Hello I recently had some help in r/o

[renparenp]

the spybot section and am hoping I have the Babylon and About Blank issues solved however could you take a look at my dds and aswMBR to see if its indeed solved or if there are any other issues? Much Thanks

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Karen at 10:30:11 on 2012-08-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.274 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: {9E41E4C4-8C5C-4758-BBDC-30B04F93A23C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {3BBD3C14-4C16-4989-8366-95BC9179779D} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [POEngine5]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
TCP: Interfaces\{59404E89-05E5-4783-AA01-6FE99D348ACD} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D5E2B96E-7FD7-4362-BD71-0C6D17465BC6} : DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-2 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-9-8 809296]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-20 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-11 20:38:29 -------- d-----w- c:\users\karen\appdata\local\CRE
2012-07-17 21:32:25 -------- d-----w- c:\program files\Oracle
2012-07-17 21:30:41 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
.
==================== Find3M ====================
.
2012-08-05 08:28:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-05 08:28:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 05:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 10:33:06.27 ===============

View attachment 9791


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-11 21:46:04
-----------------------------
21:46:04.049 OS Version: Windows 6.0.6002 Service Pack 2
21:46:04.049 Number of processors: 2 586 0xF02
21:46:04.049 ComputerName: KAREN-PC UserName: Karen
21:46:10.304 Initialize success
21:48:00.759 AVAST engine defs: 12081101
21:48:04.456 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:48:04.456 Disk 0 Vendor: TOSHIBA_MK1637GSX DL030M Size: 152627MB BusType: 3
21:48:04.488 Disk 0 MBR read successfully
21:48:04.488 Disk 0 MBR scan
21:48:04.628 Disk 0 Windows VISTA default MBR code
21:48:04.644 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:48:04.659 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 140886 MB offset 3074048
21:48:04.706 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10240 MB offset 291608576
21:48:04.737 Disk 0 scanning sectors +312580096
21:48:04.878 Disk 0 scanning C:\Windows\system32\drivers
21:48:31.928 Service scanning
21:49:11.786 Modules scanning
21:49:22.051 Disk 0 trace - called modules:
21:49:22.082 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
21:49:22.082 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bb7ac8]
21:49:22.082 3 CLASSPNP.SYS[8689e8b3] -> nt!IofCallDriver -> [0x843ff918]
21:49:22.082 5 acpi.sys[862426bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x843e1030]
21:49:23.814 AVAST engine scan C:\Windows
21:49:28.072 AVAST engine scan C:\Windows\system32
21:55:32.771 AVAST engine scan C:\Windows\system32\drivers
21:55:53.878 AVAST engine scan C:\Users\Karen
22:00:24.865 Disk 0 MBR has been saved successfully to "C:\Users\Karen\Documents\MBR.dat"
22:00:24.896 The log file has been saved successfully to "C:\Users\Karen\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-12 10:02:47
-----------------------------
10:02:47.927 OS Version: Windows 6.0.6002 Service Pack 2
10:02:47.927 Number of processors: 2 586 0xF02
10:02:47.927 ComputerName: KAREN-PC UserName: Karen
10:03:32.278 Initialize success
10:03:50.561 AVAST engine defs: 12081101
10:03:57.222 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:03:57.238 Disk 0 Vendor: TOSHIBA_MK1637GSX DL030M Size: 152627MB BusType: 3
10:03:57.254 Disk 0 MBR read successfully
10:03:57.269 Disk 0 MBR scan
10:03:57.363 Disk 0 Windows VISTA default MBR code
10:03:57.394 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
10:03:57.410 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 140886 MB offset 3074048
10:03:57.456 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10240 MB offset 291608576
10:03:57.488 Disk 0 scanning sectors +312580096
10:03:57.706 Disk 0 scanning C:\Windows\system32\drivers
10:04:21.278 Service scanning
10:05:07.594 Modules scanning
10:05:19.824 Disk 0 trace - called modules:
10:05:19.871 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
10:05:19.871 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bb6ac8]
10:05:19.887 3 CLASSPNP.SYS[8649a8b3] -> nt!IofCallDriver -> [0x843df550]
10:05:19.887 5 acpi.sys[826496bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x843fa030]
10:05:21.915 AVAST engine scan C:\Windows
10:05:26.330 AVAST engine scan C:\Windows\system32
10:09:30.548 AVAST engine scan C:\Windows\system32\drivers
10:09:54.057 AVAST engine scan C:\Users\Karen
10:29:31.794 Disk 0 MBR has been saved successfully to "C:\Users\Karen\Documents\MBR.dat"
10:29:31.872 The log file has been saved successfully to "C:\Users\Karen\Documents\aswMBR.txt"

its still here(Babylon ). It doesn"t come up with adaware but its still coming up on my toolbar and search. Any help appreciated. Thanks
Karen.

Sorry I meant Spybot.

 

[ken545]

:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR



Please download Malwarebytes from Here or Here

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please







Please run this free online virus scanner from ESET

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is NOT TICKED, and the option Scan unwanted applications is checked
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

 

[renparenp]

Malwarebytes etc

There were no threats found on the malwarebytes when scanned as administrator.
No threats found on the EST scan either.
I am also reposting my Ddds and aswMBR because i have done windows updates and they appear different now.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Karen at 20:12:43 on 2012-08-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.169 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
StartupFolder: c:\users\karen\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\ssv.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
TCP: Interfaces\{59404E89-05E5-4783-AA01-6FE99D348ACD} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D5E2B96E-7FD7-4362-BD71-0C6D17465BC6} : DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-2 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-9-8 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-20 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-15 00:36:32 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 00:20:18 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 16:59:04 -------- d-----w- c:\users\karen\appdata\roaming\AVG
2012-08-14 03:18:50 -------- d-----w- c:\users\karen\appdata\local\Apps
2012-08-14 03:12:14 -------- d-----w- c:\users\karen\appdata\local\MigWiz
2012-08-11 20:38:29 -------- d-----w- c:\users\karen\appdata\local\CRE
2012-07-30 21:52:13 103904 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-07-17 21:32:25 -------- d-----w- c:\program files\Oracle
2012-07-17 21:30:41 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
.
==================== Find3M ====================
.
2012-08-14 21:44:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 21:44:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 05:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-07 03:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 20:16:37.49 ===============


View attachment 9799

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-14 20:23:26
-----------------------------
20:23:26.292 OS Version: Windows 6.0.6002 Service Pack 2
20:23:26.292 Number of processors: 2 586 0xF02
20:23:26.292 ComputerName: KAREN-PC UserName: Karen
20:23:40.316 Initialize success
20:25:05.859 AVAST engine defs: 12081401
20:25:09.208 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:25:09.208 Disk 0 Vendor: TOSHIBA_MK1637GSX DL030M Size: 152627MB BusType: 3
20:25:09.239 Disk 0 MBR read successfully
20:25:09.239 Disk 0 MBR scan
20:25:09.364 Disk 0 Windows VISTA default MBR code
20:25:09.379 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:25:09.395 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 140886 MB offset 3074048
20:25:09.442 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10240 MB offset 291608576
20:25:09.473 Disk 0 scanning sectors +312580096
20:25:09.691 Disk 0 scanning C:\Windows\system32\drivers
20:25:44.423 Service scanning
20:26:24.162 Modules scanning
20:26:37.423 Disk 0 trace - called modules:
20:26:37.442 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:26:37.444 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bb6ac8]
20:26:37.445 3 CLASSPNP.SYS[868a18b3] -> nt!IofCallDriver -> [0x84400878]
20:26:37.445 5 acpi.sys[862456bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x843fe030]
20:26:39.114 AVAST engine scan C:\Windows
20:26:47.471 AVAST engine scan C:\Windows\system32
20:32:13.022 AVAST engine scan C:\Windows\system32\drivers
20:32:33.257 AVAST engine scan C:\Users\Karen
20:36:29.090 Disk 0 MBR has been saved successfully to "C:\Users\Karen\Desktop\MBR.dat"
20:36:29.121 The log file has been saved successfully to "C:\Users\Karen\Desktop\aswMBR.txt"

There were no threats found with malwarebytes when I ran it as administrator.
No threats found on EST scan.

 

[ken545]

Logs look fine,

You can run this quick scanner and post the log and we can use it to clean you up some

OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

 

[renparenp]

The OTL scan:

OTL Extras logfile created on: 16/08/2012 2:41:25 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Karen\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 471.40 Mb Available Physical Memory | 46.52% Memory free
2.23 Gb Paging File | 0.91 Gb Available in Paging File | 40.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.58 Gb Total Space | 15.01 Gb Free Space | 10.91% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-960491262-2195050847-907181488-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{105349C1-0DF5-4F23-B8E5-A25BA0C3AD99}" = rport=139 | protocol=6 | dir=out | app=system |
"{23C03F00-485E-4B30-901D-1721449A043D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{270D0449-35AE-468F-95AD-BE39AE069C00}" = lport=138 | protocol=17 | dir=in | app=system |
"{36553287-31AA-46DF-829F-CF9D5B98D1B2}" = rport=445 | protocol=6 | dir=out | app=system |
"{37A20DE8-C155-4175-9297-56621EAB7FE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{473E45D5-85A2-4D56-92D7-2CC6121B432F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{47AFE207-4C35-4B33-9AF5-D1656CD1604B}" = rport=137 | protocol=17 | dir=out | app=system |
"{79FC19AB-9A36-45C3-A0D5-1E0A2A35A856}" = lport=137 | protocol=17 | dir=in | app=system |
"{7CFAD557-2F17-483A-8791-25E41FB6D5E7}" = lport=445 | protocol=6 | dir=in | app=system |
"{7EAD7A08-FC80-4BED-A21B-3D35A6807D23}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A0860CC3-1193-4250-9571-D688C2B5F7E4}" = lport=139 | protocol=6 | dir=in | app=system |
"{ADECA176-471E-4423-B455-62B649DB6078}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B9F8B451-8E1D-4689-92B7-BE1F4F3CBF35}" = rport=138 | protocol=17 | dir=out | app=system |
"{C6A73625-E520-4983-8492-AD3A13B62D84}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D91974C0-EFAE-4826-B6B2-7F5856C50202}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03806A66-7C4D-46E9-BE2D-C005FE4C8AAB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0A69EA76-511A-4494-A3A9-7BE4ECEF8532}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{1344CF4E-4796-49CE-858D-8390F08D637C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{3004DA26-F629-46CA-AA59-2C382F656EAA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{35D371FE-CF52-409E-BC44-32B9A1DE0060}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{3A8E9964-3D4A-4386-B5A3-E9D3BCC57EB3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3CA44EEB-0579-438C-9118-A8F0DC288C55}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{434223CE-4F33-4AD0-86B0-091617D11111}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{5A11302B-FDAF-4076-8BD1-7F1F0A28BC81}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5E5ED51E-DCE3-45BA-A867-49C8BDA90D6B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{64B74BF1-709C-45D7-BAE0-5641884C5572}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{77FA1978-84E2-41F2-A950-F1FEC2EF5FE2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{8072C338-7F4A-4314-9B7F-C67316B8DA85}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{9B2F1FC4-B4ED-46D4-A105-759FAB542092}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AB2BFE24-B2ED-4E42-B7D4-1926572F3355}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF11CE5D-A5D9-40E0-BA92-08A798401640}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D29D57D9-F005-4C26-8DFF-6A50AF208FBB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D8203CEB-C9FF-43FB-9F59-390251F02B2C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{E84D8DF3-B1BE-4598-8E95-670A94D029FD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F1DC7F97-CE7E-4C1D-B987-DD1D19190EF3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{F76828B2-E6AA-4771-BBF6-7E7C7A8E8E81}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{F80E4247-0325-41C9-BEFD-092A35ABE2F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{88C9A605-843E-4615-AA40-ECC23031391F}" = StudioTax 2011
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E41E4C4-8C5C-4758-BBDC-30B04F93A23C}" = Mirar
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2012
"CameraUserGuide-PSA3100ISandPSA3000IS" = Canon PowerShot A3100 IS and PowerShot A3000 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"GoFTP_is1" = GoFTP v2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MyCamera" = Canon Utilities MyCamera
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Poker PlayNow.com" = Poker PlayNow.com
"PokerStars" = PokerStars
"PROHYBRIDR" = 2007 Microsoft Office system
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"uTorrent" = µTorrent
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/08/2012 5:55:54 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e94 Start Time: 01cd780ae3f41f6d Termination Time: 7722

Error - 11/08/2012 6:04:48 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1408 Start Time: 01cd780c5e2d0b1d Termination Time: 12605

Error - 11/08/2012 10:41:31 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 14c8 Start Time: 01cd7833ab103aa4 Termination Time: 78

Error - 12/08/2012 12:33:20 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1770 Start Time: 01cd78a570bc0680 Termination Time: 118

Error - 12/08/2012 2:39:03 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: cbc Start Time: 01cd78b99f4910c3 Termination Time: 28

Error - 13/08/2012 1:28:48 AM | Computer Name = Karen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16447, time stamp
0x4fc9cd53, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967,
exception code 0xc0000005, fault offset 0x0003fc56, process id 0x674, application
start time 0x01cd78d0976f5d23.

Error - 13/08/2012 6:18:51 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 2fc0 Start Time: 01cd79a058007a93 Termination Time: 78

Error - 14/08/2012 1:09:25 AM | Computer Name = Karen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16447, time stamp
0x4fc9cd53, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000081, process id 0x2d88, application start time
0x01cd79c427343863.

Error - 14/08/2012 5:10:27 PM | Computer Name = Karen-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: Failed to get state for bits job HResult:
0x80080008.

Error - 14/08/2012 9:56:23 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ed4 Start Time: 01cd7a890a85b353 Termination Time: 15

Error - 16/08/2012 3:31:52 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b44 Start Time: 01cd7be5b0ace2d9 Termination Time: 150

[ Media Center Events ]
Error - 16/04/2008 2:26:10 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 01/10/2008 1:38:44 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/11/2008 1:22:06 AM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 15/01/2009 11:46:54 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 18/01/2009 8:53:52 AM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/03/2009 1:14:12 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 29/04/2009 10:46:26 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 20/05/2009 11:38:43 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/06/2009 3:42:09 AM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 08/05/2010 2:51:58 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 15/07/2009 8:01:34 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/07/2009 8:02:14 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/07/2009 8:04:26 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/09/2009 8:39:57 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 14/08/2012 5:04:01 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10005
Description =

Error - 14/08/2012 5:04:01 PM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 14/08/2012 5:04:01 PM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/08/2012 5:08:21 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 14/08/2012 5:09:23 PM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 14/08/2012 5:09:56 PM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 14/08/2012 8:49:19 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 14/08/2012 10:50:39 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 15/08/2012 1:30:01 AM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 15/08/2012 2:02:56 AM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =


< End of report >


OTL logfile created on: 16/08/2012 2:41:25 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Karen\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 471.40 Mb Available Physical Memory | 46.52% Memory free
2.23 Gb Paging File | 0.91 Gb Available in Paging File | 40.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.58 Gb Total Space | 15.01 Gb Free Space | 10.91% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Karen\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\885464a66959861e3989120c21a8b1ad\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
MOD - C:\Program Files\TOSHIBA\ConfigFree\NotifyCFF.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 69 60 70 92 79 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - No CLSID value found
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112454&babsrc=SP_ss&mntrId=82cd616e0000000000000019d2b927cd
IE - HKCU\..\SearchScopes\{5723B224-B21B-44E9-9459-427A5EAE7992}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
IE - HKCU\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH
IE - HKCU\..\SearchScopes\{FF2584F9-D3AE-4DA2-867A-3CB9524BB963}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=9M&apn_dtid=OSJ000&apn_uid=DF4FC017-0237-4D8F-B806-E6BEFEA40F3B&apn_sauid=74661D54-4BB9-45EF-9BC3-A71669337471
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/28 08:19:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/28 08:17:32 | 000,000,000 | ---D | M]

[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions
[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/08/11 13:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions
[2012/08/11 13:40:18 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

O1 HOSTS File: ([2012/08/12 22:29:44 | 000,262,913 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9121 more lines...
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59404E89-05E5-4783-AA01-6FE99D348ACD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5E2B96E-7FD7-4362-BD71-0C6D17465BC6}: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 10:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/14 17:37:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/14 17:37:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/14 17:37:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/14 17:37:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/14 17:37:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/14 17:37:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/14 17:37:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 17:36:32 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/14 09:59:04 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\AVG
[2012/08/14 09:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/13 20:18:50 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\Apps
[2012/08/13 20:12:14 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\MigWiz
[2012/08/12 13:07:03 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/12 13:07:03 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/11 21:08:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/11 13:38:29 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\CRE
[2012/07/31 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator_files
[2012/07/31 15:56:02 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus_files
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/16 14:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/16 14:35:45 | 000,000,520 | ---- | M] () -- C:\Users\Karen\Desktop\OTL - Shortcut.lnk
[2012/08/16 14:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/16 13:05:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 13:05:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 22:06:06 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/15 17:48:59 | 103,922,008 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/14 23:05:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 22:28:16 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 20:36:29 | 000,000,512 | ---- | M] () -- C:\Users\Karen\Desktop\MBR.dat
[2012/08/14 20:22:38 | 000,000,505 | ---- | M] () -- C:\Users\Karen\Desktop\Attach - Shortcut.lnk
[2012/08/14 20:22:24 | 000,003,529 | ---- | M] () -- C:\Users\Karen\Documents\Attach.zip
[2012/08/14 19:42:08 | 000,000,924 | ---- | M] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | M] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | M] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/14 17:57:16 | 000,420,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 17:43:20 | 000,453,846 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/14 14:44:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/14 14:44:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/14 14:04:28 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/14 09:24:05 | 000,002,517 | ---- | M] () -- C:\Users\Karen\Desktop\HiJackThis.lnk
[2012/08/13 12:39:16 | 000,000,954 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/12 22:29:44 | 000,262,913 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/12 11:22:51 | 000,001,090 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/12 11:22:51 | 000,001,066 | ---- | M] () -- C:\Users\Karen\Desktop\Spybot - Search & Destroy.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | M] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | M] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | M] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/08/11 13:36:19 | 000,000,787 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/08/11 13:36:19 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/07/31 15:57:26 | 000,089,174 | ---- | M] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:56:03 | 000,048,358 | ---- | M] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2012/07/27 22:39:55 | 000,131,584 | ---- | M] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/16 14:35:45 | 000,000,520 | ---- | C] () -- C:\Users\Karen\Desktop\OTL - Shortcut.lnk
[2012/08/14 22:28:16 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 20:36:29 | 000,000,512 | ---- | C] () -- C:\Users\Karen\Desktop\MBR.dat
[2012/08/14 20:22:38 | 000,000,505 | ---- | C] () -- C:\Users\Karen\Desktop\Attach - Shortcut.lnk
[2012/08/14 20:22:24 | 000,003,529 | ---- | C] () -- C:\Users\Karen\Documents\Attach.zip
[2012/08/14 19:42:08 | 000,000,924 | ---- | C] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | C] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | C] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | C] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | C] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | C] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/07/31 15:57:23 | 000,089,174 | ---- | C] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:55:59 | 000,048,358 | ---- | C] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2010/12/27 21:49:36 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/27 21:49:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/18 11:27:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/21 15:17:51 | 004,146,115 | ---- | C] () -- C:\Users\Karen\IMG_0024.JPG
[2010/07/20 15:55:35 | 000,011,806 | -H-- | C] () -- C:\Users\Karen\ZbThumbnail.info
[2010/07/20 15:55:34 | 002,222,142 | ---- | C] () -- C:\Users\Karen\IMG_0014.JPG
[2009/07/02 20:27:47 | 000,000,036 | ---- | C] () -- C:\Users\Karen\AppData\Local\housecall.guid.cache
[2007/11/06 11:48:03 | 000,001,356 | ---- | C] () -- C:\Users\Karen\AppData\Local\d3d9caps.dat
[2007/08/28 20:45:27 | 000,131,584 | ---- | C] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/14 10:02:12 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG
[2011/10/12 11:57:10 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG2012
[2007/12/26 19:35:44 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\F-Secure
[2011/02/07 23:23:48 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Gygan
[2008/10/14 23:53:13 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\HouseCall 6.6
[2010/02/23 00:37:32 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Image Zone Express
[2007/12/26 20:36:06 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\InterVideo
[2011/02/07 23:35:24 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Local
[2011/01/16 12:09:20 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\mjusbsp
[2010/12/24 14:04:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\MusicNet
[2010/06/19 19:10:26 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\OpenOffice.org
[2007/12/29 10:12:29 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Printer Info Cache
[2011/08/18 10:19:15 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Sammsoft
[2012/08/14 23:02:21 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SoftGrid Client
[2010/07/23 15:07:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TP
[2011/04/12 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Transcend
[2012/08/13 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\uTorrent
[2012/08/14 23:03:49 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

 

[ken545]

A few entries need to go including one from Babylon.

After you run the fix and post the report, also let me know how you feel your system is behaving now ?




Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :processes
  killallprocesses
  
  :OTL
  IE - HKLM\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH
  IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112454&babsrc=SP_ss&mntrId=82cd616e0000000000000019d2b927cd
  IE - HKCU\..\SearchScopes\{5723B224-B21B-44E9-9459-427A5EAE7992}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
  IE - HKCU\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH
  IE - HKCU\..\SearchScopes\{FF2584F9-D3AE-4DA2-867A-3CB9524BB963}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=9M&apn_dtid=OSJ000&apn_uid=DF4FC017-0237-4D8F-B806-E6BEFEA40F3B&apn_sauid=74661D54-4BB9-45EF-9BC3-A71669337471
  @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  
  
  :Commands
  [purity]
  [resethosts]
  [CLEARALLRESTOREPOINTS]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces

 

[renparenp]

My computer froze midway r/o

through fixing.
I had to shut down.
I now have 3 Sronclarke word document icons on my desktop. I also have
2 utility icons.
How should I proceed?
Thanks for your help.

 

[ken545]

Not sure what your referring to, can you be more specific, can you post the results of the fix log please

 

[renparenp]

What i had meant

was that when I clicked the Run Fix button of OTL It ran for about a minute then froze. It said "not responding" and i had to turn off my computer and reboot.
I tried several times.

 

[renparenp]

Forgot to mention that r/o

it left the icons and there was no logfile.

 

[ken545]

ok, just delete them and run it the same way with this new script


Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :processes
  killallprocesses
  
  :OTL
  IE - HKLM\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH
  IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112454&babsrc=SP_ss&mntrId=82cd616e0000000000000019d2b927cd
  IE - HKCU\..\SearchScopes\{5723B224-B21B-44E9-9459-427A5EAE7992}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
  IE - HKCU\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH
  IE - HKCU\..\SearchScopes\{FF2584F9-D3AE-4DA2-867A-3CB9524BB963}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=9M&apn_dtid=OSJ000&apn_uid=DF4FC017-0237-4D8F-B806-E6BEFEA40F3B&apn_sauid=74661D54-4BB9-45EF-9BC3-A71669337471
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces

 

[renparenp]

I just tried and it froze like it did before r/o

It ran for about 20 seconds and "not responding" came up at the top next to the OTL name.
Down at the bottom in the code box it stalled with only this left in it:
[emptytemp]
[start explorer]
[Reboot]

No icons were left on my desktop this time(i had deleted the other ones like you asked me to).
Should I have AVG temporarily disabled when i"m running OTL?
Thanks.

 

[ken545]

Yes, disable AVG and give it another shot, you may have an abundance of temp files that is choking on so run this cleaner first



Download TFC to your desktop

• Close any open windows.
• Double click the TFC icon to run the program
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.
• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it should automatically reboot your machine,
• if it doesn't, manually reboot to ensure a complete clean

use this new script

rocesses
killallprocesses

:OTL
IE - HKLM\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112454&babsrc=SP_ss&mntrId=82cd616e0000000000000019d2b927cd
IE - HKCU\..\SearchScopes\{5723B224-B21B-44E9-9459-427A5EAE7992}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
IE - HKCU\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}: "URL" = http://www.mirarsearch.com/?q={searchTerms}&a=SEARCH
IE - HKCU\..\SearchScopes\{FF2584F9-D3AE-4DA2-867A-3CB9524BB963}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=9M&apn_dtid=OSJ000&apn_uid=DF4FC017-0237-4D8F-B806-E6BEFEA40F3B&apn_sauid=74661D54-4BB9-45EF-9BC3-A71669337471

:Services

:Reg

:Files

:Commands
[emptytemp]
[start explorer]
[Reboot]

 

[renparenp]

I downloaded TFC to desktop and

when i ran it,it froze almost right away. I rebooted,went to internet options and deleted browsing history(temp files,cookies etc). Am I ok to disable AVG(this makes me abit nervous) and try running OTL again?

 

[ken545]

Yes, you can just re enable AVG after the fix

 

[renparenp]

I disabled AVG

by right clicking the Icon and chose disable until restart.
I tried to run OTL but it froze as before at the same spot.
I rebooted,made sure AVG was enabled again and here I am now.
Thanks for your patience.

 

[ken545]

Not a problem, thanks for hanging in with me,

Lets do this instead and make sure that something is not hiding and preventing fixes from working


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

 

[renparenp]

Here is my Combofix log:

ComboFix 12-08-17.03 - Karen 17/08/2012 11:34:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.250 [GMT -7:00]
Running from: c:\users\Karen\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Karen\AppData\Roaming\Local
c:\windows\security\Database\tmp.edb
c:\windows\system32\SET6602.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 18:49 . 2012-08-17 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 22:44 . 2012-08-16 22:44 -------- d-----w- C:\_OTL
2012-08-15 02:41 . 2012-08-15 02:42 -------- d-----w- c:\program files\ERUNT
2012-08-15 00:36 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 00:20 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 16:59 . 2012-08-14 17:02 -------- d-----w- c:\users\Karen\AppData\Roaming\AVG
2012-08-14 03:18 . 2012-08-14 03:18 -------- d-----w- c:\users\Karen\AppData\Local\Apps
2012-08-14 03:12 . 2012-08-14 03:12 -------- d-----w- c:\users\Karen\AppData\Local\MigWiz
2012-08-11 20:38 . 2012-08-11 20:38 -------- d-----w- c:\users\Karen\AppData\Local\CRE
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 21:44 . 2012-04-21 00:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 21:44 . 2011-06-14 04:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 05:06 . 2012-07-17 21:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 05:06 . 2010-06-20 01:57 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 20:46 . 2011-01-09 02:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 14:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 14:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 14:47 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-27 07:36 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-27 07:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 07:39 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 07:38 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 07:38 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-27 07:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-27 07:39 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-27 07:36 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-27 07:38 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 00:04 . 2012-07-11 14:47 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 14:47 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"NDSTray.exe"="NDSTray.exe" [BU]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
.
c:\users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-960491262-2195050847-907181488-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 21:44]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 02:26]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 02:26]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
URLSearchHooks-{3bbd3c14-4c16-4989-8366-95bc9179779d} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-17 11:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????'m?R+???? 9?? 9???9?(?9?H?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-08-17 11:56:04
ComboFix-quarantined-files.txt 2012-08-17 18:55
.
Pre-Run: 15,177,019,392 bytes free
Post-Run: 15,176,880,128 bytes free
.
- - End Of File - - 4CECF297E613F1FE920D9776BDDC6BD9

 

[ken545]

Good,

What I would like you to do first is backup your registry with ERUNT, I see you have it to back up on startup so reboot and let it make a backup, if not run it and create a new back up.




Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::

Registry::
[-HKLM\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}]
[-HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKCU\..\SearchScopes\{5723B224-B21B-44E9-9459-427A5EAE7992}]
[-HKCU\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}]
[-HKCU\..\SearchScopes\{FF2584F9-D3AE-4DA2-867A-3CB9524BB963}]

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.




Then run a new scan with OTL (Not the fix) and post a new log and lets see if there gone

 

[renparenp]

Log results:

ComboFix 12-08-17.03 - Karen 17/08/2012 13:40:38.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.362 [GMT -7:00]
Running from: c:\users\Karen\Desktop\ComboFix.exe
Command switches used :: c:\users\Karen\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 20:58 . 2012-08-17 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 22:44 . 2012-08-16 22:44 -------- d-----w- C:\_OTL
2012-08-15 02:41 . 2012-08-15 02:42 -------- d-----w- c:\program files\ERUNT
2012-08-15 00:36 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 00:20 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 16:59 . 2012-08-14 17:02 -------- d-----w- c:\users\Karen\AppData\Roaming\AVG
2012-08-14 03:18 . 2012-08-14 03:18 -------- d-----w- c:\users\Karen\AppData\Local\Apps
2012-08-14 03:12 . 2012-08-14 03:12 -------- d-----w- c:\users\Karen\AppData\Local\MigWiz
2012-08-11 20:38 . 2012-08-11 20:38 -------- d-----w- c:\users\Karen\AppData\Local\CRE
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 21:44 . 2012-04-21 00:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 21:44 . 2011-06-14 04:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 05:06 . 2012-07-17 21:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 05:06 . 2010-06-20 01:57 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 20:46 . 2011-01-09 02:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 14:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 14:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 14:47 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-27 07:36 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-27 07:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 07:39 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 07:38 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 07:38 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-27 07:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-27 07:39 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-27 07:36 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-27 07:38 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 00:04 . 2012-07-11 14:47 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 14:47 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"NDSTray.exe"="NDSTray.exe" [BU]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
.
c:\users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-960491262-2195050847-907181488-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 21:44]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 02:26]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 02:26]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-17 13:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????'m?R+???? 9?? 9???9?(?9?H?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-08-17 14:05:06
ComboFix-quarantined-files.txt 2012-08-17 21:04
ComboFix2.txt 2012-08-17 18:56
.
Pre-Run: 15,030,415,360 bytes free
Post-Run: 14,992,470,016 bytes free
.
- - End Of File - - 7F4E52C3C0B560356AF5A3BABEECBCFE


OTL logfile created on: 17/08/2012 2:06:57 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Karen\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 163.50 Mb Available Physical Memory | 16.13% Memory free
2.23 Gb Paging File | 1.04 Gb Available in Paging File | 46.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.58 Gb Total Space | 14.02 Gb Free Space | 10.19% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Karen\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\ComboFix\PEV.exe ()
PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\885464a66959861e3989120c21a8b1ad\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\ComboFix\PEV.exe ()
MOD - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
MOD - C:\Program Files\TOSHIBA\ConfigFree\NotifyCFF.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Karen\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 26 9B 55 AC 7C CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/28 08:19:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/28 08:17:32 | 000,000,000 | ---D | M]

[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions
[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/08/11 13:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions
[2012/08/11 13:40:18 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

O1 HOSTS File: ([2012/08/17 11:49:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59404E89-05E5-4783-AA01-6FE99D348ACD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5E2B96E-7FD7-4362-BD71-0C6D17465BC6}: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 14:05:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/17 13:36:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/17 11:30:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/17 11:30:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/17 11:30:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/17 11:30:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/17 11:21:47 | 004,733,838 | R--- | C] (Swearware) -- C:\Users\Karen\Desktop\ComboFix.exe
[2012/08/17 09:07:48 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\TFC.exe
[2012/08/16 15:44:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/14 17:37:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/14 17:37:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/14 17:37:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/14 17:37:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/14 17:37:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/14 17:37:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/14 17:37:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 17:36:32 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/14 09:59:04 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\AVG
[2012/08/14 09:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/13 20:18:50 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\Apps
[2012/08/13 20:12:14 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\MigWiz
[2012/08/12 13:07:03 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/12 13:07:03 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/11 21:08:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/11 13:38:29 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\CRE
[2012/07/31 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator_files
[2012/07/31 15:56:02 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus_files
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/17 14:06:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/17 14:02:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 14:02:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 13:44:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/17 12:03:13 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/17 12:02:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/17 11:49:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/17 11:21:52 | 004,733,838 | R--- | M] (Swearware) -- C:\Users\Karen\Desktop\ComboFix.exe
[2012/08/17 09:56:04 | 104,129,718 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/17 09:07:48 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\TFC.exe
[2012/08/16 14:35:45 | 000,000,520 | ---- | M] () -- C:\Users\Karen\Desktop\OTL - Shortcut.lnk
[2012/08/14 22:28:16 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 20:36:29 | 000,000,512 | ---- | M] () -- C:\Users\Karen\Desktop\MBR.dat
[2012/08/14 20:22:38 | 000,000,505 | ---- | M] () -- C:\Users\Karen\Desktop\Attach - Shortcut.lnk
[2012/08/14 20:22:24 | 000,003,529 | ---- | M] () -- C:\Users\Karen\Documents\Attach.zip
[2012/08/14 19:42:08 | 000,000,924 | ---- | M] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | M] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | M] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/14 17:57:16 | 000,420,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 17:43:20 | 000,453,846 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/14 14:44:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/14 14:44:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/14 14:04:28 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/14 09:24:05 | 000,002,517 | ---- | M] () -- C:\Users\Karen\Desktop\HiJackThis.lnk
[2012/08/13 12:39:16 | 000,000,954 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/12 11:22:51 | 000,001,090 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/12 11:22:51 | 000,001,066 | ---- | M] () -- C:\Users\Karen\Desktop\Spybot - Search & Destroy.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | M] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | M] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | M] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/08/11 13:36:19 | 000,000,787 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/08/11 13:36:19 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/07/31 15:57:26 | 000,089,174 | ---- | M] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:56:03 | 000,048,358 | ---- | M] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2012/07/27 22:39:55 | 000,131,584 | ---- | M] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 11:30:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/17 11:30:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/17 11:30:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/17 11:30:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/17 11:30:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/16 14:35:45 | 000,000,520 | ---- | C] () -- C:\Users\Karen\Desktop\OTL - Shortcut.lnk
[2012/08/14 22:28:16 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 20:36:29 | 000,000,512 | ---- | C] () -- C:\Users\Karen\Desktop\MBR.dat
[2012/08/14 20:22:38 | 000,000,505 | ---- | C] () -- C:\Users\Karen\Desktop\Attach - Shortcut.lnk
[2012/08/14 20:22:24 | 000,003,529 | ---- | C] () -- C:\Users\Karen\Documents\Attach.zip
[2012/08/14 19:42:08 | 000,000,924 | ---- | C] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | C] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | C] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | C] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | C] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | C] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/07/31 15:57:23 | 000,089,174 | ---- | C] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:55:59 | 000,048,358 | ---- | C] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2010/12/27 21:49:36 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/27 21:49:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/18 11:27:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/21 15:17:51 | 004,146,115 | ---- | C] () -- C:\Users\Karen\IMG_0024.JPG
[2010/07/20 15:55:35 | 000,011,806 | -H-- | C] () -- C:\Users\Karen\ZbThumbnail.info
[2010/07/20 15:55:34 | 002,222,142 | ---- | C] () -- C:\Users\Karen\IMG_0014.JPG
[2009/07/02 20:27:47 | 000,000,036 | ---- | C] () -- C:\Users\Karen\AppData\Local\housecall.guid.cache
[2007/11/06 11:48:03 | 000,001,356 | ---- | C] () -- C:\Users\Karen\AppData\Local\d3d9caps.dat
[2007/08/28 20:45:27 | 000,131,584 | ---- | C] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/14 10:02:12 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG
[2011/10/12 11:57:10 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG2012
[2007/12/26 19:35:44 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\F-Secure
[2011/02/07 23:23:48 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Gygan
[2008/10/14 23:53:13 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\HouseCall 6.6
[2010/02/23 00:37:32 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Image Zone Express
[2007/12/26 20:36:06 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\InterVideo
[2011/01/16 12:09:20 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\mjusbsp
[2010/12/24 14:04:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\MusicNet
[2010/06/19 19:10:26 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\OpenOffice.org
[2007/12/29 10:12:29 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Printer Info Cache
[2011/08/18 10:19:15 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Sammsoft
[2012/08/17 11:59:25 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SoftGrid Client
[2010/07/23 15:07:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TP
[2011/04/12 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Transcend
[2012/08/13 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\uTorrent
[2012/08/17 12:00:26 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >