Google/Bing Redirects

**lantern_green** · 2012-05-08, 08:38

Hi there,

So My google and bing searches on Chrome and Firefox keep redirecting to shoppinghornet, fabusearch, etc. I ran Avg scan, Trend Micro Housecall scan, Spybot: Search & Destroy scan, and, Malwarebytes Anti-Malware scan, but the problem persists. I am pasting the DDS log below and also attaching the Attach zip file as instructed.

Thanks for your help.

============================================================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by kpn at 23:10:14 on 2012-05-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.1930 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dgdersvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\windows\SysWOW64\cryptainersrv.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?o=14597&l=dis
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader

Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll
uURLSearchHooks: H - No File
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure

Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion

\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier

\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller

Plug-in\TOSHIBAMediaControllerIE.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE

\5.6\youtubedownloaderToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure

Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE

\5.6\youtubedownloaderToolbarIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\kpn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [googletalk] C:\Users\kpn\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [KiesTrayAgent]
uRun: [AROReminder]
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [<NO NAME>]
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\windows\system32\rundll32.exe"

"C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
StartupFolder: C:\Users\kpn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files

(x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\kpn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files

(x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\kpn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PMBMED~1.LNK - C:\Program Files

(x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion

\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{26A4DF69-F04F-42A7-BBD9-3A4DBE1B1780} : NameServer = 0.0.0.0
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831} : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\2435E4C4F51405 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\3757E6279637560296E6E6D27657563747 : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\55453547162736F6D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\A5854435C40253331324 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\F65727E6564777F627B6 : DhcpNameServer = 192.168.2.1 75.75.75.75
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller

\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure

Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live

\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier

\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media

Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE

\5.6\youtubedownloaderToolbarIE.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs

\cpn0\YTSingleInstance.dll
TB-X64: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure

Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE

\5.6\youtubedownloaderToolbarIE.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun-x64: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [(Default)]
mRunOnce-x64: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\windows\system32\rundll32.exe"

"C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kpn\AppData\Roaming\Mozilla\Firefox\Profiles\7miejhmd.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0128156d-c895-47fe-967c-

36727009b0b3%7D&mid=780c9225fd3742409beb0c50ee940207-

969f2c32528dfb9c262d3100a75dbdb79ddf8785&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-28%2010%3A07%3A30&sap=ku&q=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.71\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\kpn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\kpn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS

\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS

\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 ssoftnt4;ssoftnt4;\??\C:\windows\system32\Drivers\ssoftnt4.sys --> C:\windows\system32\Drivers\ssoftnt4.sys [?]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\windows\system32\DRIVERS\tmlwf.sys --> C:\windows\system32\DRIVERS\tmlwf.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 acedrv11;acedrv11;\??\C:\windows\system32\drivers\acedrv11.sys --> C:\windows\system32\drivers\acedrv11.sys [?]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-4-23 785304]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 dgdersvc;Device Error Recovery Service;C:\Windows\System32\dgdersvc.exe [2010-12-19 95568]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-12-29

404992]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData

\DatacardService\HWDeviceService64.exe -/service [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-6-28

1604200]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-23 1153368]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\windows\system32\DRIVERS\tmwfp.sys --> C:\windows\system32\DRIVERS\tmwfp.sys [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys -->

C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine

Components\UNS\UNS.exe [2010-6-28 2320920]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater

\10.2.0\ToolbarUpdater.exe [2012-3-16 918880]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-12-29 911360]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 bpenum;bpenum;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;bpmp;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-12-19 18120]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys

[?]
R3 huawei_enumerator;huawei_enumerator;C:\windows\system32\DRIVERS\ew_jubusenum.sys --> C:\windows\system32\DRIVERS

\ew_jubusenum.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:

\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\windows\system32\DRIVERS\stdriver64.sys --> C:\windows\system32\DRIVERS

\stdriver64.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-28 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5

137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\windows\system32\drivers\WsAudioDevice_383S(1).sys --> C:\windows

\system32\drivers\WsAudioDevice_383S(1).sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 135664]
S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch

Off\swoff.exe -service [?]
S2 SwOffWeb;Airytec Switch Off - Web Interface;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off

\swoff.exe -service [?]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[2012-4-7 253088]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-12

1025352]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\windows

\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 135664]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office

\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24

129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-12 340240]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:

\windows\system32\DRIVERS\NETw5s64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

[2010-1-9 4925184]
S3 pwdrvio;pwdrvio;\??\C:\windows\system32\pwdrvio.sys --> C:\windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\windows\system32\pwdspio.sys --> C:\windows\system32\pwdspio.sys [?]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2012-3-8 16392]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat

\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-

10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn

\SQLAGENT.EXE [2010-9-17 370008]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-08 00:56:55 -------- d-----w- C:\Program Files\HitmanPro
2012-05-08 00:56:48 -------- d-----w- C:\ProgramData\HitmanPro
2012-05-07 21:46:41 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-05-07 21:43:58 251528 ----a-w- C:\windows\System32\drivers\PCTSD64.sys
2012-05-07 21:43:57 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-05-07 21:43:32 -------- d-----w- C:\ProgramData\PC Tools
2012-05-07 21:43:29 -------- d-----w- C:\Users\kpn\AppData\Roaming\TestApp
2012-05-07 18:30:10 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-05-07 18:30:10 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-05-07 18:30:10 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-05-07 08:56:48 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-07 08:56:48 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-05-07 08:56:48 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-07 08:56:48 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-07 08:56:47 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-07 08:56:47 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-07 08:56:47 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-05-01 00:40:22 -------- d-----w- C:\Users\kpn\AppData\Local\DuplicateCleaner
2012-04-30 22:39:29 662288 ----a-w- C:\windows\SysWow64\mscomct2.ocx
2012-04-30 22:39:29 609824 ----a-w- C:\windows\SysWow64\comctl32.ocx
2012-04-30 22:39:29 40960 ----a-w- C:\windows\SysWow64\ssubtmr6.dll
2012-04-30 22:39:29 36864 ----a-w- C:\windows\SysWow64\trayicon_handler.ocx
2012-04-30 22:39:29 28672 ----a-w- C:\windows\SysWow64\mousewheel.ocx
2012-04-30 22:39:29 164144 ----a-w- C:\windows\SysWow64\comct232.ocx
2012-04-30 22:39:28 212240 ----a-w- C:\windows\SysWow64\richtx32.ocx
2012-04-30 22:39:28 -------- d-----w- C:\Program Files (x86)\DVD Flick
2012-04-27 15:38:10 -------- d-----w- C:\Users\kpn\AppData\Local\{7D45108C-9B76-4A0B-80EF-5C964723E039}
2012-04-27 15:37:51 -------- d-----w- C:\Users\kpn\AppData\Local\{5E343AB7-0367-4381-982B-2999EE6895BF}
2012-04-27 04:16:40 -------- d-----w- C:\Program Files (x86)\Audiograbber
2012-04-27 03:51:55 611840 ----a-w- C:\windows\SysWow64\DVD43.dll
2012-04-27 03:51:55 -------- d-----w- C:\Program Files (x86)\DVD43 Plug-in
2012-04-25 04:03:28 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-23 09:06:36 -------- d-----w- C:\Users\kpn\AppData\Local\DDMSettings
2012-04-23 06:49:12 -------- d-----w- C:\Users\kpn\AppData\Roaming\DonationCoder
2012-04-23 06:48:58 -------- d-----w- C:\Program Files (x86)\WinPcap
2012-04-23 06:48:20 -------- d-----w- C:\ProgramData\DonationCoder
2012-04-23 06:48:19 -------- d-----w- C:\Program Files (x86)\URLSnooper2
2012-04-23 01:38:09 118784 ----a-w- C:\windows\SysWow64\MSSTDFMT.DLL
2012-04-23 01:38:09 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-04-22 03:36:41 -------- d-----w- C:\Program Files (x86)\ARO 2012
2012-04-22 03:35:42 -------- d-----w- C:\Users\kpn\AppData\Roaming\ProgSense
2012-04-22 03:34:49 -------- d-----w- C:\Users\kpn\AppData\Roaming\GrabPro
2012-04-22 03:34:49 -------- d-----w- C:\downloads
2012-04-22 03:34:41 -------- d-----w- C:\Users\kpn\AppData\Roaming\OpenCandy
2012-04-22 03:34:41 -------- d-----w- C:\Program Files (x86)\Orbitdownloader
2012-04-20 22:41:59 -------- d-----w- C:\Program Files (x86)\FotoSketcher
2012-04-20 05:53:09 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-04-20 05:53:09 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-04-20 05:53:09 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-04-20 05:52:24 -------- d-----w- C:\Program Files\iPod
2012-04-20 05:52:23 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-20 05:52:23 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-20 05:52:22 -------- d-----w- C:\Program Files\iTunes
2012-04-20 05:49:03 -------- d-----w- C:\Program Files\Bonjour
2012-04-20 05:49:03 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-04-16 18:16:51 -------- d-----w- C:\Users\kpn\AppData\Local\{33BC3F30-A221-4416-B869-77410CCF67A7}
2012-04-13 16:10:58 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-13 16:10:57 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-13 16:10:57 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-13 16:05:58 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-13 16:05:58 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-13 16:05:58 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-13 16:05:58 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-13 16:05:57 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-13 16:05:57 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-13 16:05:57 220672 ----a-w- C:\windows\System32\wintrust.dll
.
==================== Find3M ====================
.
2012-05-01 17:11:31 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-01 17:11:31 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 22:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-02-28 06:39:37 1188864 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-14 19:09:44 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
.
============= FINISH: 23:11:15.92 ===============

**Blade81** · 2012-05-14, 10:13

Hi,

Disable word wrap in notepad.

Download aswMBR to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply. Post fresh DDS logs too.

**lantern_green** · 2012-05-14, 21:02

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-14 11:09:10
-----------------------------
11:09:10.639 OS Version: Windows x64 6.1.7601 Service Pack 1
11:09:10.639 Number of processors: 4 586 0x2505
11:09:10.640 ComputerName: KPN_TOSHIBA_II UserName: kpn
11:09:13.037 Initialize success
11:13:16.922 AVAST engine defs: 12051400
11:18:24.018 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:18:24.021 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
11:18:24.039 Disk 0 MBR read successfully
11:18:24.042 Disk 0 MBR scan
11:18:24.046 Disk 0 Windows VISTA default MBR code
11:18:24.086 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:18:24.091 Disk 0 Partition - 00 0F Extended LBA 233648 MB offset 3084480
11:18:24.118 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 230902 MB offset 481596570
11:18:24.146 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10881 MB offset 954488832
11:18:24.179 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 233648 MB offset 3084543
11:18:24.217 Disk 0 scanning C:\windows\system32\drivers
11:18:40.130 Service scanning
11:19:22.588 Modules scanning
11:19:22.929 Disk 0 trace - called modules:
11:19:22.953 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
11:19:22.958 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007028060]
11:19:22.964 3 CLASSPNP.SYS[fffff880017a843f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8007027060]
11:19:22.969 5 thpdrv.sys[fffff88001bb0cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005009050]
11:19:23.927 AVAST engine scan C:\windows
11:19:29.090 AVAST engine scan C:\windows\system32
11:25:21.800 AVAST engine scan C:\windows\system32\drivers
11:25:44.897 AVAST engine scan C:\Users\kpn
11:39:32.860 AVAST engine scan C:\ProgramData
11:43:20.741 Scan finished successfully
11:46:25.070 Disk 0 MBR has been saved successfully to "C:\Users\kpn\Desktop\MBR.dat"
11:46:25.076 The log file has been saved successfully to "C:\Users\kpn\Desktop\aswMBR.txt"

------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by kpn at 11:54:05 on 2012-05-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.1367 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dgdersvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\SysWOW64\cryptainersrv.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\nvvsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
C:\Program Files (x86)\Orbitdownloader\Grab.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Users\kpn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
mURLSearchHooks: H - No File
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [googletalk] C:\Users\kpn\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\Users\kpn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\kpn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\kpn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PMBMED~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{26A4DF69-F04F-42A7-BBD9-3A4DBE1B1780} : NameServer = 0.0.0.0
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\2435E4C4F51405 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\3757E6279637560296E6E6D27657563747 : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\55453547162736F6D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\8444740323 : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\A5854435C40253331324 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94ED1A96-E9D6-47AF-A279-4DA11A5A4831}\F65727E6564777F627B6 : DhcpNameServer = 192.168.2.1 75.75.75.75
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun-x64: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kpn\AppData\Roaming\Mozilla\Firefox\Profiles\7miejhmd.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0128156d-c895-47fe-967c-36727009b0b3%7D&mid=780c9225fd3742409beb0c50ee940207-969f2c32528dfb9c262d3100a75dbdb79ddf8785&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-28%2010%3A07%3A30&sap=ku&q=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\kpn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\kpn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 ssoftnt4;ssoftnt4;\??\C:\windows\system32\Drivers\ssoftnt4.sys --> C:\windows\system32\Drivers\ssoftnt4.sys [?]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\windows\system32\DRIVERS\tmlwf.sys --> C:\windows\system32\DRIVERS\tmlwf.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 acedrv11;acedrv11;\??\C:\windows\system32\drivers\acedrv11.sys --> C:\windows\system32\drivers\acedrv11.sys [?]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-4-23 785304]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 dgdersvc;Device Error Recovery Service;C:\Windows\System32\dgdersvc.exe [2010-12-19 95568]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-6-28 1604200]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-23 1153368]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\windows\system32\DRIVERS\tmwfp.sys --> C:\windows\system32\DRIVERS\tmwfp.sys [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-6-28 2320920]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-16 918880]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 bpenum;bpenum;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;bpmp;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-12-19 18120]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\windows\system32\DRIVERS\ew_jubusenum.sys --> C:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\windows\system32\DRIVERS\stdriver64.sys --> C:\windows\system32\DRIVERS\stdriver64.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-28 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\windows\system32\drivers\WsAudioDevice_383S(1).sys --> C:\windows\system32\drivers\WsAudioDevice_383S(1).sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 135664]
S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S2 SwOffWeb;Airytec Switch Off - Web Interface;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 257696]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-12 1025352]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 135664]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-12 340240]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pwdrvio;pwdrvio;\??\C:\windows\system32\pwdrvio.sys --> C:\windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\windows\system32\pwdspio.sys --> C:\windows\system32\pwdspio.sys [?]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2012-3-8 16392]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 370008]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-10 23:00:23 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-10 04:38:45 -------- d-----w- C:\ProgramData\F-Secure
2012-05-10 03:46:40 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-10 03:13:59 -------- d-----w- C:\ComboFix
2012-05-10 02:46:52 98816 ----a-w- C:\windows\sed.exe
2012-05-10 02:46:52 518144 ----a-w- C:\windows\SWREG.exe
2012-05-10 02:46:52 256000 ----a-w- C:\windows\PEV.exe
2012-05-10 02:46:52 208896 ----a-w- C:\windows\MBR.exe
2012-05-09 20:00:55 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-09 19:32:54 -------- d-----w- C:\Users\kpn\AppData\Local\NPE
2012-05-09 16:41:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-09 05:15:08 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-05-09 05:15:07 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-05-09 05:15:04 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-09 05:15:03 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 05:15:03 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-05-09 05:15:01 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-09 05:12:09 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-05-09 05:11:32 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-05-09 05:11:24 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 05:11:24 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 05:11:24 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 05:11:24 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 05:11:24 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 06:59:44 -------- d-----w- C:\Users\kpn\AppData\Roaming\Nullsoft
2012-05-08 00:56:55 -------- d-----w- C:\Program Files\HitmanPro
2012-05-08 00:56:48 -------- d-----w- C:\ProgramData\HitmanPro
2012-05-07 21:46:41 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-05-07 21:43:58 251528 ----a-w- C:\windows\System32\drivers\PCTSD64.sys
2012-05-07 21:43:57 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-05-07 21:43:32 -------- d-----w- C:\ProgramData\PC Tools
2012-05-07 21:43:29 -------- d-----w- C:\Users\kpn\AppData\Roaming\TestApp
2012-05-07 18:30:10 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-05-07 18:30:10 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-05-07 18:30:10 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-05-07 08:56:48 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-07 08:56:48 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-05-07 08:56:48 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-07 08:56:48 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-07 08:56:47 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-07 08:56:47 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-07 08:56:47 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-05-01 00:40:22 -------- d-----w- C:\Users\kpn\AppData\Local\DuplicateCleaner
2012-04-30 22:39:29 662288 ----a-w- C:\windows\SysWow64\mscomct2.ocx
2012-04-30 22:39:29 609824 ----a-w- C:\windows\SysWow64\comctl32.ocx
2012-04-30 22:39:29 40960 ----a-w- C:\windows\SysWow64\ssubtmr6.dll
2012-04-30 22:39:29 36864 ----a-w- C:\windows\SysWow64\trayicon_handler.ocx
2012-04-30 22:39:29 28672 ----a-w- C:\windows\SysWow64\mousewheel.ocx
2012-04-30 22:39:29 164144 ----a-w- C:\windows\SysWow64\comct232.ocx
2012-04-30 22:39:28 212240 ----a-w- C:\windows\SysWow64\richtx32.ocx
2012-04-30 22:39:28 -------- d-----w- C:\Program Files (x86)\DVD Flick
2012-04-27 15:38:10 -------- d-----w- C:\Users\kpn\AppData\Local\{7D45108C-9B76-4A0B-80EF-5C964723E039}
2012-04-27 15:37:51 -------- d-----w- C:\Users\kpn\AppData\Local\{5E343AB7-0367-4381-982B-2999EE6895BF}
2012-04-27 04:16:40 -------- d-----w- C:\Program Files (x86)\Audiograbber
2012-04-27 03:51:55 611840 ----a-w- C:\windows\SysWow64\DVD43.dll
2012-04-27 03:51:55 -------- d-----w- C:\Program Files (x86)\DVD43 Plug-in
2012-04-25 04:03:28 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-23 09:06:36 -------- d-----w- C:\Users\kpn\AppData\Local\DDMSettings
2012-04-23 06:49:12 -------- d-----w- C:\Users\kpn\AppData\Roaming\DonationCoder
2012-04-23 06:48:58 -------- d-----w- C:\Program Files (x86)\WinPcap
2012-04-23 06:48:20 -------- d-----w- C:\ProgramData\DonationCoder
2012-04-23 06:48:19 -------- d-----w- C:\Program Files (x86)\URLSnooper2
2012-04-23 01:38:09 118784 ----a-w- C:\windows\SysWow64\MSSTDFMT.DLL
2012-04-23 01:38:09 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-04-22 03:36:41 -------- d-----w- C:\Program Files (x86)\ARO 2012
2012-04-22 03:35:42 -------- d-----w- C:\Users\kpn\AppData\Roaming\ProgSense
2012-04-22 03:34:49 -------- d-----w- C:\Users\kpn\AppData\Roaming\GrabPro
2012-04-22 03:34:49 -------- d-----w- C:\downloads
2012-04-22 03:34:41 -------- d-----w- C:\Users\kpn\AppData\Roaming\OpenCandy
2012-04-22 03:34:41 -------- d-----w- C:\Program Files (x86)\Orbitdownloader
2012-04-20 22:41:59 -------- d-----w- C:\Program Files (x86)\FotoSketcher
2012-04-20 05:53:09 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-04-20 05:53:09 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-04-20 05:53:09 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-04-20 05:52:24 -------- d-----w- C:\Program Files\iPod
2012-04-20 05:52:23 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-20 05:52:23 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-20 05:52:22 -------- d-----w- C:\Program Files\iTunes
2012-04-20 05:49:03 -------- d-----w- C:\Program Files\Bonjour
2012-04-20 05:49:03 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-04-16 18:16:51 -------- d-----w- C:\Users\kpn\AppData\Local\{33BC3F30-A221-4416-B869-77410CCF67A7}
.
==================== Find3M ====================
.
2012-05-10 23:00:30 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-10 23:00:30 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 22:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-01 06:46:16 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-14 19:09:44 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 11:55:24.21 ===============

Thanks. Let me know if you need anything else.

**Blade81** · 2012-05-15, 06:31

Hi

I think you missed Please do NOT run 'FIXES' (ComboFix etc) without being asked (ran ComboFix though it shouldn't be used without supervision) sticky. Post contents of c:\ComboFix.txt file.

**lantern_green** · 2012-05-15, 08:10

ComboFix 12-05-09.01 - kpn 05/09/2012 20:15:28.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.1302 [GMT -7:00]
Running from: c:\users\kpn\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\kpn\AppData\Local\TempDIR
c:\users\kpn\AppData\Roaming\Adobe\plugs
c:\users\kpn\AppData\Roaming\Adobe\shed
c:\users\Mini\AppData\Local\TempDIR
c:\windows\SysWow64\Temp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-10 03:24 . 2012-05-10 03:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-10 03:24 . 2012-05-10 03:24 -------- d-----w- c:\users\Mini\AppData\Local\temp
2012-05-10 03:24 . 2012-05-10 03:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-10 03:24 . 2012-05-10 03:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-09 20:00 . 2012-05-09 20:00 -------- d-----w- c:\program files (x86)\ESET
2012-05-09 19:32 . 2012-05-09 19:47 -------- d-----w- c:\users\kpn\AppData\Local\NPE
2012-05-09 16:41 . 2012-05-09 16:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-08 06:59 . 2012-05-08 06:59 -------- d-----w- c:\users\kpn\AppData\Roaming\Nullsoft
2012-05-08 01:42 . 2012-05-08 01:47 -------- d-----w- c:\program files (x86)\ERUNT
2012-05-08 00:56 . 2012-05-08 00:57 -------- d-----w- c:\program files\HitmanPro
2012-05-08 00:56 . 2012-05-08 00:57 -------- d-----w- c:\programdata\HitmanPro
2012-05-07 21:46 . 2012-05-07 22:08 -------- d-----w- c:\program files (x86)\PC Tools
2012-05-07 21:43 . 2012-03-20 20:50 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-05-07 21:43 . 2012-05-08 00:17 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-05-07 21:43 . 2012-05-07 22:25 -------- d-----w- c:\programdata\PC Tools
2012-05-07 21:43 . 2012-05-07 21:43 -------- d-----w- c:\users\kpn\AppData\Roaming\TestApp
2012-05-07 18:30 . 2012-05-07 18:30 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2012-05-07 18:30 . 2012-05-07 18:30 -------- d-----w- c:\program files (x86)\Application Updater
2012-05-07 18:30 . 2012-05-07 18:30 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-05-07 08:56 . 2012-05-07 08:56 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-07 08:56 . 2012-05-07 08:56 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-05-07 08:56 . 2012-05-07 08:56 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-07 08:56 . 2012-05-07 08:56 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-07 08:56 . 2012-05-07 08:56 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-07 08:56 . 2012-05-07 08:56 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-07 08:56 . 2012-05-07 08:56 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-05-01 00:40 . 2012-05-01 01:43 -------- d-----w- c:\users\kpn\AppData\Local\DuplicateCleaner
2012-04-30 22:39 . 2008-08-31 20:27 28672 ----a-w- c:\windows\SysWow64\mousewheel.ocx
2012-04-30 22:39 . 2007-09-01 01:36 36864 ----a-w- c:\windows\SysWow64\trayicon_handler.ocx
2012-04-30 22:39 . 2004-03-09 07:00 662288 ----a-w- c:\windows\SysWow64\mscomct2.ocx
2012-04-30 22:39 . 2004-03-09 07:00 609824 ----a-w- c:\windows\SysWow64\comctl32.ocx
2012-04-30 22:39 . 2003-01-26 20:41 40960 ----a-w- c:\windows\SysWow64\ssubtmr6.dll
2012-04-30 22:39 . 1998-06-24 07:00 164144 ----a-w- c:\windows\SysWow64\comct232.ocx
2012-04-30 22:39 . 2012-04-30 22:39 -------- d-----w- c:\program files (x86)\DVD Flick
2012-04-30 22:39 . 2004-03-09 07:00 212240 ----a-w- c:\windows\SysWow64\richtx32.ocx
2012-04-27 04:16 . 2012-04-27 04:16 -------- d-----w- c:\program files (x86)\Audiograbber
2012-04-27 04:01 . 2012-04-27 04:01 -------- d-----w- c:\program files (x86)\Smart Projects
2012-04-27 03:51 . 2012-04-27 03:55 -------- d-----w- c:\program files (x86)\DVD43 Plug-in
2012-04-27 03:51 . 2010-05-25 22:26 611840 ----a-w- c:\windows\SysWow64\DVD43.dll
2012-04-25 04:03 . 2012-04-25 04:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-23 09:06 . 2012-04-23 09:06 -------- d-----w- c:\users\kpn\AppData\Local\DDMSettings
2012-04-23 06:49 . 2012-04-23 06:49 -------- d-----w- c:\users\kpn\AppData\Roaming\DonationCoder
2012-04-23 06:48 . 2012-04-23 06:48 -------- d-----w- c:\program files (x86)\WinPcap
2012-04-23 06:48 . 2012-04-23 06:48 -------- d-----w- c:\programdata\DonationCoder
2012-04-23 06:48 . 2012-04-23 06:49 -------- d-----w- c:\program files (x86)\URLSnooper2
2012-04-23 01:38 . 2012-05-09 21:26 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-04-23 01:38 . 2010-01-11 01:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-04-22 03:36 . 2012-04-22 03:36 -------- d-----w- c:\program files (x86)\ARO 2012
2012-04-22 03:35 . 2012-04-22 03:35 -------- d-----w- c:\users\kpn\AppData\Roaming\ProgSense
2012-04-22 03:34 . 2012-05-09 19:32 -------- d-----w- C:\downloads
2012-04-22 03:34 . 2012-04-22 03:34 -------- d-----w- c:\users\kpn\AppData\Roaming\GrabPro
2012-04-22 03:34 . 2012-05-10 02:39 -------- d-----w- c:\users\kpn\AppData\Roaming\Orbit
2012-04-22 03:34 . 2012-04-22 03:34 -------- d-----w- c:\users\kpn\AppData\Roaming\OpenCandy
2012-04-22 03:34 . 2012-04-22 03:34 -------- d-----w- c:\program files (x86)\Orbitdownloader
2012-04-20 22:41 . 2012-04-20 22:42 -------- d-----w- c:\program files (x86)\FotoSketcher
2012-04-20 05:53 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-20 05:53 . 2008-04-17 19:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-04-20 05:53 . 2008-04-17 19:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-04-20 05:52 . 2012-04-20 05:52 -------- d-----w- c:\program files\iPod
2012-04-20 05:52 . 2012-04-20 05:53 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-20 05:52 . 2012-04-20 05:53 -------- d-----w- c:\program files (x86)\iTunes
2012-04-20 05:52 . 2012-04-20 05:53 -------- d-----w- c:\program files\iTunes
2012-04-20 05:49 . 2012-04-20 05:49 -------- d-----w- c:\program files\Common Files\Apple
2012-04-20 05:49 . 2012-04-20 05:49 -------- d-----w- c:\program files\Bonjour
2012-04-20 05:49 . 2012-04-20 05:49 -------- d-----w- c:\program files (x86)\Bonjour
2012-04-13 16:10 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 16:10 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-13 16:10 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-13 16:05 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 16:05 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 16:05 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 16:05 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 16:05 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 16:05 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 16:05 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 17:11 . 2012-04-08 01:05 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-01 17:11 . 2011-05-16 18:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 22:56 . 2011-06-29 20:11 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 14:10 . 2012-03-02 14:11 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-03-02 14:10 . 2012-03-02 14:11 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-03-02 14:10 . 2012-03-02 14:11 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-03-02 14:10 . 2012-03-02 14:11 421376 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2012-03-02 14:10 . 2012-03-02 14:11 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-03-02 14:10 . 2012-03-02 14:11 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-03-02 14:10 . 2012-03-02 14:11 221312 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-03-02 14:10 . 2012-03-02 14:11 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-03-02 14:10 . 2012-03-02 14:11 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-03-02 14:10 . 2012-03-02 14:11 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-03-02 14:10 . 2012-03-02 14:11 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-03-02 14:10 . 2012-03-02 14:11 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-03-02 14:10 . 2012-03-02 14:11 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-03-02 14:10 . 2008-03-27 22:51 1490656 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2012-02-17 06:38 . 2012-03-16 02:52 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-16 02:52 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-16 02:52 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-16 02:52 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-16 03:08 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-16 03:08 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-17 03:49 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-17 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-13 1242448]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-29 39408]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
"googletalk"="c:\users\kpn\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"adm_tray.exe"="c:\program files (x86)\Acronis\DriveMonitor\adm_tray.exe" [2010-08-26 531664]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-17 982880]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-05 928096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\kpn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
PMB Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2011-1-4 333088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 135664]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2010-07-13 177664]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2010-07-13 177664]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
R3 ALSysIO;ALSysIO;c:\users\kpn\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-12 340240]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-12-20 16392]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 370008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 ssoftnt4;ssoftnt4;c:\windows\system32\Drivers\ssoftnt4.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-04-24 785304]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-12-20 119632]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-05-05 1604200]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-17 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-12-20 20552]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [x]
S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 17:11]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 03:05]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 03:05]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-703103886-71020440-1456911322-1001Core.job
- c:\users\kpn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 17:55]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-703103886-71020440-1456911322-1001UA.job
- c:\users\kpn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 17:55]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-05 17412200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-01-27 1445888]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-08-14 462400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-12 1931536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com/?o=14597&l=dis
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{26A4DF69-F04F-42A7-BBD9-3A4DBE1B1780}: NameServer = 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\kpn\AppData\Roaming\Mozilla\Firefox\Profiles\7miejhmd.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0128156d-c895-47fe-967c-36727009b0b3%7D&mid=780c9225fd3742409beb0c50ee940207-969f2c32528dfb9c262d3100a75dbdb79ddf8785&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-28%2010%3A07%3A30&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-KiesTrayAgent - (no file)
Wow6432Node-HKCU-Run-AROReminder - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
SafeBoot-50486150.sys
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{29BAD36F-F421-40F8-A128-E03382E59C70} - c:\users\kpn\AppData\Local\{5553977E-AF8B-4870-AEB6-53B6C1BC822D}\Sins_of_a_Solar_Empire_setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-703103886-71020440-1456911322-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-703103886-71020440-1456911322-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-703103886-71020440-1456911322-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:1f,7e,78,c1,9e,89,ce,59,03,12,d3,30,23,34,cd,6c,84,3c,e8,63,c4,4c,3e,
10,44,27,67,62,8d,9a,cd,ff,ce,28,36,ad,8e,91,1f,54,f3,25,1f,f9,77,52,58,ba,\
"??"=hex:4e,5b,94,3c,fd,7c,e9,4e,cd,39,69,eb,e3,76,76,ba
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\windows\SysWOW64\cryptainersrv.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-05-09 20:37:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 03:37
.
Pre-Run: 98,672,111,616 bytes free
Post-Run: 98,544,791,552 bytes free
.
- - End Of File - - 7B9AA92BFAE7667CA6058E511C59101F

**Blade81** · 2012-05-15, 15:36

Hi,

Since you had run tools after topic starter it's possible remaining symptoms are not the same. So, what are current problems with the system?

**lantern_green** · 2012-05-15, 20:05

Hi there,

The symptoms are the same as before. search results from search engines keep redirecting to bogus links like fabusearch.com, shoppingcove.com, etc.

Thanks a lot for your help.

**Blade81** · 2012-05-16, 07:35

Hi,

Does IE have this redirect issue too or just Firefox and Chrome?

**lantern_green** · 2012-05-16, 09:22

Hi there,

After testing IE quite a bit, it seems to be safe from the issues. Only Chrome and Firefox are the ones with the problem.

Thanks again for ur time and hard work.

**Blade81** · 2012-05-16, 10:25

Hi,

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Thread: Google/Bing Redirects

Thread Tools

Display

Google/Bing Redirects

aswMBR and fresh DDs Logs as requested

Posted contents of c:\ComboFix.txt. sorry abt that...missed it the first time around.

The symptoms are the same as original. Google, Bing, etc keeps redirecting.

Posting Permissions