[2007/11/06 11:48:03 | 000,001,356 | ---- | C] () -- C:\Users\Karen\AppData\Local\d3d9caps.dat
[2007/08/28 20:45:27 | 000,131,584 | ---- | C] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/14 10:02:12 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG
[2011/10/12 11:57:10 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG2012
[2007/12/26 19:35:44 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\F-Secure
[2011/02/07 23:23:48 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Gygan
[2008/10/14 23:53:13 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\HouseCall 6.6
[2010/02/23 00:37:32 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Image Zone Express
[2007/12/26 20:36:06 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\InterVideo
[2011/01/16 12:09:20 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\mjusbsp
[2010/12/24 14:04:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\MusicNet
[2010/06/19 19:10:26 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\OpenOffice.org
[2007/12/29 10:12:29 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Printer Info Cache
[2011/08/18 10:19:15 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Sammsoft
[2012/08/18 10:54:28 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SoftGrid Client
[2010/07/23 15:07:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TP
[2011/04/12 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Transcend
[2012/08/13 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\uTorrent
[2012/08/18 10:55:28 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 20/08/2012 10:10:10 AM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Karen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 469.79 Mb Available Physical Memory | 46.36% Memory free
2.42 Gb Paging File | 1.00 Gb Available in Paging File | 41.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.58 Gb Total Space | 18.16 Gb Free Space | 13.20% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-960491262-2195050847-907181488-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{105349C1-0DF5-4F23-B8E5-A25BA0C3AD99}" = rport=139 | protocol=6 | dir=out | app=system |
"{23C03F00-485E-4B30-901D-1721449A043D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{270D0449-35AE-468F-95AD-BE39AE069C00}" = lport=138 | protocol=17 | dir=in | app=system |
"{36553287-31AA-46DF-829F-CF9D5B98D1B2}" = rport=445 | protocol=6 | dir=out | app=system |
"{37A20DE8-C155-4175-9297-56621EAB7FE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{473E45D5-85A2-4D56-92D7-2CC6121B432F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{47AFE207-4C35-4B33-9AF5-D1656CD1604B}" = rport=137 | protocol=17 | dir=out | app=system |
"{79FC19AB-9A36-45C3-A0D5-1E0A2A35A856}" = lport=137 | protocol=17 | dir=in | app=system |
"{7CFAD557-2F17-483A-8791-25E41FB6D5E7}" = lport=445 | protocol=6 | dir=in | app=system |
"{7EAD7A08-FC80-4BED-A21B-3D35A6807D23}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A0860CC3-1193-4250-9571-D688C2B5F7E4}" = lport=139 | protocol=6 | dir=in | app=system |
"{ADECA176-471E-4423-B455-62B649DB6078}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B9F8B451-8E1D-4689-92B7-BE1F4F3CBF35}" = rport=138 | protocol=17 | dir=out | app=system |
"{C6A73625-E520-4983-8492-AD3A13B62D84}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D91974C0-EFAE-4826-B6B2-7F5856C50202}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03806A66-7C4D-46E9-BE2D-C005FE4C8AAB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0A69EA76-511A-4494-A3A9-7BE4ECEF8532}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{1344CF4E-4796-49CE-858D-8390F08D637C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{3004DA26-F629-46CA-AA59-2C382F656EAA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{35D371FE-CF52-409E-BC44-32B9A1DE0060}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{3A8E9964-3D4A-4386-B5A3-E9D3BCC57EB3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3CA44EEB-0579-438C-9118-A8F0DC288C55}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{434223CE-4F33-4AD0-86B0-091617D11111}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{5A11302B-FDAF-4076-8BD1-7F1F0A28BC81}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5E5ED51E-DCE3-45BA-A867-49C8BDA90D6B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{64B74BF1-709C-45D7-BAE0-5641884C5572}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{77FA1978-84E2-41F2-A950-F1FEC2EF5FE2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{8072C338-7F4A-4314-9B7F-C67316B8DA85}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{9B2F1FC4-B4ED-46D4-A105-759FAB542092}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AB2BFE24-B2ED-4E42-B7D4-1926572F3355}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF11CE5D-A5D9-40E0-BA92-08A798401640}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D29D57D9-F005-4C26-8DFF-6A50AF208FBB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D8203CEB-C9FF-43FB-9F59-390251F02B2C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{E84D8DF3-B1BE-4598-8E95-670A94D029FD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F1DC7F97-CE7E-4C1D-B987-DD1D19190EF3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{F76828B2-E6AA-4771-BBF6-7E7C7A8E8E81}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{F80E4247-0325-41C9-BEFD-092A35ABE2F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{88C9A605-843E-4615-AA40-ECC23031391F}" = StudioTax 2011
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E41E4C4-8C5C-4758-BBDC-30B04F93A23C}" = Mirar
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2012
"CameraUserGuide-PSA3100ISandPSA3000IS" = Canon PowerShot A3100 IS and PowerShot A3000 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"GoFTP_is1" = GoFTP v2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MyCamera" = Canon Utilities MyCamera
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Poker PlayNow.com" = Poker PlayNow.com
"PokerStars" = PokerStars
"PROHYBRIDR" = 2007 Microsoft Office system
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"uTorrent" = µTorrent
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/08/2012 12:33:20 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1770 Start Time: 01cd78a570bc0680 Termination Time: 118

Error - 12/08/2012 2:39:03 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: cbc Start Time: 01cd78b99f4910c3 Termination Time: 28

Error - 13/08/2012 1:28:48 AM | Computer Name = Karen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16447, time stamp
0x4fc9cd53, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967,
exception code 0xc0000005, fault offset 0x0003fc56, process id 0x674, application
start time 0x01cd78d0976f5d23.

Error - 13/08/2012 6:18:51 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 2fc0 Start Time: 01cd79a058007a93 Termination Time: 78

Error - 14/08/2012 1:09:25 AM | Computer Name = Karen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16447, time stamp
0x4fc9cd53, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000081, process id 0x2d88, application start time
0x01cd79c427343863.

Error - 14/08/2012 5:10:27 PM | Computer Name = Karen-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: Failed to get state for bits job HResult:
0x80080008.

Error - 14/08/2012 9:56:23 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ed4 Start Time: 01cd7a890a85b353 Termination Time: 15

Error - 16/08/2012 3:31:52 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b44 Start Time: 01cd7be5b0ace2d9 Termination Time: 150

Error - 17/08/2012 1:19:17 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.57.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1730 Start Time: 01cd7c9c21f3c8f9 Termination Time: 31

Error - 17/08/2012 9:16:04 PM | Computer Name = Karen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16448, time stamp
0x4fecf1b7, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000374, fault offset 0x000b06b7, process id 0x464, application
start time 0x01cd7cdeff4c26bc.

Error - 18/08/2012 7:44:08 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 18a0 Start Time: 01cd7d93530e18e8 Termination Time: 187

[ Media Center Events ]
Error - 16/04/2008 2:26:10 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 01/10/2008 1:38:44 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/11/2008 1:22:06 AM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 15/01/2009 11:46:54 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 18/01/2009 8:53:52 AM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/03/2009 1:14:12 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 29/04/2009 10:46:26 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 20/05/2009 11:38:43 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/06/2009 3:42:09 AM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 08/05/2010 2:51:58 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 15/07/2009 8:01:34 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/07/2009 8:02:14 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/07/2009 8:04:26 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/09/2009 8:39:57 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 17/08/2012 5:32:20 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 17/08/2012 6:16:33 PM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 17/08/2012 6:31:49 PM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 17/08/2012 6:40:30 PM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 17/08/2012 10:03:28 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 17/08/2012 10:58:38 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 17/08/2012 11:08:31 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 18/08/2012 2:50:18 AM | Computer Name = Karen-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 18/08/2012 2:50:31 AM | Computer Name = Karen-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 18/08/2012 1:55:08 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =


< End of report >

ken545
2012-08-20, 20:54
Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}
[2012/08/11 13:36:19 | 000,000,787 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/08/11 13:36:19 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk


:Services

:Reg

:Files
ipconfig /flushdns /c
C:\32788R22FWJFW


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces


Then run a new scan with OTL and post the new log. Then do some surfing and see how it goes

renparenp
2012-08-20, 22:06
Did abit of surfing and so far ok.

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk moved successfully.
C:\Users\Public\Desktop\µTorrent.lnk moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Karen\Desktop\cmd.bat deleted successfully.
C:\Users\Karen\Desktop\cmd.txt deleted successfully.
C:\32788R22FWJFW folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Karen
->Temp folder emptied: 608271 bytes
->Temporary Internet Files folder emptied: 1598739683 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 11181056 bytes
->Flash cache emptied: 16726 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 786 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,536.00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08202012_111130

Files\Folders moved on Reboot...
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEJPG6BZ\showthread[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



OTL logfile created on: 20/08/2012 11:40:41 AM - Run 2
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Karen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 139.97 Mb Available Physical Memory | 13.81% Memory free
2.23 Gb Paging File | 1.04 Gb Available in Paging File | 46.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.58 Gb Total Space | 19.72 Gb Free Space | 14.34% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Karen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\885464a66959861e3989120c21a8b1ad\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
MOD - C:\Program Files\TOSHIBA\ConfigFree\NotifyCFF.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 69 E1 77 6C 7D CD 01 [binary data]
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/08/19 08:11:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/19 08:11:00 | 000,000,000 | ---D | M]

[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions
[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/08/11 13:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions
[2012/08/11 13:40:18 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

O1 HOSTS File: ([2012/08/20 11:11:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-18..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-21-960491262-2195050847-907181488-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59404E89-05E5-4783-AA01-6FE99D348ACD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5E2B96E-7FD7-4362-BD71-0C6D17465BC6}: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 11:11:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/20 10:08:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012/08/19 08:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/17 19:06:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/17 15:45:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/14 17:37:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/14 17:37:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/14 17:37:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/14 17:37:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/14 17:37:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/14 17:37:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/14 17:37:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 17:36:32 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/14 09:59:04 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\AVG
[2012/08/14 09:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/13 20:18:50 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\Apps
[2012/08/13 20:12:14 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\MigWiz
[2012/08/12 13:07:03 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/12 13:07:03 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/11 21:08:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/11 13:38:29 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\CRE
[2012/07/31 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator_files
[2012/07/31 15:56:02 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus_files

========== Files - Modified Within 30 Days ==========

[2012/08/20 11:44:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/20 11:36:08 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/20 11:35:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/20 11:35:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/20 11:34:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/20 11:11:51 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/08/20 10:08:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012/08/20 08:03:57 | 104,413,376 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/19 23:38:00 | 000,002,517 | ---- | M] () -- C:\Users\Karen\Desktop\HiJackThis.lnk
[2012/08/19 23:24:45 | 000,369,239 | ---- | M] () -- C:\Users\Karen\Desktop\C_paper.pdf
[2012/08/19 19:06:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/19 08:11:25 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/18 15:58:14 | 000,131,584 | ---- | M] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/18 10:58:07 | 000,420,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 22:28:16 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 19:42:08 | 000,000,924 | ---- | M] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | M] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | M] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/14 17:43:20 | 000,453,846 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/14 14:44:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/14 14:44:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/14 14:04:28 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/13 12:39:16 | 000,000,954 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/12 11:22:51 | 000,001,090 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/12 11:22:51 | 000,001,066 | ---- | M] () -- C:\Users\Karen\Desktop\Spybot - Search & Destroy.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | M] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | M] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | M] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/07/31 15:57:26 | 000,089,174 | ---- | M] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:56:03 | 000,048,358 | ---- | M] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm

========== Files Created - No Company Name ==========

[2012/08/19 23:24:44 | 000,369,239 | ---- | C] () -- C:\Users\Karen\Desktop\C_paper.pdf
[2012/08/14 22:28:16 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 19:42:08 | 000,000,924 | ---- | C] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | C] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | C] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | C] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | C] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | C] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/07/31 15:57:23 | 000,089,174 | ---- | C] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:55:59 | 000,048,358 | ---- | C] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2010/12/27 21:49:36 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/27 21:49:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/18 11:27:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/21 15:17:51 | 004,146,115 | ---- | C] () -- C:\Users\Karen\IMG_0024.JPG
[2010/07/20 15:55:35 | 000,011,806 | -H-- | C] () -- C:\Users\Karen\ZbThumbnail.info
[2010/07/20 15:55:34 | 002,222,142 | ---- | C] () -- C:\Users\Karen\IMG_0014.JPG
[2009/07/02 20:27:47 | 000,000,036 | ---- | C] () -- C:\Users\Karen\AppData\Local\housecall.guid.cache
[2007/11/06 11:48:03 | 000,001,356 | ---- | C] () -- C:\Users\Karen\AppData\Local\d3d9caps.dat
[2007/08/28 20:45:27 | 000,131,584 | ---- | C] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/14 10:02:12 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG
[2011/10/12 11:57:10 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG2012
[2007/12/26 19:35:44 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\F-Secure
[2011/02/07 23:23:48 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Gygan
[2008/10/14 23:53:13 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\HouseCall 6.6
[2010/02/23 00:37:32 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Image Zone Express
[2007/12/26 20:36:06 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\InterVideo
[2011/01/16 12:09:20 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\mjusbsp
[2010/12/24 14:04:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\MusicNet
[2010/06/19 19:10:26 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\OpenOffice.org
[2007/12/29 10:12:29 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Printer Info Cache
[2011/08/18 10:19:15 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Sammsoft
[2012/08/20 11:11:46 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SoftGrid Client
[2010/07/23 15:07:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TP
[2011/04/12 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Transcend
[2012/08/13 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\uTorrent
[2012/08/20 11:32:45 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

ken545
2012-08-20, 23:12
ok, lets wait a few more days and make sure its fixed

ken545
2012-08-25, 00:25
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.