Hello I recently had some help in r/o

[ken545]

This one didn't take, the rest are gone


Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::

Registry::
[-HKLM\..\SearchScopes,DefaultScope = {DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}]
[-HKLM\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}]

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


Again, scan with OTL and let me see a new log please

 

[renparenp]

I was unable to run OTL for a log r/o

I got a message saying OTL.exe directory name is invalid. I"m unsure what to do about that.
I did however get a combo fix log:
ComboFix 12-08-17.03 - Karen 17/08/2012 15:18:41.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.268 [GMT -7:00]
Running from: c:\users\Karen\Desktop\ComboFix.exe
Command switches used :: c:\users\Karen\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 22:40 . 2012-08-17 22:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 22:44 . 2012-08-16 22:44 -------- d-----w- C:\_OTL
2012-08-15 02:41 . 2012-08-15 02:42 -------- d-----w- c:\program files\ERUNT
2012-08-15 00:36 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 00:20 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 16:59 . 2012-08-14 17:02 -------- d-----w- c:\users\Karen\AppData\Roaming\AVG
2012-08-14 03:18 . 2012-08-14 03:18 -------- d-----w- c:\users\Karen\AppData\Local\Apps
2012-08-14 03:12 . 2012-08-14 03:12 -------- d-----w- c:\users\Karen\AppData\Local\MigWiz
2012-08-11 20:38 . 2012-08-11 20:38 -------- d-----w- c:\users\Karen\AppData\Local\CRE
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 21:44 . 2012-04-21 00:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 21:44 . 2011-06-14 04:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 05:06 . 2012-07-17 21:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 05:06 . 2010-06-20 01:57 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 20:46 . 2011-01-09 02:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 14:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 14:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 14:47 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-27 07:36 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-27 07:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 07:39 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 07:38 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 07:38 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-27 07:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-27 07:39 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-27 07:36 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-27 07:38 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 00:04 . 2012-07-11 14:47 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 14:47 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"NDSTray.exe"="NDSTray.exe" [BU]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
.
c:\users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-960491262-2195050847-907181488-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 21:44]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 02:26]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 02:26]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-17 15:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????'m?R+???? 9?? 9???9?(?9?H?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-08-17 15:47:34
ComboFix-quarantined-files.txt 2012-08-17 22:47
ComboFix2.txt 2012-08-17 21:05
ComboFix3.txt 2012-08-17 18:56
.
Pre-Run: 14,905,798,656 bytes free
Post-Run: 14,872,195,072 bytes free
.
- - End Of File - - 68ADEB1A9DACC7BA8FE085ACD6940EB0

 

[ken545]

Do this, drag OTL to the trash and lets download an updated copy



OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

 

[renparenp]

I deleted the old one and installed the new but

when i go to run it I get the "otl.exe directory name is invalid" still.

 

[ken545]

Try this scanner instead

Download OTS.exe by OldTimer to your Desktop.

1. Close any open browsers.
2. Double-click on OTS.exe to start the program.
3. Leave all settings as they appear as default, except for the following:
   • Under Drivers, select "All".
   • Under Additional Scans, click on the "Extra" button.
4. Now click the Run Scan button on the toolbar.
5. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
6. When the scan is complete Notepad will open with the report file loaded in it.
7. Save that notepad file

Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, Attach the file ).

 

[renparenp]

Well I tried and its doing the exact same thing as it

did with OTL.
I clicked the save to desktop(the icon is there). A warning came up saying it could harm my computer. I chose the allow anyway. When i clicked run I got the directory name invalid again.

 

[ken545]

After downloading either OTL or OTS, reboot your system and try it again


If a no go try this

1. Please download OTM by OldTimer and save it to your desktop.
2. Double click the
   
   icon on your desktop.
3. Paste the following code under the
   
   area.
   Do not include the word "Code".
   
   

   :Processes
   explorer.exe
   
   :Services
   
   :Reg
   Registry::
   [-HKLM\..\SearchScopes,DefaultScope = {DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}]
   [-HKLM\..\SearchScopes\{DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}]
   
   :Files
   
   
   
   :Commands
   [purity]
   [emptytemp]
   [start explorer]
   [Reboot]

4. Push the large
   
   button.
5. OTM may ask to reboot the machine. Please do so if asked.
6. Copy/Paste the contents under the
   
   line here in your next reply.
7. If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

[renparenp]

I was able to get OTL to work after a reboot

(i didn"t try OTS)
The Otl.txt came up but not the Extras.txt.
I have looked for it in the folder and its not there. I did a search and found its shortcut at c users karen app data roaming microsoft windows but when i click, it says its been changed or moved. I don"t see it on the desktop or anywhere else. I"m not very experienced in this area but will keep looking. Please let me know if you can give me suggestions on where it is.

Here is the newest OTL log:
OTL logfile created on: 17/08/2012 7:10:36 PM - Run 3
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Karen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 195.58 Mb Available Physical Memory | 19.30% Memory free
2.23 Gb Paging File | 1.14 Gb Available in Paging File | 50.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.58 Gb Total Space | 13.80 Gb Free Space | 10.03% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Karen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\885464a66959861e3989120c21a8b1ad\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
MOD - C:\Program Files\TOSHIBA\ConfigFree\NotifyCFF.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Karen\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C E3 1E 02 CD 7C CD 01 [binary data]
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/28 08:19:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/28 08:17:32 | 000,000,000 | ---D | M]

[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions
[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/08/11 13:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions
[2012/08/11 13:40:18 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

O1 HOSTS File: ([2012/08/17 11:49:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-18..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-21-960491262-2195050847-907181488-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59404E89-05E5-4783-AA01-6FE99D348ACD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5E2B96E-7FD7-4362-BD71-0C6D17465BC6}: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 19:06:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/17 19:02:06 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012/08/17 15:45:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/17 15:14:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/17 11:30:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/17 11:30:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/17 11:30:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/17 11:30:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/17 11:21:47 | 004,733,838 | R--- | C] (Swearware) -- C:\Users\Karen\Desktop\ComboFix.exe
[2012/08/17 09:07:48 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\TFC.exe
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/14 17:37:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/14 17:37:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/14 17:37:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/14 17:37:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/14 17:37:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/14 17:37:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/14 17:37:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 17:36:32 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/14 09:59:04 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\AVG
[2012/08/14 09:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/13 20:18:50 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\Apps
[2012/08/13 20:12:14 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\MigWiz
[2012/08/12 13:07:03 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/12 13:07:03 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/11 21:08:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/11 13:38:29 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\CRE
[2012/07/31 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator_files
[2012/07/31 15:56:02 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus_files
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/17 19:07:29 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/17 19:06:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 19:06:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 19:06:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/17 19:02:24 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012/08/17 18:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/17 18:06:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/17 17:08:10 | 104,175,320 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/17 11:49:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/17 11:21:52 | 004,733,838 | R--- | M] (Swearware) -- C:\Users\Karen\Desktop\ComboFix.exe
[2012/08/17 09:07:48 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\TFC.exe
[2012/08/14 22:28:16 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 20:36:29 | 000,000,512 | ---- | M] () -- C:\Users\Karen\Desktop\MBR.dat
[2012/08/14 20:22:38 | 000,000,505 | ---- | M] () -- C:\Users\Karen\Desktop\Attach - Shortcut.lnk
[2012/08/14 20:22:24 | 000,003,529 | ---- | M] () -- C:\Users\Karen\Documents\Attach.zip
[2012/08/14 19:42:08 | 000,000,924 | ---- | M] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | M] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | M] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/14 17:57:16 | 000,420,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 17:43:20 | 000,453,846 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/14 14:44:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/14 14:44:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/14 14:04:28 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/14 09:24:05 | 000,002,517 | ---- | M] () -- C:\Users\Karen\Desktop\HiJackThis.lnk
[2012/08/13 12:39:16 | 000,000,954 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/12 11:22:51 | 000,001,090 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/12 11:22:51 | 000,001,066 | ---- | M] () -- C:\Users\Karen\Desktop\Spybot - Search & Destroy.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | M] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | M] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | M] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/08/11 13:36:19 | 000,000,787 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/08/11 13:36:19 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/07/31 15:57:26 | 000,089,174 | ---- | M] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:56:03 | 000,048,358 | ---- | M] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2012/07/27 22:39:55 | 000,131,584 | ---- | M] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 11:30:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/17 11:30:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/17 11:30:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/17 11:30:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/17 11:30:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/14 22:28:16 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 20:36:29 | 000,000,512 | ---- | C] () -- C:\Users\Karen\Desktop\MBR.dat
[2012/08/14 20:22:38 | 000,000,505 | ---- | C] () -- C:\Users\Karen\Desktop\Attach - Shortcut.lnk
[2012/08/14 20:22:24 | 000,003,529 | ---- | C] () -- C:\Users\Karen\Documents\Attach.zip
[2012/08/14 19:42:08 | 000,000,924 | ---- | C] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | C] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | C] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | C] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | C] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | C] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/07/31 15:57:23 | 000,089,174 | ---- | C] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:55:59 | 000,048,358 | ---- | C] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2010/12/27 21:49:36 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/27 21:49:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/18 11:27:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/21 15:17:51 | 004,146,115 | ---- | C] () -- C:\Users\Karen\IMG_0024.JPG
[2010/07/20 15:55:35 | 000,011,806 | -H-- | C] () -- C:\Users\Karen\ZbThumbnail.info
[2010/07/20 15:55:34 | 002,222,142 | ---- | C] () -- C:\Users\Karen\IMG_0014.JPG
[2009/07/02 20:27:47 | 000,000,036 | ---- | C] () -- C:\Users\Karen\AppData\Local\housecall.guid.cache
[2007/11/06 11:48:03 | 000,001,356 | ---- | C] () -- C:\Users\Karen\AppData\Local\d3d9caps.dat
[2007/08/28 20:45:27 | 000,131,584 | ---- | C] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/14 10:02:12 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG
[2011/10/12 11:57:10 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG2012
[2007/12/26 19:35:44 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\F-Secure
[2011/02/07 23:23:48 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Gygan
[2008/10/14 23:53:13 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\HouseCall 6.6
[2010/02/23 00:37:32 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Image Zone Express
[2007/12/26 20:36:06 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\InterVideo
[2011/01/16 12:09:20 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\mjusbsp
[2010/12/24 14:04:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\MusicNet
[2010/06/19 19:10:26 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\OpenOffice.org
[2007/12/29 10:12:29 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Printer Info Cache
[2011/08/18 10:19:15 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Sammsoft
[2012/08/17 19:02:53 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SoftGrid Client
[2010/07/23 15:07:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TP
[2011/04/12 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Transcend
[2012/08/13 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\uTorrent
[2012/08/17 19:04:08 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

 

[ken545]

Good Morning,

You have done well, those entries are gone. They where just leftovers but where related to Mirasearch and Babylon. Dont fret over the extras log, OTL just creates one on the first run and none after that so you wont find it.

How are things running now ?

 

[renparenp]

My computer seems to be running well now and

I can"t thank you enough!
I"m so glad to be rid of Babylon especially.
Is it ok for me to now remove dds,otl,combofix? Is there a good way of doing so? Should I make a new restore point once I have?
*One note: After I sent the last otl.exe log and couldn"t find the extras(which i now know wouldn"t be there) I tried to save OTM file and got a secutity warning from AVG. I"m pretty sure it was disabled but it said it was a backdoor trojan so I didn"t allow it and i see it was quarantined. Not sure if that matters but thought I should mention it.

 

[ken545]

Hi,

So glad things are running well for you again, helping you has been my pleasure.

When you run OTL, you will just get the extras log on the first run and none on any other runs.

Some Antivirus programs sometimes flag our tools as a trojan, but any tools your asked to run in our removal forums are safe to run, remember we are here to help you clean your system, not infect it.

• Click START then RUN
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  
  
  
  

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed

• 
  How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

 

[renparenp]

Just after my last post here, "about blank" came r/o

up as toolbar so i"m not sure if I should go ahead with the combofix uninstall and cleanup yet.
I had just been on facebook when it switched to about blank.
What should i do now?
Thanks so much.

 

[ken545]

Go ahead with the clean up, we will just download any tools we may need nice a fresh and updated.

Open IE and go to Tools> Internet Options> Advanced Tab> Reset Internet Explorers Settings > Reset.....it will take a few seconds, when its done close IE and reopen it and try surfing to a few sites that you frequent and see if the problem goes away

 

[renparenp]

I"ve done the cleanup and reset

No appearance of about blank after visiting a few sites including facebook.
I have my fingers crossed that all the bad guys are gone.
Thank you very,very much for taking the time out of your days over the last few. I appreciate it immensely. I will be making a contribution here on my next paycheque day.
Cheers and enoy the weekend ken45. :thanks:

 

[ken545]

Lets do this, I will leave this thread open for your for a few days, post back if you experience any problems. If the thread is closed you can either PM me or an administrator to reopen it.

Take care,
Ken

 

[renparenp]

Thanks Ken545. I"m still experiencing r/o

AboutBlank occasionally popping up as my toolbar.

 

[ken545]

Lets run a new scan with OTL, if its still on your desktop drag it to the trash and grab an updated version

OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

 

[renparenp]

Here are the OTL logs:

OTL logfile created on: 20/08/2012 10:10:10 AM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Karen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 469.79 Mb Available Physical Memory | 46.36% Memory free
2.42 Gb Paging File | 1.00 Gb Available in Paging File | 41.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.58 Gb Total Space | 18.16 Gb Free Space | 13.20% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Karen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\885464a66959861e3989120c21a8b1ad\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
MOD - C:\Program Files\TOSHIBA\ConfigFree\NotifyCFF.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 69 E1 77 6C 7D CD 01 [binary data]
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/08/19 08:11:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/19 08:11:00 | 000,000,000 | ---D | M]

[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions
[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/08/11 13:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions
[2012/08/11 13:40:18 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

O1 HOSTS File: ([2012/08/17 11:49:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-18..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-21-960491262-2195050847-907181488-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59404E89-05E5-4783-AA01-6FE99D348ACD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5E2B96E-7FD7-4362-BD71-0C6D17465BC6}: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 10:08:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012/08/19 08:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/18 10:49:49 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/17 19:06:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/17 15:45:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/14 17:37:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/14 17:37:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/14 17:37:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/14 17:37:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/14 17:37:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/14 17:37:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/14 17:37:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 17:36:32 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/14 09:59:04 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\AVG
[2012/08/14 09:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/13 20:18:50 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\Apps
[2012/08/13 20:12:14 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\MigWiz
[2012/08/12 13:07:03 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/12 13:07:03 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/11 21:08:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/11 13:38:29 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\CRE
[2012/07/31 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator_files
[2012/07/31 15:56:02 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus_files
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/20 10:08:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012/08/20 08:58:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/20 08:58:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/20 08:03:57 | 104,413,376 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/19 23:38:00 | 000,002,517 | ---- | M] () -- C:\Users\Karen\Desktop\HiJackThis.lnk
[2012/08/19 23:24:45 | 000,369,239 | ---- | M] () -- C:\Users\Karen\Desktop\C_paper.pdf
[2012/08/19 19:06:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/19 18:44:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/19 08:11:25 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/18 22:06:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/18 15:58:14 | 000,131,584 | ---- | M] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/18 10:58:07 | 000,420,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/18 10:57:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/17 11:49:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/14 22:28:16 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 19:42:08 | 000,000,924 | ---- | M] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | M] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | M] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/14 17:43:20 | 000,453,846 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/14 14:44:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/14 14:44:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/14 14:04:28 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/13 12:39:16 | 000,000,954 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/12 11:22:51 | 000,001,090 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/12 11:22:51 | 000,001,066 | ---- | M] () -- C:\Users\Karen\Desktop\Spybot - Search & Destroy.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | M] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | M] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | M] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/08/11 13:36:19 | 000,000,787 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/08/11 13:36:19 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/07/31 15:57:26 | 000,089,174 | ---- | M] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:56:03 | 000,048,358 | ---- | M] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/19 23:24:44 | 000,369,239 | ---- | C] () -- C:\Users\Karen\Desktop\C_paper.pdf
[2012/08/14 22:28:16 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 19:42:08 | 000,000,924 | ---- | C] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | C] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | C] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | C] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | C] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | C] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/07/31 15:57:23 | 000,089,174 | ---- | C] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:55:59 | 000,048,358 | ---- | C] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2010/12/27 21:49:36 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/27 21:49:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/18 11:27:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/21 15:17:51 | 004,146,115 | ---- | C] () -- C:\Users\Karen\IMG_0024.JPG
[2010/07/20 15:55:35 | 000,011,806 | -H-- | C] () -- C:\Users\Karen\ZbThumbnail.info
[2010/07/20 15:55:34 | 002,222,142 | ---- | C] () -- C:\Users\Karen\IMG_0014.JPG
[2009/07/02 20:27:47 | 000,000,036 | ---- | C] () -- C:\Users\Karen\AppData\Local\housecall.guid.cache
[2007/11/06 11:48:03 | 000,001,356 | ---- | C] () -- C:\Users\Karen\AppData\Local\d3d9caps.dat
[2007/08/28 20:45:27 | 000,131,584 | ---- | C] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/14 10:02:12 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG
[2011/10/12 11:57:10 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG2012
[2007/12/26 19:35:44 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\F-Secure
[2011/02/07 23:23:48 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Gygan
[2008/10/14 23:53:13 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\HouseCall 6.6
[2010/02/23 00:37:32 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Image Zone Express
[2007/12/26 20:36:06 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\InterVideo
[2011/01/16 12:09:20 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\mjusbsp
[2010/12/24 14:04:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\MusicNet
[2010/06/19 19:10:26 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\OpenOffice.org
[2007/12/29 10:12:29 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Printer Info Cache
[2011/08/18 10:19:15 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Sammsoft
[2012/08/18 10:54:28 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SoftGrid Client
[2010/07/23 15:07:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TP
[2011/04/12 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Transcend
[2012/08/13 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\uTorrent
[2012/08/18 10:55:28 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 20/08/2012 10:10:10 AM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Karen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 469.79 Mb Available Physical Memory | 46.36% Memory free
2.42 Gb Paging File | 1.00 Gb Available in Paging File | 41.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.58 Gb Total Space | 18.16 Gb Free Space | 13.20% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-960491262-2195050847-907181488-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{105349C1-0DF5-4F23-B8E5-A25BA0C3AD99}" = rport=139 | protocol=6 | dir=out | app=system |
"{23C03F00-485E-4B30-901D-1721449A043D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{270D0449-35AE-468F-95AD-BE39AE069C00}" = lport=138 | protocol=17 | dir=in | app=system |
"{36553287-31AA-46DF-829F-CF9D5B98D1B2}" = rport=445 | protocol=6 | dir=out | app=system |
"{37A20DE8-C155-4175-9297-56621EAB7FE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{473E45D5-85A2-4D56-92D7-2CC6121B432F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{47AFE207-4C35-4B33-9AF5-D1656CD1604B}" = rport=137 | protocol=17 | dir=out | app=system |
"{79FC19AB-9A36-45C3-A0D5-1E0A2A35A856}" = lport=137 | protocol=17 | dir=in | app=system |
"{7CFAD557-2F17-483A-8791-25E41FB6D5E7}" = lport=445 | protocol=6 | dir=in | app=system |
"{7EAD7A08-FC80-4BED-A21B-3D35A6807D23}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A0860CC3-1193-4250-9571-D688C2B5F7E4}" = lport=139 | protocol=6 | dir=in | app=system |
"{ADECA176-471E-4423-B455-62B649DB6078}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B9F8B451-8E1D-4689-92B7-BE1F4F3CBF35}" = rport=138 | protocol=17 | dir=out | app=system |
"{C6A73625-E520-4983-8492-AD3A13B62D84}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D91974C0-EFAE-4826-B6B2-7F5856C50202}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03806A66-7C4D-46E9-BE2D-C005FE4C8AAB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0A69EA76-511A-4494-A3A9-7BE4ECEF8532}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{1344CF4E-4796-49CE-858D-8390F08D637C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{3004DA26-F629-46CA-AA59-2C382F656EAA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{35D371FE-CF52-409E-BC44-32B9A1DE0060}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{3A8E9964-3D4A-4386-B5A3-E9D3BCC57EB3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3CA44EEB-0579-438C-9118-A8F0DC288C55}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{434223CE-4F33-4AD0-86B0-091617D11111}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{5A11302B-FDAF-4076-8BD1-7F1F0A28BC81}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5E5ED51E-DCE3-45BA-A867-49C8BDA90D6B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{64B74BF1-709C-45D7-BAE0-5641884C5572}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{77FA1978-84E2-41F2-A950-F1FEC2EF5FE2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{8072C338-7F4A-4314-9B7F-C67316B8DA85}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{9B2F1FC4-B4ED-46D4-A105-759FAB542092}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AB2BFE24-B2ED-4E42-B7D4-1926572F3355}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF11CE5D-A5D9-40E0-BA92-08A798401640}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D29D57D9-F005-4C26-8DFF-6A50AF208FBB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D8203CEB-C9FF-43FB-9F59-390251F02B2C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{E84D8DF3-B1BE-4598-8E95-670A94D029FD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F1DC7F97-CE7E-4C1D-B987-DD1D19190EF3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{F76828B2-E6AA-4771-BBF6-7E7C7A8E8E81}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{F80E4247-0325-41C9-BEFD-092A35ABE2F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{88C9A605-843E-4615-AA40-ECC23031391F}" = StudioTax 2011
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E41E4C4-8C5C-4758-BBDC-30B04F93A23C}" = Mirar
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2012
"CameraUserGuide-PSA3100ISandPSA3000IS" = Canon PowerShot A3100 IS and PowerShot A3000 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"GoFTP_is1" = GoFTP v2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MyCamera" = Canon Utilities MyCamera
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Poker PlayNow.com" = Poker PlayNow.com
"PokerStars" = PokerStars
"PROHYBRIDR" = 2007 Microsoft Office system
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"uTorrent" = µTorrent
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/08/2012 12:33:20 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1770 Start Time: 01cd78a570bc0680 Termination Time: 118

Error - 12/08/2012 2:39:03 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: cbc Start Time: 01cd78b99f4910c3 Termination Time: 28

Error - 13/08/2012 1:28:48 AM | Computer Name = Karen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16447, time stamp
0x4fc9cd53, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967,
exception code 0xc0000005, fault offset 0x0003fc56, process id 0x674, application
start time 0x01cd78d0976f5d23.

Error - 13/08/2012 6:18:51 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 2fc0 Start Time: 01cd79a058007a93 Termination Time: 78

Error - 14/08/2012 1:09:25 AM | Computer Name = Karen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16447, time stamp
0x4fc9cd53, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000081, process id 0x2d88, application start time
0x01cd79c427343863.

Error - 14/08/2012 5:10:27 PM | Computer Name = Karen-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: Failed to get state for bits job HResult:
0x80080008.

Error - 14/08/2012 9:56:23 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ed4 Start Time: 01cd7a890a85b353 Termination Time: 15

Error - 16/08/2012 3:31:52 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b44 Start Time: 01cd7be5b0ace2d9 Termination Time: 150

Error - 17/08/2012 1:19:17 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.57.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1730 Start Time: 01cd7c9c21f3c8f9 Termination Time: 31

Error - 17/08/2012 9:16:04 PM | Computer Name = Karen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16448, time stamp
0x4fecf1b7, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000374, fault offset 0x000b06b7, process id 0x464, application
start time 0x01cd7cdeff4c26bc.

Error - 18/08/2012 7:44:08 PM | Computer Name = Karen-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 18a0 Start Time: 01cd7d93530e18e8 Termination Time: 187

[ Media Center Events ]
Error - 16/04/2008 2:26:10 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 01/10/2008 1:38:44 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/11/2008 1:22:06 AM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 15/01/2009 11:46:54 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 18/01/2009 8:53:52 AM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/03/2009 1:14:12 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 29/04/2009 10:46:26 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 20/05/2009 11:38:43 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/06/2009 3:42:09 AM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 08/05/2010 2:51:58 PM | Computer Name = Karen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 15/07/2009 8:01:34 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/07/2009 8:02:14 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/07/2009 8:04:26 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/09/2009 8:39:57 PM | Computer Name = Karen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 17/08/2012 5:32:20 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 17/08/2012 6:16:33 PM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 17/08/2012 6:31:49 PM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 17/08/2012 6:40:30 PM | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 17/08/2012 10:03:28 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 17/08/2012 10:58:38 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 17/08/2012 11:08:31 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =

Error - 18/08/2012 2:50:18 AM | Computer Name = Karen-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 18/08/2012 2:50:31 AM | Computer Name = Karen-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 18/08/2012 1:55:08 PM | Computer Name = Karen-PC | Source = DCOM | ID = 10010
Description =


< End of report >

 

[ken545]

Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :processes
  killallprocesses
  
  :OTL
  IE - HKLM\..\SearchScopes,DefaultScope = {DBA6049A-AFB7-42CD-963E-32DC8B2FE5D8}
  [2012/08/11 13:36:19 | 000,000,787 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
  [2012/08/11 13:36:19 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  C:\32788R22FWJFW
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces

Then run a new scan with OTL and post the new log. Then do some surfing and see how it goes

 

[renparenp]

Here are the OTL logs:

Did abit of surfing and so far ok.

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk moved successfully.
C:\Users\Public\Desktop\µTorrent.lnk moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Karen\Desktop\cmd.bat deleted successfully.
C:\Users\Karen\Desktop\cmd.txt deleted successfully.
C:\32788R22FWJFW folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Karen
->Temp folder emptied: 608271 bytes
->Temporary Internet Files folder emptied: 1598739683 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 11181056 bytes
->Flash cache emptied: 16726 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 786 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,536.00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08202012_111130

Files\Folders moved on Reboot...
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEJPG6BZ\showthread[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



OTL logfile created on: 20/08/2012 11:40:41 AM - Run 2
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Karen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 139.97 Mb Available Physical Memory | 13.81% Memory free
2.23 Gb Paging File | 1.04 Gb Available in Paging File | 46.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.58 Gb Total Space | 19.72 Gb Free Space | 14.34% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: KAREN-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Karen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\885464a66959861e3989120c21a8b1ad\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
MOD - C:\Program Files\TOSHIBA\ConfigFree\NotifyCFF.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 69 E1 77 6C 7D CD 01 [binary data]
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-960491262-2195050847-907181488-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/08/19 08:11:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/19 08:11:00 | 000,000,000 | ---D | M]

[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions
[2009/07/03 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/08/11 13:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions
[2012/08/11 13:40:18 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

O1 HOSTS File: ([2012/08/20 11:11:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-18..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-21-960491262-2195050847-907181488-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-960491262-2195050847-907181488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59404E89-05E5-4783-AA01-6FE99D348ACD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5E2B96E-7FD7-4362-BD71-0C6D17465BC6}: DhcpNameServer = 64.59.160.13 64.59.161.68 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 11:11:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/20 10:08:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012/08/19 08:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/17 19:06:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/17 15:45:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/14 19:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/14 17:37:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/14 17:37:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/14 17:37:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/14 17:37:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/14 17:37:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/14 17:37:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/14 17:37:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 17:36:32 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/14 09:59:04 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\AVG
[2012/08/14 09:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/13 20:18:50 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\Apps
[2012/08/13 20:12:14 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\MigWiz
[2012/08/12 13:07:03 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/12 13:07:03 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/11 21:08:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/11 13:38:29 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\CRE
[2012/07/31 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator_files
[2012/07/31 15:56:02 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus_files

========== Files - Modified Within 30 Days ==========

[2012/08/20 11:44:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/20 11:36:08 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/20 11:35:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/20 11:35:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/20 11:34:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/20 11:11:51 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/08/20 10:08:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012/08/20 08:03:57 | 104,413,376 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/19 23:38:00 | 000,002,517 | ---- | M] () -- C:\Users\Karen\Desktop\HiJackThis.lnk
[2012/08/19 23:24:45 | 000,369,239 | ---- | M] () -- C:\Users\Karen\Desktop\C_paper.pdf
[2012/08/19 19:06:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/19 08:11:25 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/18 15:58:14 | 000,131,584 | ---- | M] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/18 10:58:07 | 000,420,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 22:28:16 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 19:42:08 | 000,000,924 | ---- | M] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | M] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | M] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/14 17:43:20 | 000,453,846 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/14 14:44:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/14 14:44:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/14 14:04:28 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/13 12:39:16 | 000,000,954 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/12 11:22:51 | 000,001,090 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/12 11:22:51 | 000,001,066 | ---- | M] () -- C:\Users\Karen\Desktop\Spybot - Search & Destroy.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | M] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | M] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | M] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/07/31 15:57:26 | 000,089,174 | ---- | M] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:56:03 | 000,048,358 | ---- | M] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm

========== Files Created - No Company Name ==========

[2012/08/19 23:24:44 | 000,369,239 | ---- | C] () -- C:\Users\Karen\Desktop\C_paper.pdf
[2012/08/14 22:28:16 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 19:42:08 | 000,000,924 | ---- | C] () -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/14 19:41:48 | 000,000,744 | ---- | C] () -- C:\Users\Karen\Desktop\NTREGOPT.lnk
[2012/08/14 19:41:48 | 000,000,725 | ---- | C] () -- C:\Users\Karen\Desktop\ERUNT.lnk
[2012/08/11 21:50:01 | 000,000,263 | ---- | C] () -- C:\Users\Karen\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
[2012/08/11 15:23:01 | 000,282,770 | ---- | C] () -- C:\Users\Karen\AppData\Local\census.cache
[2012/08/11 15:22:23 | 000,193,705 | ---- | C] () -- C:\Users\Karen\AppData\Local\ars.cache
[2012/07/31 15:57:23 | 000,089,174 | ---- | C] () -- C:\Users\Karen\Desktop\DIY Skin Care SEA Lab Percentage Calculator.htm
[2012/07/31 15:55:59 | 000,048,358 | ---- | C] () -- C:\Users\Karen\Desktop\Batch Size Calculator - Wholesale Supplies Plus.htm
[2010/12/27 21:49:36 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/27 21:49:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/18 11:27:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/21 15:17:51 | 004,146,115 | ---- | C] () -- C:\Users\Karen\IMG_0024.JPG
[2010/07/20 15:55:35 | 000,011,806 | -H-- | C] () -- C:\Users\Karen\ZbThumbnail.info
[2010/07/20 15:55:34 | 002,222,142 | ---- | C] () -- C:\Users\Karen\IMG_0014.JPG
[2009/07/02 20:27:47 | 000,000,036 | ---- | C] () -- C:\Users\Karen\AppData\Local\housecall.guid.cache
[2007/11/06 11:48:03 | 000,001,356 | ---- | C] () -- C:\Users\Karen\AppData\Local\d3d9caps.dat
[2007/08/28 20:45:27 | 000,131,584 | ---- | C] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/14 10:02:12 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG
[2011/10/12 11:57:10 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\AVG2012
[2007/12/26 19:35:44 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\F-Secure
[2011/02/07 23:23:48 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Gygan
[2008/10/14 23:53:13 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\HouseCall 6.6
[2010/02/23 00:37:32 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Image Zone Express
[2007/12/26 20:36:06 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\InterVideo
[2011/01/16 12:09:20 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\mjusbsp
[2010/12/24 14:04:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\MusicNet
[2010/06/19 19:10:26 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\OpenOffice.org
[2007/12/29 10:12:29 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Printer Info Cache
[2011/08/18 10:19:15 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Sammsoft
[2012/08/20 11:11:46 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SoftGrid Client
[2010/07/23 15:07:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TP
[2011/04/12 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Transcend
[2012/08/13 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\uTorrent
[2012/08/20 11:32:45 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >