Jump to content

Infected with Trojan Crypt.AJZT and many others.. maybe..


MBware

Recommended Posts

Help! I have ran a ton of different anti-virus programs trying to kill this infestation: AVG, Avast, Avira, Kaspersky, DRWeb, ESET, F-Prot... to name a few... main issue is the computer turns off while scanning or blocks scanning... it has also stolen my network password and added it to some key ring... changed password.. anyway here's some found virus' in the infecting file:

Trojan.Click2 - AVG, Arcavir

Crypt.AJZT (64 bit, infected registry keys) - AVG

W32/Backdoor2.HJZG -- Use Commtouch, F-Prot, Authentium

Troj/Keygen-GV - Sophos

HackTool.Keygen!O9+5af6Bu28 - VirusBuster

Trojan/Win32.Genome.ymdi - Anity

BAT/HostsChanger.A application - NOD32

TROJ_SPNR.08JR11 - Trend Micro

Suspected files and entries:

Crypt.PKO in registry

YMERemote

csrss.exe

atieclxx.exe

winlogon.exe

cryptdlg.exe

bcrypt32.dll

cryptocme2.dll

cryptbase.dll

cryptsp.dll

cryptxml.dll

Infections Reported: Trojan Crypt.AJZT (on the loose somewhere)

Heur.Generic,Dialer.15 in C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\TC0034620\TC00346200B.EXE<ZIP>:tinstall.exe (replaced)

Downloader.Riskware.Popcap.B in C:Windows\Downloaded Program Files\popcaploader,dll (deleted)

E_SE14C.tmp.vir (quarantined)

Here's my DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1

Run by Lisa at 21:13:02 on 2013-01-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.2201 [GMT -6:00]

.

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig

uDefault_Page_URL = hxxp://start.toshiba.com/g/

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

mWinlogon: Userinit = userinit.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe

uRun: [EPSON1574D8 (Epson Stylus NX420)] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\windows\TEMP\E_SE14C.tmp" /EF "HKCU"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{362C9586-D96A-4566-97CD-9ADB030ECEF8} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{362C9586-D96A-4566-97CD-9ADB030ECEF8}\16474777966696 : DHCPNameServer = 192.168.5.1

TCP: Interfaces\{362C9586-D96A-4566-97CD-9ADB030ECEF8}\7596C616E6462457464697 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{362C9586-D96A-4566-97CD-9ADB030ECEF8}\A5960707564696479744F6F64416 : DHCPNameServer = 192.168.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

x64-Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe

x64-Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-6-23 75904]

R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-6-23 38016]

R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-11-29 30568]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]

R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-6-23 9216]

S1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

S1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

S2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-6-23 203776]

S2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-1-22 71600]

S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-22 44808]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-6-23 126392]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]

S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-29 711112]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]

S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\windows\System32\drivers\massfilter_hs.sys [2012-8-23 18456]

S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-6-23 38096]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-4 19456]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-6-23 243712]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-6-23 1109096]

S3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

S3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

S3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

S3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-6-23 51576]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-12-4 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-12-4 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-8-26 1255736]

S3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

.bat: <filetype is not registered>

.cmd: <filetype is not registered>

.com: <filetype is not registered>

.exe: <filetype is not registered>

.chm: <filetype is not registered>

.ini: <filetype is not registered>

.inf: <filetype is not registered>

.

=============== Created Last 30 ================

.

2013-01-23 19:13:08 -------- d-----w- C:\Users\Lisa\AppData\Roaming\ArcaBit

2013-01-23 07:59:55 -------- d-----w- C:\Program Files (x86)\ESET

2013-01-23 07:40:28 -------- d-----w- C:\Users\Lisa\AppData\Roaming\QuickScan

2013-01-23 06:59:56 -------- d-----w- C:\Program Files\Defraggler

2013-01-23 05:31:35 -------- d-----w- C:\Program Files\CCleaner

2013-01-23 02:41:55 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2013-01-23 02:41:23 41224 ----a-w- C:\windows\avastSS.scr

2013-01-23 02:40:53 -------- d-----w- C:\ProgramData\AVAST Software

2013-01-23 02:40:53 -------- d-----w- C:\Program Files\AVAST Software

2013-01-23 01:44:06 -------- d-----w- C:\Users\Lisa\Doctor Web

2013-01-22 10:39:22 -------- d-----w- C:\Users\Lisa\AppData\Roaming\FRISK Software

2013-01-22 10:26:28 -------- d-----w- C:\ProgramData\FRISK Software

2013-01-22 10:23:28 -------- d-----w- C:\Users\Lisa\AppData\Roaming\ArcaVirMicroScan

2013-01-22 03:20:53 -------- d-----w- C:\ProgramData\Kaspersky Lab

2013-01-21 21:13:22 -------- d-----w- C:\ProgramData\HitmanPro

2013-01-21 20:37:06 -------- d-----w- C:\Users\Lisa\AppData\Roaming\Malwarebytes

2013-01-21 20:36:52 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-09 05:19:36 424448 ----a-w- C:\windows\System32\KernelBase.dll

2013-01-09 05:13:16 750592 ----a-w- C:\windows\System32\win32spl.dll

2013-01-09 05:13:16 492032 ----a-w- C:\windows\SysWow64\win32spl.dll

2013-01-09 04:58:13 800768 ----a-w- C:\windows\System32\usp10.dll

2013-01-09 04:58:13 626688 ----a-w- C:\windows\SysWow64\usp10.dll

2013-01-09 04:50:55 68608 ----a-w- C:\windows\System32\taskhost.exe

2013-01-09 04:50:53 3149824 ----a-w- C:\windows\System32\win32k.sys

2013-01-09 04:13:17 2002432 ----a-w- C:\windows\System32\msxml6.dll

2013-01-09 04:13:16 1882624 ----a-w- C:\windows\System32\msxml3.dll

2013-01-09 04:13:16 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll

2013-01-09 04:13:15 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2013-01-09 04:12:21 307200 ----a-w- C:\windows\System32\ncrypt.dll

2013-01-09 04:12:20 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll

2013-01-02 20:31:57 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{99D51E8E-B0BF-4FCA-9E48-7CF7A2D706E9}\mpengine.dll

.

==================== Find3M ====================

.

2013-01-17 03:58:17 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-17 03:58:17 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-11-30 03:45:01 30568 ----a-w- C:\windows\System32\drivers\avgtpx64.sys

2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-16 05:33:24 111968 ----a-w- C:\windows\System32\drivers\avgmfx64.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

.

============= FINISH: 21:14:29.96 ===============

attach.txt.zip

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

<p>Thanks for the welcome and thank you for your help. <img alt="" class="bbc_emoticon" id="ipsEmo__11" src="http://forums.malwarebytes.org/public/style_emoticons/default/smile.png" title="Shift+R improves the quality of this image. Shift+A improves the quality of all images on this page." /></p>

<p> </p>

<p>

 * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).  
</p>

<p> </p>

<p>CF said AVG was running... but I could find no active AVG services running in Safe Mode...  so I ran CF anyway...  here's the log:</p>

<p> </p>

<p> </p>

<div>ComboFix 13-01-23.01 - Lisa 01/24/2013   1:06.1.2 - x64 MINIMAL</div>

<div>Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.2097 [GMT -6:00]</div>

<div>Running from: c:\users\Lisa\Desktop\ComboFix.exe</div>

<div>AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}</div>

<div>AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}</div>

<div>SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}</div>

<div>SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}</div>

<div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

<div> * Created a new restore point</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>c:\windows\SysWow64\Cache</div>

<div>c:\windows\SysWow64\Cache\1608f76803940ed6.fb</div>

<div>c:\windows\SysWow64\Cache\272512937d9e61a4.fb</div>

<div>c:\windows\SysWow64\Cache\287204568329e189.fb</div>

<div>c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb</div>

<div>c:\windows\SysWow64\Cache\2c53092c95605355.fb</div>

<div>c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb</div>

<div>c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb</div>

<div>c:\windows\SysWow64\Cache\3917078cb68ec657.fb</div>

<div>c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb</div>

<div>c:\windows\SysWow64\Cache\610289e025a3ee9a.fb</div>

<div>c:\windows\SysWow64\Cache\651c5d3cdbfb8bd1.fb</div>

<div>c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb</div>

<div>c:\windows\SysWow64\Cache\6d03dad1035885d3.fb</div>

<div>c:\windows\SysWow64\Cache\a6d5c8e21f7513ad.fb</div>

<div>c:\windows\SysWow64\Cache\a8556537add6dfc5.fb</div>

<div>c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb</div>

<div>c:\windows\SysWow64\Cache\c1fa887b03019701.fb</div>

<div>c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb</div>

<div>c:\windows\SysWow64\Cache\d201ef9910cd39de.fb</div>

<div>c:\windows\SysWow64\Cache\d2e94710a5708128.fb</div>

<div>c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb</div>

<div>c:\windows\SysWow64\Cache\f1db5155dd8062c3.fb</div>

<div>c:\windows\SysWow64\Cache\f998975c9cc711ee.fb</div>

<div>c:\windows\SysWow64\tmpE37B.tmp</div>

<div>c:\windows\SysWow64\tmpE38C.tmp</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((   Files Created from 2012-12-24 to 2013-01-24  )))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>2013-01-24 07:17 . 2013-01-24 07:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Guest\AppData\Local\temp</div>

<div>2013-01-24 07:17 . 2013-01-24 07:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>

<div>2013-01-23 19:13 . 2013-01-23 19:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Lisa\AppData\Roaming\ArcaBit</div>

<div>2013-01-23 07:59 . 2013-01-23 07:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\ESET</div>

<div>2013-01-23 07:40 . 2013-01-23 07:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Lisa\AppData\Roaming\QuickScan</div>

<div>2013-01-23 06:59 . 2013-01-23 06:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Defraggler</div>

<div>2013-01-23 05:31 . 2013-01-23 05:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\CCleaner</div>

<div>2013-01-23 02:41 . 2012-10-30 23:51<span class="Apple-tab-span" style="white-space:pre"> </span>71600<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswMonFlt.sys</div>

<div>2013-01-23 02:41 . 2012-10-30 23:50<span class="Apple-tab-span" style="white-space:pre"> </span>285328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\aswBoot.exe</div>

<div>2013-01-23 02:41 . 2012-10-30 23:51<span class="Apple-tab-span" style="white-space:pre"> </span>41224<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\avastSS.scr</div>

<div>2013-01-23 02:41 . 2012-10-30 23:50<span class="Apple-tab-span" style="white-space:pre"> </span>227648<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\aswBoot.exe</div>

<div>2013-01-23 02:40 . 2013-01-23 02:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVAST Software</div>

<div>2013-01-23 02:40 . 2013-01-23 02:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVAST Software</div>

<div>2013-01-23 01:44 . 2013-01-23 01:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Lisa\Doctor Web</div>

<div>2013-01-22 10:39 . 2013-01-22 10:39<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Lisa\AppData\Roaming\FRISK Software</div>

<div>2013-01-22 10:26 . 2013-01-22 10:26<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\FRISK Software</div>

<div>2013-01-22 10:23 . 2013-01-23 17:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Lisa\AppData\Roaming\ArcaVirMicroScan</div>

<div>2013-01-22 03:20 . 2013-01-22 03:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Kaspersky Lab</div>

<div>2013-01-21 21:13 . 2013-01-21 21:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\HitmanPro</div>

<div>2013-01-21 20:37 . 2013-01-21 20:37<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Lisa\AppData\Roaming\Malwarebytes</div>

<div>2013-01-21 20:36 . 2013-01-21 20:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div>

<div>2013-01-09 05:19 . 2012-11-30 05:41<span class="Apple-tab-span" style="white-space:pre"> </span>424448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\KernelBase.dll</div>

<div>2013-01-09 05:13 . 2012-11-09 05:45<span class="Apple-tab-span" style="white-space:pre"> </span>750592<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32spl.dll</div>

<div>2013-01-09 05:13 . 2012-11-09 04:43<span class="Apple-tab-span" style="white-space:pre"> </span>492032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\win32spl.dll</div>

<div>2013-01-09 04:58 . 2012-11-22 05:44<span class="Apple-tab-span" style="white-space:pre"> </span>800768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\usp10.dll</div>

<div>2013-01-09 04:58 . 2012-11-22 04:45<span class="Apple-tab-span" style="white-space:pre"> </span>626688<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\usp10.dll</div>

<div>2013-01-09 04:50 . 2012-11-23 03:13<span class="Apple-tab-span" style="white-space:pre"> </span>68608<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\taskhost.exe</div>

<div>2013-01-09 04:50 . 2012-11-23 03:26<span class="Apple-tab-span" style="white-space:pre"> </span>3149824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div>

<div>2013-01-09 04:13 . 2012-11-01 05:43<span class="Apple-tab-span" style="white-space:pre"> </span>2002432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msxml6.dll</div>

<div>2013-01-09 04:13 . 2012-11-01 05:43<span class="Apple-tab-span" style="white-space:pre"> </span>1882624<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msxml3.dll</div>

<div>2013-01-09 04:13 . 2012-11-01 04:47<span class="Apple-tab-span" style="white-space:pre"> </span>1389568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\msxml6.dll</div>

<div>2013-01-09 04:13 . 2012-11-01 04:47<span class="Apple-tab-span" style="white-space:pre"> </span>1236992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\msxml3.dll</div>

<div>2013-01-09 04:12 . 2012-11-20 05:48<span class="Apple-tab-span" style="white-space:pre"> </span>307200<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ncrypt.dll</div>

<div>2013-01-09 04:12 . 2012-11-20 04:51<span class="Apple-tab-span" style="white-space:pre"> </span>220160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\ncrypt.dll</div>

<div>2013-01-02 20:31 . 2012-11-19 07:01<span class="Apple-tab-span" style="white-space:pre"> </span>9125352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows Defender\Definition Updates\{99D51E8E-B0BF-4FCA-9E48-7CF7A2D706E9}\mpengine.dll</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>2013-01-17 03:58 . 2012-05-12 08:52<span class="Apple-tab-span" style="white-space:pre"> </span>697864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerApp.exe</div>

<div>2013-01-17 03:58 . 2011-10-10 08:12<span class="Apple-tab-span" style="white-space:pre"> </span>74248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerCPLApp.cpl</div>

<div>2012-12-16 23:31 . 2011-08-30 02:47<span class="Apple-tab-span" style="white-space:pre"> </span>67599240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MRT.exe</div>

<div>2012-12-16 17:11 . 2012-12-21 09:00<span class="Apple-tab-span" style="white-space:pre"> </span>46080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atmlib.dll</div>

<div>2012-12-16 14:45 . 2012-12-21 09:00<span class="Apple-tab-span" style="white-space:pre"> </span>367616<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atmfd.dll</div>

<div>2012-12-16 14:13 . 2012-12-21 09:00<span class="Apple-tab-span" style="white-space:pre"> </span>295424<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\atmfd.dll</div>

<div>2012-12-16 14:13 . 2012-12-21 09:00<span class="Apple-tab-span" style="white-space:pre"> </span>34304<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\atmlib.dll</div>

<div>2012-11-30 04:45 . 2013-01-09 05:19<span class="Apple-tab-span" style="white-space:pre"> </span>44032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\apppatch\acwow64.dll</div>

<div>2012-11-30 03:45 . 2012-11-30 03:45<span class="Apple-tab-span" style="white-space:pre"> </span>30568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgtpx64.sys</div>

<div>2012-11-16 05:33 . 2012-11-16 05:33<span class="Apple-tab-span" style="white-space:pre"> </span>111968<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgmfx64.sys</div>

<div>2012-11-14 07:06 . 2012-12-13 09:00<span class="Apple-tab-span" style="white-space:pre"> </span>17811968<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mshtml.dll</div>

<div>2012-11-14 06:32 . 2012-12-13 09:00<span class="Apple-tab-span" style="white-space:pre"> </span>10925568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ieframe.dll</div>

<div>2012-11-14 06:11 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>2312704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\jscript9.dll</div>

<div>2012-11-14 06:04 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>1346048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\urlmon.dll</div>

<div>2012-11-14 06:04 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>1392128<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wininet.dll</div>

<div>2012-11-14 06:02 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>1494528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\inetcpl.cpl</div>

<div>2012-11-14 06:02 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>237056<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\url.dll</div>

<div>2012-11-14 05:59 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>85504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\jsproxy.dll</div>

<div>2012-11-14 05:58 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>816640<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\jscript.dll</div>

<div>2012-11-14 05:57 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>599040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\vbscript.dll</div>

<div>2012-11-14 05:57 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>173056<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ieUnatt.exe</div>

<div>2012-11-14 05:55 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>2144768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\iertutil.dll</div>

<div>2012-11-14 05:55 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>729088<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msfeeds.dll</div>

<div>2012-11-14 05:53 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>96768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mshtmled.dll</div>

<div>2012-11-14 05:52 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>2382848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mshtml.tlb</div>

<div>2012-11-14 05:46 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>248320<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ieui.dll</div>

<div>2012-11-14 02:09 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>1800704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\jscript9.dll</div>

<div>2012-11-14 01:58 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>1427968<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\inetcpl.cpl</div>

<div>2012-11-14 01:57 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>1129472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\wininet.dll</div>

<div>2012-11-14 01:49 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>142848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\ieUnatt.exe</div>

<div>2012-11-14 01:48 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>420864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\vbscript.dll</div>

<div>2012-11-14 01:44 . 2012-12-13 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>2382848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\mshtml.tlb</div>

<div>2012-11-09 05:45 . 2012-12-13 03:05<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tzres.dll</div>

<div>2012-11-09 04:42 . 2012-12-13 03:05<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\tzres.dll</div>

<div>2012-11-02 05:59 . 2012-12-13 02:59<span class="Apple-tab-span" style="white-space:pre"> </span>478208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dpnet.dll</div>

<div>2012-11-02 05:11 . 2012-12-13 02:59<span class="Apple-tab-span" style="white-space:pre"> </span>376832<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\dpnet.dll</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>*Note* empty entries & legit default entries are not shown </div>

<div>REGEDIT4</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]</div>

<div>2012-12-01 02:57<span class="Apple-tab-span" style="white-space:pre"> </span>1796552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]</div>

<div>"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-12-01 1796552]</div>

<div>.</div>

<div>[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]</div>

<div>[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]</div>

<div>[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]</div>

<div>.</div>

<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-23 39408]</div>

<div>"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-16 336384]</div>

<div>"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]</div>

<div>"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]</div>

<div>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]</div>

<div>"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-11-30 1020512]</div>

<div>"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]</div>

<div>"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-12-01 997320]</div>

<div>"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]</div>

<div>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]</div>

<div>"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]</div>

<div>.</div>

<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</div>

<div>HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>

<div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div>

<div>"ConsentPromptBehaviorUser"= 3 (0x3)</div>

<div>"EnableUIADesktopToggle"= 0 (0x0)</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]</div>

<div>@="Service"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]</div>

<div>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"</div>

<div>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"</div>

<div>"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime</div>

<div>.</div>

<div>R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]</div>

<div>R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]</div>

<div>R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]</div>

<div>R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776]</div>

<div>R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]</div>

<div>R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]</div>

<div>R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]</div>

<div>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</div>

<div>R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]</div>

<div>R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-02-03 126392]</div>

<div>R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]</div>

<div>R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]</div>

<div>R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]</div>

<div>R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-30 711112]</div>

<div>R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]</div>

<div>R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2011-07-07 18456]</div>

<div>R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]</div>

<div>R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]</div>

<div>R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]</div>

<div>R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]</div>

<div>R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]</div>

<div>R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]</div>

<div>R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]</div>

<div>R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]</div>

<div>R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]</div>

<div>R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]</div>

<div>R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]</div>

<div>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]</div>

<div>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]</div>

<div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1255736]</div>

<div>R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]</div>

<div>R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]</div>

<div>S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]</div>

<div>S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]</div>

<div>S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]</div>

<div>S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]</div>

<div>S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]</div>

<div>S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]</div>

<div>S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-30 30568]</div>

<div>S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]</div>

<div>S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]</div>

<div>.</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]</div>

<div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]</div>

<div>2013-01-23 20:29<span class="Apple-tab-span" style="white-space:pre"> </span>1607120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe</div>

<div>.</div>

<div>Contents of the 'Scheduled Tasks' folder</div>

<div>.</div>

<div>2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job</div>

<div>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 03:58]</div>

<div>.</div>

<div>2013-01-23 c:\windows\Tasks\avast! Emergency Update.job</div>

<div>- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-23 23:50]</div>

<div>.</div>

<div>2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 18:34]</div>

<div>.</div>

<div>2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-23 18:34]</div>

<div>.</div>

<div>.</div>

<div>--------- X64 Entries -----------</div>

<div>.</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]</div>

<div>"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2010-09-28 566184]</div>

<div>"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 508216]</div>

<div>"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-05-10 915320]</div>

<div>"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]</div>

<div>"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]</div>

<div>.</div>

<div>------- Supplementary Scan -------</div>

<div>.</div>

<div>uLocal Page = c:\windows\system32\blank.htm</div>

<div>uStart Page = hxxp://www.google.com/ig</div>

<div>mLocal Page = c:\windows\SysWOW64\blank.htm</div>

<div>uInternet Settings,ProxyOverride = *.local;<local></div>

<div>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000</div>

<div>TCP: DhcpNameServer = 192.168.1.1</div>

<div>Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll</div>

<div>.</div>

<div>- - - - ORPHANS REMOVED - - - -</div>

<div>.</div>

<div>Toolbar-Locked - (no file)</div>

<div>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</div>

<div>Toolbar-Locked - (no file)</div>

<div>HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe</div>

<div>HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe</div>

<div>HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe</div>

<div>HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe</div>

<div>AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]</div>

<div>"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"</div>

<div>.</div>

<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="FlashBroker"</div>

<div>"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div>

<div>"Enabled"=dword:00000001</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div>

<div>@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="IFlashBroker5"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div>

<div>@="{00020424-0000-0000-C000-000000000046}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>"Version"="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="FlashBroker"</div>

<div>"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div>

<div>"Enabled"=dword:00000001</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div>

<div>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="Shockwave Flash Object"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>

<div>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"</div>

<div>"ThreadingModel"="Apartment"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</div>

<div>@="0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</div>

<div>@="ShockwaveFlash.ShockwaveFlash.11"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>

<div>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</div>

<div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</div>

<div>@="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>

<div>@="ShockwaveFlash.ShockwaveFlash"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="Macromedia Flash Factory Object"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>

<div>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"</div>

<div>"ThreadingModel"="Apartment"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</div>

<div>@="FlashFactory.FlashFactory.1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>

<div>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</div>

<div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</div>

<div>@="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>

<div>@="FlashFactory.FlashFactory"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="IFlashBroker5"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div>

<div>@="{00020424-0000-0000-C000-000000000046}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>"Version"="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</div>

<div>@Denied: (Full) (Everyone)</div>

<div>.</div>

<div>Completion time: 2013-01-24  01:22:02</div>

<div>ComboFix-quarantined-files.txt  2013-01-24 07:22</div>

<div>.</div>

<div>Pre-Run: 261,573,742,592 bytes free</div>

<div>Post-Run: 261,425,504,256 bytes free</div>

<div>.</div>

<div>- - End Of File - - C5D7BFC7568EF6481DD3AB8E2BB391E2</div>

<div> </div>

Link to post
Share on other sites

Hey MBware. :)

ComboFix didn't show anything.

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

Hi DarkKnight :)

Here's OTL.txt:

OTL logfile created on: 1/24/2013 7:44:37 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lisa\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 84.66% Memory free

5.20 Gb Paging File | 4.81 Gb Available in Paging File | 92.60% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.29 Gb Total Space | 243.57 Gb Free Space | 85.38% Space Free | Partition Type: NTFS

Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 3.73 Gb Total Space | 3.67 Gb Free Space | 98.33% Space Free | Partition Type: FAT32

Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/05 14:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011/02/10 13:52:04 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/10/20 15:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2010/09/28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/01/16 21:58:18 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/11/29 21:45:01 | 000,711,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)

SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/06/19 16:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/02/03 13:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe -- (PCCUJobMgr)

SRV - [2010/07/01 11:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/29 21:45:01 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)

DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/07/07 15:13:40 | 000,018,456 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)

DRV:64bit: - [2011/04/20 09:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/14 13:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2011/02/10 14:22:00 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/02/10 13:15:08 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2011/01/05 02:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)

DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/11 13:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/11/05 08:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/11/05 08:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/10/08 12:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1F9E9423-B107-44C1-BE87-14027CC5AF36}

IE:64bit: - HKLM\..\SearchScopes\{1F9E9423-B107-44C1-BE87-14027CC5AF36}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {8AB49EF4-15AA-4603-89E6-BE80A39A7E9A}

IE - HKLM\..\SearchScopes\{8AB49EF4-15AA-4603-89E6-BE80A39A7E9A}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF

IE - HKLM\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig

IE - HKCU\..\SearchScopes,DefaultScope = {0A76D96A-B815-4836-9599-F3C7DE490E32}

IE - HKCU\..\SearchScopes\{0A76D96A-B815-4836-9599-F3C7DE490E32}: "URL" = http://www.google.co...&rlz=1I7TSNF_en

IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....24,17118,0,18,0

IE - HKCU\..\SearchScopes\{8AB49EF4-15AA-4603-89E6-BE80A39A7E9A}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF

IE - HKCU\..\SearchScopes\{94FF9FD0-2985-4063-B8D3-2CDEF0EC07B8}: "URL" = http://websearch.ask...C9-B88C2A74CE8A

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-11-29 21:45:35&v=13.2.0.4&sap=dsp&q={searchTerms}

IE - HKCU\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/30 20:57:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/04 01:57:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/04 01:57:41 | 000,000,000 | ---D | M]

[2012/06/15 17:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://start.toshiba.com/g/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://start.toshiba.com/g/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: RivalGaming = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd\

CHR - Extension: Anna Sui = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib\3_0\

CHR - Extension: avast! WebRep = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

CHR - Extension: Skype Click to Call = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\

CHR - Extension: AVG Secure Search = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\

CHR - Extension: AVG Secure Search = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak

CHR - Extension: Bitdefender QuickScan = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\

O1 HOSTS File: ([2013/01/24 01:17:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)

O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

O4 - HKCU..\Run: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{362C9586-D96A-4566-97CD-9ADB030ECEF8}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/05/06 06:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2013/01/24 07:40:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe

[2013/01/24 07:37:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/01/24 01:22:06 | 000,000,000 | ---D | C] -- C:\windows\temp

[2013/01/24 01:03:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2013/01/24 01:03:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2013/01/24 01:03:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2013/01/24 00:37:18 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/24 00:37:02 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2013/01/23 19:24:41 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Lisa\Desktop\SpyHunter-Installer.exe

[2013/01/23 19:24:33 | 005,026,296 | R--- | C] (Swearware) -- C:\Users\Lisa\Desktop\ComboFix.exe

[2013/01/23 15:29:07 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\AV logs

[2013/01/23 13:31:22 | 065,273,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MRT.exe

[2013/01/23 13:13:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\ArcaBit

[2013/01/23 01:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2013/01/23 01:40:28 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\QuickScan

[2013/01/23 00:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler

[2013/01/23 00:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler

[2013/01/22 23:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013/01/22 23:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/01/22 20:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2013/01/22 20:41:55 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2013/01/22 20:41:54 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2013/01/22 20:41:23 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr

[2013/01/22 20:41:22 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2013/01/22 20:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2013/01/22 20:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2013/01/22 19:44:06 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Doctor Web

[2013/01/22 04:39:22 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\FRISK Software

[2013/01/22 04:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FRISK Software

[2013/01/22 04:23:28 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\ArcaVirMicroScan

[2013/01/21 21:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2013/01/21 15:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013/01/21 14:37:06 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes

[2013/01/21 14:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/01/15 00:43:06 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\blanco

[2013/01/14 13:20:45 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Geneva

[2013/01/12 14:47:21 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Comfort

[2013/01/12 14:45:41 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\App Info

[2013/01/12 14:44:56 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Pearsall ISD

[2013/01/11 10:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2013/01/08 23:59:11 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll

[2013/01/08 23:59:11 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll

[2013/01/08 23:59:11 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll

[2013/01/08 23:59:11 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs

[2013/01/08 23:59:11 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs

[2013/01/08 23:59:11 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs

[2013/01/08 23:59:11 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs

[2013/01/08 23:59:11 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs

[2013/01/08 23:59:11 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs

[2013/01/08 23:59:11 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs

[2013/01/08 23:59:11 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs

[2013/01/08 23:59:11 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs

[2013/01/08 23:59:11 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs

[2013/01/08 23:59:11 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs

[2013/01/08 23:59:11 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs

[2013/01/08 23:59:11 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs

[2013/01/08 23:59:11 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs

[2013/01/08 23:59:11 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs

[2013/01/08 23:59:11 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs

[2013/01/08 23:59:11 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs

[2013/01/08 23:59:11 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs

[2013/01/08 23:59:11 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs

[2013/01/08 23:59:11 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs

[2013/01/08 23:59:10 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll

[2013/01/08 23:59:09 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs

[2013/01/08 23:59:09 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs

[2013/01/08 23:59:09 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs

[2013/01/08 23:59:09 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs

[2013/01/08 23:59:09 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs

[2013/01/08 23:59:09 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs

[2013/01/08 23:59:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs

[2013/01/08 23:59:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs

[2013/01/08 23:19:36 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll

[2013/01/08 23:19:34 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll

[2013/01/08 23:19:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll

[2013/01/08 23:19:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe

[2013/01/08 23:19:33 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll

[2013/01/08 23:19:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll

[2013/01/08 23:19:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll

[2013/01/08 23:19:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll

[2013/01/08 23:19:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll

[2013/01/08 23:19:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2013/01/08 23:19:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013/01/08 23:19:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2013/01/08 23:19:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll

[2013/01/08 23:19:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/08 23:19:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/08 23:19:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/08 23:19:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/08 23:19:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/08 23:19:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/01/08 23:19:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2013/01/08 23:19:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/01/08 23:19:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/08 23:19:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/08 23:19:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/08 23:19:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe

[2013/01/08 23:19:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe

[2013/01/08 23:19:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/01/08 23:19:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/08 23:19:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/01/08 23:19:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013/01/08 23:19:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2013/01/08 23:19:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe

[2013/01/08 23:13:16 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll

[2013/01/08 23:13:16 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll

[2013/01/08 22:58:13 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll

[2013/01/08 22:50:55 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe

[2013/01/08 22:12:21 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll

[2013/01/05 16:03:46 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\crafts

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/24 07:41:25 | 000,727,310 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2013/01/24 07:41:25 | 000,624,606 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2013/01/24 07:41:25 | 000,106,724 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2013/01/24 07:37:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013/01/24 07:36:35 | 2094,161,920 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/24 01:17:12 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2013/01/23 15:35:09 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/23 15:29:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/23 15:05:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2013/01/23 14:32:39 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/23 14:32:39 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/23 04:00:14 | 005,026,296 | R--- | M] (Swearware) -- C:\Users\Lisa\Desktop\ComboFix.exe

[2013/01/23 00:12:02 | 000,002,276 | ---- | M] () -- C:\Users\Lisa\Documents\cc_20130123_001059_regbu.reg

[2013/01/22 23:53:30 | 000,102,684 | ---- | M] () -- C:\Users\Lisa\Documents\cc_20130122_235139_regbu.reg

[2013/01/22 20:41:56 | 000,000,350 | -H-- | M] () -- C:\windows\tasks\avast! Emergency Update.job

[2013/01/22 20:41:55 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt

[2013/01/22 01:16:43 | 000,007,609 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Resmon.ResmonCfg

[2013/01/21 16:29:33 | 000,000,526 | ---- | M] () -- C:\Users\Lisa\Documents\AVGReport012113.csv

[2013/01/16 21:58:17 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2013/01/16 21:58:17 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/01/15 21:13:08 | 012,737,460 | ---- | M] () -- C:\Users\Lisa\Documents\Israel101.pdf

[2013/01/14 14:01:26 | 000,688,601 | ---- | M] () -- C:\Users\Lisa\Desktop\Substitute w CH & DPS Form as of 5-16-2011.pdf

[2013/01/14 13:58:36 | 000,021,446 | ---- | M] () -- C:\Users\Lisa\Desktop\sub app for kerrville.pdf

[2013/01/14 13:41:57 | 000,154,667 | ---- | M] () -- C:\Users\Lisa\Desktop\SUBTEACHER_INSTRUCTIONS_2011_2012_FINAL.pdf

[2013/01/14 13:36:09 | 000,233,198 | ---- | M] () -- C:\Users\Lisa\Desktop\MVsubstituteapp.pdf

[2013/01/14 13:35:36 | 000,219,544 | ---- | M] () -- C:\Users\Lisa\Desktop\MVProfessionalApp.pdf

[2013/01/14 13:28:30 | 000,129,965 | ---- | M] () -- C:\Users\Lisa\Desktop\Teacher App for Hondo.pdf

[2013/01/14 13:26:28 | 000,174,893 | ---- | M] () -- C:\Users\Lisa\Desktop\Sub Teacher App for Hondo.pdf

[2013/01/13 17:53:06 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2013/01/11 10:38:31 | 000,000,428 | ---- | M] () -- C:\windows\SysWow64\userawacs.cfg

[2013/01/09 13:22:12 | 000,419,208 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2013/01/03 09:17:14 | 003,059,586 | ---- | M] () -- C:\Users\Lisa\Documents\Attachments_201313.zip

[2012/12/31 18:19:46 | 000,252,106 | ---- | M] () -- C:\Users\Lisa\Documents\Aluminum Crochet Hook Case2.pdf

[2012/12/28 20:00:37 | 000,250,962 | ---- | M] () -- C:\Users\Lisa\Documents\Aluminum Crochet Hook Case.pdf

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/24 01:03:25 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2013/01/24 01:03:25 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2013/01/24 01:03:25 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2013/01/24 01:03:25 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2013/01/24 01:03:25 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2013/01/23 00:11:22 | 000,002,276 | ---- | C] () -- C:\Users\Lisa\Documents\cc_20130123_001059_regbu.reg

[2013/01/22 23:52:55 | 000,102,684 | ---- | C] () -- C:\Users\Lisa\Documents\cc_20130122_235139_regbu.reg

[2013/01/22 20:41:56 | 000,000,350 | -H-- | C] () -- C:\windows\tasks\avast! Emergency Update.job

[2013/01/22 20:41:54 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt

[2013/01/22 01:16:43 | 000,007,609 | ---- | C] () -- C:\Users\Lisa\AppData\Local\Resmon.ResmonCfg

[2013/01/21 16:29:32 | 000,000,526 | ---- | C] () -- C:\Users\Lisa\Documents\AVGReport012113.csv

[2013/01/15 21:13:01 | 012,737,460 | ---- | C] () -- C:\Users\Lisa\Documents\Israel101.pdf

[2013/01/14 14:01:25 | 000,688,601 | ---- | C] () -- C:\Users\Lisa\Desktop\Substitute w CH & DPS Form as of 5-16-2011.pdf

[2013/01/14 13:58:36 | 000,021,446 | ---- | C] () -- C:\Users\Lisa\Desktop\sub app for kerrville.pdf

[2013/01/14 13:41:57 | 000,154,667 | ---- | C] () -- C:\Users\Lisa\Desktop\SUBTEACHER_INSTRUCTIONS_2011_2012_FINAL.pdf

[2013/01/14 13:36:09 | 000,233,198 | ---- | C] () -- C:\Users\Lisa\Desktop\MVsubstituteapp.pdf

[2013/01/14 13:35:36 | 000,219,544 | ---- | C] () -- C:\Users\Lisa\Desktop\MVProfessionalApp.pdf

[2013/01/14 13:28:30 | 000,129,965 | ---- | C] () -- C:\Users\Lisa\Desktop\Teacher App for Hondo.pdf

[2013/01/14 13:26:28 | 000,174,893 | ---- | C] () -- C:\Users\Lisa\Desktop\Sub Teacher App for Hondo.pdf

[2013/01/13 17:53:06 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2013/01/03 09:15:09 | 003,059,586 | ---- | C] () -- C:\Users\Lisa\Documents\Attachments_201313.zip

[2012/12/31 18:19:46 | 000,252,106 | ---- | C] () -- C:\Users\Lisa\Documents\Aluminum Crochet Hook Case2.pdf

[2012/12/28 20:00:37 | 000,250,962 | ---- | C] () -- C:\Users\Lisa\Documents\Aluminum Crochet Hook Case.pdf

[2012/12/04 02:24:25 | 000,000,601 | ---- | C] () -- C:\windows\hpomdl46.dat.temp

[2012/12/04 01:49:48 | 000,205,954 | ---- | C] () -- C:\windows\hpoins46.dat

[2012/12/04 01:49:47 | 000,000,601 | ---- | C] () -- C:\windows\hpomdl46.dat

[2012/08/23 11:07:41 | 000,584,584 | ---- | C] () -- C:\windows\adb.exe

[2012/06/19 09:47:09 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012/03/17 20:33:26 | 000,000,000 | ---- | C] () -- C:\windows\pcfriend.INI

[2011/06/23 11:59:09 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe

[2011/06/23 11:52:12 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2011/06/23 11:49:07 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.*

>

[2010/11/20 21:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2011/03/29 21:11:41 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2013/01/24 01:22:03 | 000,023,860 | ---- | M] () -- C:\ComboFix.txt

[2013/01/24 07:36:35 | 2094,161,920 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/24 07:36:37 | 2792,218,624 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s

>

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

>

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Thank you for your help... Extras.txt Coming up! :)

Link to post
Share on other sites

BTW, the computer hasn't turned off once during these scan like it did on some of the previous mentioned OP scans.... very happy :)

Here's Extras.txt:

OTL Extras logfile created on: 1/24/2013 7:44:37 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lisa\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 84.66% Memory free

5.20 Gb Paging File | 4.81 Gb Available in Paging File | 92.60% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.29 Gb Total Space | 243.57 Gb Free Space | 85.38% Space Free | Partition Type: NTFS

Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 3.73 Gb Total Space | 3.67 Gb Free Space | 98.33% Space Free | Partition Type: FAT32

Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

.cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.inf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

.ini [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0337C64F-6A92-47B3-927B-CDBCA5C5EAD2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0C1D92CA-B7A6-420F-9061-07B912EAB55D}" = rport=139 | protocol=6 | dir=out | app=system |

"{16EA5E6A-F41F-4E7D-BD0E-9F22F2880584}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{224193F7-0870-4648-82B8-C3140CFAB527}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2743A00E-6C3E-4589-AB9E-74E834F27708}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{283327B1-9515-4F48-82A4-A301B3E9CF70}" = lport=445 | protocol=6 | dir=in | app=system |

"{4EA36EE6-EE52-4D20-8112-75418ACFD0D6}" = rport=445 | protocol=6 | dir=out | app=system |

"{57EFA9DF-8940-49E7-BC84-A202B6A73803}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{6909280F-3D7E-44F7-8512-B0EEE87A2F11}" = lport=137 | protocol=17 | dir=in | app=system |

"{6C26FDBD-1BED-4134-9F4E-828CD0D820DD}" = rport=138 | protocol=17 | dir=out | app=system |

"{6E1B9F8C-6369-459A-95A8-B2C3607760AE}" = rport=137 | protocol=17 | dir=out | app=system |

"{72745708-D263-41E2-9995-DF58A025A1B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7C51CAEA-B197-4859-8F36-803B8292919D}" = lport=10243 | protocol=6 | dir=in | app=system |

"{81B5EB84-DE28-457C-8A04-B88721ECF81A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{97E10AEC-E676-4869-A1E6-939EE193F2E6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9D1185B5-17C6-45FA-9590-C4CB27CF461A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9EE5D4C0-23E8-4BEE-8D7E-27523702FB83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{A4523107-E99E-464C-B002-6CE467C54185}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A5D2D391-FF6A-4FFB-847F-8C4B97FC0F3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{BBDF510F-AA84-480C-AEAB-FC71E44A4970}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{BC612719-0B1E-4C79-9607-569C5F0AC2D3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{C1C824F9-83E1-45AA-A089-6A6A171DC139}" = lport=138 | protocol=17 | dir=in | app=system |

"{D27B2DBD-B6C1-4833-83D7-95A225E1B8F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D987AE2D-D891-49F4-AF7E-3DD246728A53}" = lport=139 | protocol=6 | dir=in | app=system |

"{DE9EAD11-1301-4295-A45B-337048A9AABF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E154CEA0-0DB7-4D59-96B4-A3CDAA2BBFA1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{EC70626C-BA50-412C-8437-D238BF9EA3F2}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{097193B2-FE0C-46C6-9415-FBC4F10B34EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{1100304C-76BC-429D-A451-9A336005EEFB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{11EA93C7-CC3B-4CAC-A3D6-96B431BC5971}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{12A8A0CF-F012-48D4-9FA1-F2302A98FA3E}" = protocol=17 | dir=in | app=c:\users\lisa\downloads\arcavirmicroscan\arcavirmicroscan.exe |

"{17773F92-2070-4D22-AE44-CF92C5D11168}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{186DAD89-65B8-4DE8-A089-2AF748DE0CFE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{1A376488-ADF6-485D-B283-25C676E0546A}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{1DBA8A47-F650-467D-AF52-4211490D7AE5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |

"{1EE6AAD7-2198-42BD-A059-1C6120A806B0}" = protocol=6 | dir=in | app=c:\users\lisa\downloads\arcavirmicroscan\arcavirmicroscan.exe |

"{1FFAF595-E186-4CA8-8750-1CB603399DB2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{201F87A0-E1D5-41D0-BB34-3C41A12E0DCF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{25CF76B2-60FF-4742-B8ED-69262EDDD99A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{295125B4-7B27-4229-8C04-887F37A1D536}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2ADCBED1-00B9-4CAF-97F2-930A6F407ACA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{3789168C-A6DF-4B59-AA0D-3A521A753556}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{38BBF3CD-759A-414F-ADFC-1337B6722F10}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{3F54B3FD-D043-4984-9DCA-E0A69E5FD287}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{42191BBD-0BDF-4692-9269-C1B97B50055F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{4301AB04-01C6-4787-9255-0E61771CE664}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4D57B99E-4DE8-40A2-9B12-3FD0E60B1368}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{566C1B4A-F3ED-4242-8411-AE3061EAEE57}" = protocol=6 | dir=out | app=system |

"{5A150D30-01C9-402E-98F0-A0F00FEB791B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

"{6112F631-3AE3-470D-8BDE-ED496FB4B1F6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{645113FA-2DC8-4CCF-9764-6E49CEA75795}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6B778E5A-C5C8-491F-9F0B-A0C12BA39DE7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{6E396C71-90B5-472D-B5CE-665D25A6A61E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{703942DC-27BE-4F05-B98C-24511EE251F4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{76EB5B79-CDC0-4103-B85A-3A573ED27506}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{7FEA760F-9826-4559-9FF6-5D29B5D78588}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{89020E52-5B3C-461A-B5DB-CCD7676F1F82}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{8DD434E7-E306-4B57-823F-715E7A2A9E05}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |

"{8E5F646E-622F-41BA-A63E-15DCA0939E3E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{9CD03D9A-C930-4D36-A8E7-AC98738E4564}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{9D020B05-E9E5-43FC-8B17-107BE3AD11B6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |

"{A12ECB27-A378-48A6-8A3A-C01F377CF5E3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{A6D5B3C3-769E-4AFE-A7B2-5B022D278F39}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

"{AA9495BF-457B-4ACA-87CE-E0D761B364DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AB5EEF8B-F013-4B33-903F-E168EF871866}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{AE82C774-891B-4D41-AD2C-3091BB5FC48E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B10D3D51-E137-40A5-9A80-9626F8B6178E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{B1382468-13EB-4D4A-9004-A167A0C1DD87}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B7895A6B-8A48-4951-B577-553FEC4E8341}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{BC49480C-544C-4FA6-83AE-542205AA6B19}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{BF6C89B7-24B9-4931-8A46-981778F98B07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{C0739F8E-7855-4485-B308-0C6C4562FE04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{C237BA7C-5D9E-470B-8C26-5B8C36C2672C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{C7C4F350-C4D8-4467-AF1D-3CDDA6DAAFBE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{CF427DF6-CC09-40B3-B9C3-E9DB2536572D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{CFAF0864-10DA-4D35-8B27-406DD70C28A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{D3F2F6B2-C38F-429A-8524-997E2ED620BD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{E3A2E524-BF6A-46B8-A4AF-E2F326B97409}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{E8100047-519F-47E1-BA21-20341313229D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{E98C8106-F5C1-4841-A65E-0F6399B9E0DC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{ED5049A9-4BEC-48EA-92E5-9D5EB43AE6C1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{EEEF8D48-4191-4E87-8899-E7AD3B5E86D7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{F722C72B-23E9-4ABD-BD2C-257DA79D083D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{FCB8509E-0F79-402D-837D-1FEA59469693}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"TCP Query User{AF2B64B8-4FDB-4C20-A87C-B2DF9F0DCF66}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{EA6598A6-F436-4B6B-A651-AD2B516A2E39}C:\users\lisa\downloads\arcavirmicroscan\arcavirmicroscan.exe" = protocol=6 | dir=in | app=c:\users\lisa\downloads\arcavirmicroscan\arcavirmicroscan.exe |

"UDP Query User{61321115-2CAD-41B3-9830-9964D99F167C}C:\users\lisa\downloads\arcavirmicroscan\arcavirmicroscan.exe" = protocol=17 | dir=in | app=c:\users\lisa\downloads\arcavirmicroscan\arcavirmicroscan.exe |

"UDP Query User{A0D73A1C-0116-4261-A0AB-7D6DAFD7D98F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}" = ATI Catalyst Install Manager

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"{3EF6F8CE-BE77-0786-CA40-3CB5BF5EBCC8}" = ccc-utility64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013

"{522D5958-FFF0-2849-776B-442BE2A0004C}" = WMV9/VC-1 Video Playback

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013

"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"AVG" = AVG 2013

"CCleaner" = CCleaner

"CNXT_AUDIO_HDA" = Conexant HD Audio

"Defraggler" = Defraggler

"Elantech" = ETDWare PS/2-X64 8.0.8.0_R01

"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04259F13-626E-814E-A80C-4601DFF3CE95}" = CCC Help Finnish

"{04D90620-2973-6F93-6E6C-C833F39C50C1}" = CCC Help Thai

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{0FC61261-B251-C870-C650-8A854F1B4CF0}" = CCC Help Chinese Standard

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24C563C0-5569-A3BF-DF26-AAB3F25B5375}" = CCC Help Danish

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20

"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5

"{2823D463-54F8-F7B4-818F-B7436FF70658}" = CCC Help Portuguese

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links

"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2

"{32F32D10-5190-7565-DD14-C235FAF81408}" = CCC Help Dutch

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{34F971C8-B75F-6B8D-4AFC-5DAB84241AE6}" = CCC Help French

"{3798E892-DB93-6BE5-D4AD-8D1C4569F5EF}" = CCC Help Norwegian

"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52A2A26B-59BE-DE58-67EA-AE33077248A0}" = CCC Help Greek

"{55C4B9E9-39C8-4BD6-9BCF-41BE40393A5F}" = D110

"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{589EB570-9B45-8EF9-7A0F-2A5B3A37BC49}" = CCC Help Swedish

"{59F65EE9-3DD6-6944-8222-342A9947D40B}" = Catalyst Control Center InstallProxy

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration

"{60A1C223-4D86-AD1E-FB21-DE75010DABE3}" = CCC Help Hungarian

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{618AF7BF-10CD-0118-EE52-ED9BC440487B}" = CCC Help Russian

"{65A5E87D-7A3F-4819-807D-B86990D5F369}" = inSSIDer

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6C313A41-2704-23C5-DA68-05BB34126233}" = CCC Help Italian

"{6C49A7D6-FD97-A573-29C7-87ED1756AC6D}" = CCC Help Chinese Traditional

"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"{70B4D913-147C-7084-961A-6728E8F2AC2E}" = CCC Help Korean

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter

"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer

"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI

"{ACB77FD0-7796-82B5-51B1-3ABAD84932E7}" = Catalyst Control Center Graphics Previews Common

"{AE26F217-2100-A52C-2A00-3829358E4930}" = ccc-core-static

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{B35FB627-BB1F-E79D-9512-E7CF549B00AD}" = CCC Help Polish

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist

"{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}" = KODAK Share Button App

"{C4F1B841-0C75-368C-0A54-1BAF7C8B6A91}" = CCC Help English

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CE15C07B-32E3-0586-305C-975F0FEE559A}" = CCC Help Turkish

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher

"{DC280F21-4FD6-9D47-6323-7CD5C8712DFB}" = CCC Help Spanish

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application

"{ED8AB7F6-E885-A8E9-1E97-2218D89FAE8F}" = CCC Help German

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{EEE6C8F8-4FDD-A08F-2292-31B34E327C0C}" = CCC Help Japanese

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0C8BC0A-B0E7-4F39-848C-C5B06021B702}" = Hidden Mysteries - White House

"{F4C03C2A-E14E-EB7C-AAD7-F4FB6396BEA1}" = Catalyst Control Center Localization All

"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support

"{F9E83908-4502-9B01-6B42-21E449DD2627}" = CCC Help Czech

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FB90923E-F94F-4343-A084-F0AB39305C8B}" = Catalyst Control Center - Branding

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)

"avast" = avast! Free Antivirus

"AVG Secure Search" = AVG Security Toolbar

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"EPSON Scanner" = EPSON Scan

"ESET Online Scanner" = ESET Online Scanner v3

"Google Chrome" = Google Chrome

"Hidden Mysteries Civil War" = Hidden Mysteries Civil War

"Hidden Mysteries Titanic" = Hidden Mysteries Titanic

"Hidden Mysteries Vampire Secrets" = Hidden Mysteries Vampire Secrets

"HP Photo Creations" = HP Photo Creations

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"NortonPCCheckup" = Toshiba Laptop Checkup

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"OpenAL" = OpenAL

"PCFriendly" = PCFriendly

"PROR" = Microsoft Office Professional 2007

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"4 Elements" = 4 Elements

"The Lost Inca Prophecy" = The Lost Inca Prophecy

"Twistingo" = Twistingo

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 1/23/2013 5:35:07 PM | Computer Name = Lisa-PC | Source = CVHSVC | ID = 100

Description = Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error - 1/23/2013 5:35:55 PM | Computer Name = Lisa-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/23/2013 6:58:54 PM | Computer Name = Lisa-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/23/2013 9:02:03 PM | Computer Name = Lisa-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/23/2013 9:10:49 PM | Computer Name = Lisa-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/23/2013 10:12:35 PM | Computer Name = Lisa-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/24/2013 3:03:30 AM | Computer Name = Lisa-PC | Source = VSS | ID = 18

Description =

Error - 1/24/2013 3:03:30 AM | Computer Name = Lisa-PC | Source = VSS | ID = 8193

Description =

Error - 1/24/2013 3:03:30 AM | Computer Name = Lisa-PC | Source = System Restore | ID = 8193

Description =

Error - 1/24/2013 9:38:22 AM | Computer Name = Lisa-PC | Source = WinMgmt | ID = 10

Description =

[ Media Center Events ]

Error - 9/1/2012 6:30:10 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0

Description = 5:30:07 PM - Failed to retrieve SportsSchedule (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

Error - 9/7/2012 9:56:50 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0

Description = 8:56:29 PM - Failed to retrieve SportsSchedule (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

Error - 10/6/2012 4:22:33 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0

Description = 3:22:33 PM - Failed to retrieve Directory (Error: Unable to connect

to the remote server)

Error - 10/6/2012 4:23:37 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0

Description = 3:23:16 PM - Failed to retrieve NetTV (Error: Unable to connect to

the remote server)

Error - 10/6/2012 4:24:19 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0

Description = 3:23:58 PM - Failed to retrieve MCEClientUX (Error: Unable to connect

to the remote server)

Error - 10/6/2012 4:25:01 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0

Description = 3:24:40 PM - Failed to retrieve SportsSchedule (Error: Unable to connect

to the remote server)

Error - 10/6/2012 4:25:43 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0

Description = 3:25:22 PM - Failed to retrieve SportsV2 (Error: Unable to connect

to the remote server)

Error - 10/6/2012 4:26:13 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0

Description = 3:26:04 PM - Failed to retrieve Broadband (Error: Unable to connect

to the remote server)

[ OSession Events ]

Error - 9/8/2011 2:38:18 PM | Computer Name = Lisa-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 224

seconds with 180 seconds of active time. This session ended with a crash.

Error - 9/8/2011 2:41:07 PM | Computer Name = Lisa-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27

seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/9/2012 5:48:39 AM | Computer Name = Lisa-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 263

seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 1/24/2013 9:37:38 AM | Computer Name = Lisa-PC | Source = DCOM | ID = 10005

Description =

Error - 1/24/2013 9:37:39 AM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 1/24/2013 9:37:39 AM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 1/24/2013 9:37:39 AM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 1/24/2013 9:37:39 AM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 1/24/2013 9:37:39 AM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 1/24/2013 9:37:39 AM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 1/24/2013 9:38:51 AM | Computer Name = Lisa-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 1/24/2013 9:38:52 AM | Computer Name = Lisa-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 1/24/2013 9:39:09 AM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7001

Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery

Provider Host service which failed to start because of the following error: %%1068

< End of report >

Thank you again... :)

Link to post
Share on other sites

Good morning MBware,

There are signs of the AVG Security Toolbar in your log. This toolbar comes bundled with Yahoo! and makes changes to your browser settings without your consent. Please see here for more information. I recommend you remove it.

I also see the Yahoo! Toolbar in your log. This toolbar comes bundled with other third party applications you may not want installed. Please see here for more information. I recommend you remove it.

Please go to Start>Control Panel>Programs and uninstall the following programs (if present):

  • AVG Security Toolbar
  • Yahoo! Companion
  • Yahoo! Toolbar

Please restart your computer after these program removals.

=====

Next, please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    IE - HKLM\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebs...r={searchTerms}
    IE - HKCU\..\SearchScopes\{94FF9FD0-2985-4063-B8D3-2CDEF0EC07B8}: "URL" = http://websearch.ask...C9-B88C2A74CE8AIE - HKCU\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebs...r={searchTerms}
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    :Commands
    [EmptyTemp]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

BTW, the computer hasn't turned off once during these scan like it did on some of the previous mentioned OP scans.... very happy

Good to hear. I haven't seen any of the trojans you mentioned however.

Also, please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

=====

In your reply please provide the contents of the OTL fix log and the AVP log. Do any issues remain?

Link to post
Share on other sites

Removed AVG Security Toolbar...

No entry for Yahoo Toolbar in Programs, checked browsers for Add On/Extension Removal... no Yahoo Toolbar. Removed "Rival Gaming" Toolbar though.

Is this the right OTL log?:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{acbd5593-e5ee-4c15-b48f-1823ce819dec}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{94FF9FD0-2985-4063-B8D3-2CDEF0EC07B8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94FF9FD0-2985-4063-B8D3-2CDEF0EC07B8}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

File ptyTemp] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01242013_171411

----------------------------

I think some the txt in the code you give me is getting messed up cause I'm having to go back and forth from a Mac to Windows... :(

Also the Power Off thing is still happening... especially when I turn on the microwave??? Did the "virus" mess with the Power settings on the computer?

Will try running Kaspersky Removal Tool now... brb... :)

Link to post
Share on other sites

Hi DarkKnight :)

Phwew that Kaspersky scan took a while... :wacko:

BTW, I noticed that there are 3 partitions on this Toshiba Satellite laptop... the first one has the Toshiba Restore stuff on it, the second has the main Windows 7 OS and User Data, and the third said Windows 7 too??? Does this matter?

I ended up scanning the drive twice in Safe Mode... forgot the settings you asked for the first time. :(

The first one is attached.. (forum wouldn't let me post it pasted in... too long... :unsure:

AVP-Kaspersky1.txt.zip

The second one (full scan in Safe Mode with the settings you asked for) is 180 MB or so... I zipped it... attached....

Do I need to scan in Windows 7 Normal Mode too? I've been afraid to to load the full system and go online with the laptop after that password hijack...

Thank you so so much for your help... :wub:

AVP-Kaspersky2.txt.zip

AVP-Kaspersky1.txt.zip

Link to post
Share on other sites

Good afternoon MBware. :)

Is this the right OTL log?

Yup, certainly is.

Also the Power Off thing is still happening... especially when I turn on the microwave??? Did the "virus" mess with the Power settings on the computer?

Do you mean when you physically turn on the microwave? That could indicate a power issue in your house potentially. Or your microwave could be causing a power trip.

BTW, I noticed that there are 3 partitions on this Toshiba Satellite laptop... the first one has the Toshiba Restore stuff on it, the second has the main Windows 7 OS and User Data, and the third said Windows 7 too??? Does this matter?

What this means is that somewhere along the line a windows installation was either completed or left unfinished. It doesn't matter per se but it is probably taking up a little of your hard drive space. When your computer seems clean I can help you remove the extra one if you like.

Do I need to scan in Windows 7 Normal Mode too? I've been afraid to to load the full system and go online with the laptop after that password hijack...

No it is fine. The scans didn't find anything of concern.

But this tool should help.

Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif
  • Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select Run as administrator).

  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
  • on the next button.
  • Click on the "Export scan results to XML file".
  • Save that file to your Desktop and zip and attach it in your next reply.

Link to post
Share on other sites

Hi DarkKnight :),

I can't thank you enough for your help... :)

Do you mean when you physically turn on the microwave? That could indicate a power issue in your house potentially. Or your microwave could be causing a power trip.

Yes... it's an RV... yet the Mac has no issues with such Power Surges and neither did the Windows laptop before the "virus". (both are plugged into the same battery backup and surge protector.) Could it be the microwave RF waves? Or maybe the difference in the Power Settings created by the "virus"?

Anyhoo.. here's the HitmanPro log you requested and one done a few days before. Hope this helps... You are a Saint... :)

First..

---------------------------------------------------------------------------



HitmanPro 3.7.0.185

www.hitmanpro.com



Computer name . . . . : LISA-PC

Windows . . . . . . . : 6.1.1.7601.X64/2

User name . . . . . . : Lisa-PC\Lisa

UAC . . . . . . . . . : Enabled

License . . . . . . . : Free



Scan date . . . . . . : 2013-01-21 15:20:03

Scan mode . . . . . . : Normal

Scan duration . . . . : 5m 10s

Disk access mode . . : Direct disk access (SRB)

Cloud . . . . . . . . : Internet

Reboot . . . . . . . : No



Threats . . . . . . . : 0

Traces . . . . . . . : 39



Objects scanned . . . : 1,338,006

Files scanned . . . . : 37,416

Remnants scanned . . : 320,757 files / 979,833 keys



Potential Unwanted Programs _________________________________________________



HKLM\SOFTWARE\Classes\s\ (Softonic)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)

HKU\S-1-5-21-3568213546-2640584038-1690092593-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ (Blekko)



Cookies _____________________________________________________________________



C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.jiwire.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:cdn.uc.atwola.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:network.realmedia.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:timeinc.122.2o7.net

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com

------------------------------------------------------------

Second...

------------------------------------------------------------



HitmanPro 3.7.0.185

www.hitmanpro.com



Computer name . . . . : LISA-PC

Windows . . . . . . . : 6.1.1.7601.X64/2

Safe Mode Boot . . . : MINIMAL

User name . . . . . . : Lisa-PC\Lisa

UAC . . . . . . . . . : Disabled

License . . . . . . . : Free



Scan date . . . . . . : 2013-01-24 22:53:32

Scan mode . . . . . . : Normal

Scan duration . . . . : 2m 56s

Disk access mode . . : Direct disk access (SRB)

Cloud . . . . . . . . : No connection

Reboot . . . . . . . : No



Threats . . . . . . . : 0

Traces . . . . . . . : 4



Objects scanned . . . : 1,261,988

Files scanned . . . . : 13,600

Remnants scanned . . : 273,690 files / 974,698 keys



Cookies _____________________________________________________________________



C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:eset.122.2o7.net

C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com





-------------------------------------------------------------------------------

Hope I did it right..... Thank you! :)

Link to post
Share on other sites

Hey MBware,

You did fine. Not sure about the power issue; maybe it will disappear when the computer seems clean.

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Hi DarkKnight,

Tried to run ESET again in Windows 7 Normal Mode last night while I slept (USA Central Time)... worked fine except computer went to sleep and stalled the scan which it hasn't done before... something must have changed the power settings back to a default ??? Stopped the scan when I saw your post above and moved on to avast!

BTW, ESET did find a password protected .rar file it couldn't scan...

Did a Root scan with avast!... no threats found... now doing a full boot scan...

Will post results shortly... :)

Link to post
Share on other sites

whew... ok... here are logs from avast! scans...

==============================================

avast! Antirootkit, version 1.0

Scan started: Friday, January 25, 2013 3:46:01 PM

Service .NET CLR Data [???]

Service .NET CLR Networking [???]

Service .NET CLR Networking 4.0.0.0 [???]

Service .NET Data Provider for Oracle [???]

Service .NET Data Provider for SqlServer [???]

Service .NETFramework [???]

Service 1394ohci [C:\windows\system32\drivers\1394ohci.sys]

Service ACPI [C:\windows\system32\drivers\ACPI.sys]

Service AcpiPmi [C:\windows\system32\drivers\acpipmi.sys]

Service AdobeARMservice [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe]

Service AdobeFlashPlayerUpdateSvc [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

Service adp94xx [C:\windows\system32\drivers\adp94xx.sys]

Service adpahci [C:\windows\system32\drivers\adpahci.sys]

Service adpu320 [C:\windows\system32\drivers\adpu320.sys]

Service adsi [???]

Service AeLookupSvc [C:\windows\System32\aelupsvc.dll]

Service AFD [C:\windows\system32\drivers\afd.sys]

Service agp440 [C:\windows\system32\drivers\agp440.sys]

Service ALG [C:\windows\System32\alg.exe]

Service aliide [C:\windows\system32\drivers\aliide.sys]

Service AMD External Events Utility [C:\windows\system32\atiesrxx.exe]

Service amdide [C:\windows\system32\drivers\amdide.sys]

Service AmdK8 [C:\windows\system32\drivers\amdk8.sys]

Service amdkmdag [C:\windows\system32\DRIVERS\atikmdag.sys]

Service amdkmdap [C:\windows\system32\DRIVERS\atikmpag.sys]

Service AmdPPM [C:\windows\system32\DRIVERS\amdppm.sys]

Service amdsata [C:\windows\system32\drivers\amdsata.sys]

Service amdsbs [C:\windows\system32\drivers\amdsbs.sys]

Service amdxata [C:\windows\system32\drivers\amdxata.sys]

Service amd_sata [C:\windows\system32\DRIVERS\amd_sata.sys]

Service amd_xata [C:\windows\system32\DRIVERS\amd_xata.sys]

Service AppID [C:\windows\system32\drivers\appid.sys]

Service AppIDSvc [C:\windows\System32\appidsvc.dll]

Service Appinfo [C:\windows\System32\appinfo.dll]

Service Apple Mobile Device [C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe]

Service AppMgmt [???]

Service arc [C:\windows\system32\drivers\arc.sys]

Service arcsas [C:\windows\system32\drivers\arcsas.sys]

Service aswMonFlt [C:\windows\system32\drivers\aswMonFlt.sys]

Service aswRdr [???]

Service AsyncMac [C:\windows\system32\DRIVERS\asyncmac.sys]

Service atapi [C:\windows\system32\drivers\atapi.sys]

Service Atierecord [???]

Service AudioEndpointBuilder [C:\windows\System32\Audiosrv.dll]

Service AudioSrv [C:\windows\System32\Audiosrv.dll]

Service avast! Antivirus [C:\Program Files\AVAST Software\Avast\AvastSvc.exe]

Service Avg [???]

Service AVGIDSAgent [C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe]

Service AVGIDSDriver [C:\windows\system32\DRIVERS\avgidsdrivera.sys]

Service AVGIDSHA [C:\windows\system32\DRIVERS\avgidsha.sys]

Service Avgldx64 [C:\windows\system32\DRIVERS\avgldx64.sys]

Service Avgloga [C:\windows\system32\DRIVERS\avgloga.sys]

Service Avgmfx64 [C:\windows\system32\DRIVERS\avgmfx64.sys]

Service Avgrkx64 [C:\windows\system32\DRIVERS\avgrkx64.sys]

Service Avgtdia [C:\windows\system32\DRIVERS\avgtdia.sys]

Service avgtp [C:\windows\system32\drivers\avgtpx64.sys]

Service avgwd [C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe]

Service AxInstSV [C:\windows\System32\AxInstSV.dll]

Service b06bdrv [C:\windows\system32\drivers\bxvbda.sys]

Service b57nd60a [C:\windows\system32\DRIVERS\b57nd60a.sys]

Service BattC [???]

Service BDESVC [C:\windows\System32\bdesvc.dll]

Service Beep [C:\windows\System32\Drivers\Beep.sys]

Service BFE [C:\windows\System32\bfe.dll]

Service BITS [C:\windows\system32\qmgr.dll]

Service blbdrive [C:\windows\system32\DRIVERS\blbdrive.sys]

Service Bonjour Service [C:\Program Files\Bonjour\mDNSResponder.exe]

Service bowser [C:\windows\system32\DRIVERS\bowser.sys]

Service BrFiltLo [C:\windows\system32\drivers\BrFiltLo.sys]

Service BrFiltUp [C:\windows\system32\drivers\BrFiltUp.sys]

Service BridgeMP [C:\windows\system32\DRIVERS\bridge.sys]

Service Browser [C:\windows\System32\browser.dll]

Service Brserid [C:\windows\System32\Drivers\Brserid.sys]

Service BrSerWdm [C:\windows\System32\Drivers\BrSerWdm.sys]

Service BrUsbMdm [C:\windows\System32\Drivers\BrUsbMdm.sys]

===========================================================

Full Boot Scan

============================================================

01/22/2013 21:23

Scan of all local drives

File C:\Windows\Temp\Low\MSI\SkypeToolbars.msi|>FileIeAddonIconIco.B42772A4_1C26_461F_81F6_13E4A2E8DE85 Error 42127 {CAB archive is corrupted.}

File C:\Windows\Temp\Low\MSI\SkypeToolbars.msi|>FileIeAddonIconIcox64.B42772A4_1C26_461F_81F6_13E4A2E8DE85 Error 42127 {CAB archive is corrupted.}

Number of searched folders: 35077

Number of tested files: 554296

Number of infected files: 0

----------------------------------------

01/25/2013 13:55

Scan of all local drives

Number of searched folders: 32807

Number of tested files: 501321

Number of infected files: 0

==========================================

And full root scan log attached.... ty :)

aswAr1.txt.zip

Link to post
Share on other sites

Hi DarkKnight:),

The computer is running fine. Except for the power issues which I feel were trigged by the virus. Is there some way to check to see if power settings have been hacked or restore the applicable files? Something like this: http://forums.toshiba.com/t5/Computer-Troubleshooting/P775-driver-power-state-failure/td-p/293374

I can run the computer fine now w/o crashing except for a microwave power surge or putting the battery back in. :( I feel the ComBatt.sys or something to do with power settings was hacked.

What do you think?

Link to post
Share on other sites

Good evening MBware,

Well, this isn't something I have heard of before, but let's see if we can change it.

Have you tried plugging it into a powerpoint away from the microwave? I suggest doing that for 24 hours and see if the issue still continues.

Link to post
Share on other sites

I tried charging the battery and then booting from battery and AC adapter. No luck. I reinstalled the Microsoft ACPI Battery driver and was then finally able to boot with the battery in. I tried booting in Safe Mode with network support and battery in and it shut down again.

I'm ordering a better power adapter to make sure that's not an issue. Will post back then.

Thank you so much for your help... :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.