Hijack.folderoption

[D. Elliot]

Hi,

I am having difficulty eliminating an infection cassified as Hijack.folderoption. I have have multiple quick scans, each resulting with this malware not being deleted. Initally, it appeared to be quarantined but subsequent scans shows its still there. I'm really not computer savvy, so any help/suggestions would be greatly appreciated. I've copy/pasted the log from the most recent scan.

Thanks in advance!

Database version: 4602

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

13/09/2010 4:14:58 PM

mbam-log-2010-09-13 (16-14-58).txt

Scan type: Quick scan

Objects scanned: 142062

Time elapsed: 8 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[D. Elliot]

Bump

[MrCharlie]

Try this:

Copy all the text in the code box into notepad.

Save it as fix.reg

Save as file type > All files

Save it to your desktop

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=-

If you did it right it will look like this except with a different name:

Now double click on it and allow it to merge into the registry.

Reboot and see how it is, MrC

[D. Elliot]

Hi MrCharlie,

Thank you for the reply. I did as you suggested and at first my computer was acting a bit strange, but it appears to be working better now.

I'll do another quick scan and hopefully nothing is detected.

Again, Thanks you so much!!

[D. Elliot]

Hi,

Unfortunately, the scan revealed the infection was still there. Should I try doing what you suggested again?

Thanks

[D. Elliot]

Hi,

I forgot to paste the last log I recieved.

Thanks again!

Database version: 4602

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

13/09/2010 9:37:01 PM

mbam-log-2010-09-13 (21-37-01).txt

Scan type: Quick scan

Objects scanned: 142372

Time elapsed: 9 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

[MrCharlie]

Lets back up here.

Either some program is preventing the registry from being edited or some program keeps replacing that entry.

Why did you run MBAM in the first place?

Were you having any problems or was this just a routine scan?

Let me know, MrC

[D. Elliot]

Hi,

I had previously caught something (some sort of trojan/adware) and was using various anti-virsus scans (avg, avast and malwarebytes) due to constant warnings from avg. Eventually, the trojans stopped popping up, but malwarebytes kept detecting this hijack.folderoption. Oddly, the other anti-virsus software doesn't seem to detect it.

[MrCharlie]

OK, please do this:

1. Download OTL to your Desktop

http://oldtimer.geekstogo.com/OTL.exe

2. Download scan.txt to your Desktop

http://www.geekstogo.com/forum/files/downl...n-file-scantxt/

3. Double click on the OTL icon to run it

4. Click on Minimal Output at the top

5. Double click inside the Custom Scan box at the bottom.

• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  
• Select scan.txt and click Open.
  
• Writing will now appear under the Custom Scan box
  

6. Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• Make sure all other windows are closed and to let it run uninterrupted.
  

7. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

• These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
  

I'm gone for tonight....be back tomorrow, MrC

[D. Elliot]

Ok, here are the files:

OTL.Txt

OTL logfile created on: 9/13/2010 11:52:15 PM - Run 1

OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Day Bduard\Desktop

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 434.43 Gb Total Space | 335.46 Gb Free Space | 77.22% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DAYBDUARD-PC

Current User Name: Day Bduard

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Day Bduard\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)

PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)

PRC - C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)

PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)

PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\TECO\TEco.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)

PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()

PRC - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()

PRC - C:\Program Files\ltmoh\ltmoh.exe (LSI Corp.)

========== Modules (SafeList) ==========

MOD - C:\Users\Day Bduard\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Alwil Software\Avast5\snxPlugins.dll (AVAST Software)

MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

MOD - C:\Program Files\Internet Explorer\ieproxy.dll (Microsoft Corporation)

MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)

MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)

MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)

MOD - C:\Windows\System32\thumbcache.dll (Microsoft Corporation)

MOD - C:\Windows\System32\StructuredQuery.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\srvcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\slc.dll (Microsoft Corporation)

MOD - C:\Windows\System32\SearchFolder.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\RpcRtRemote.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\networkexplorer.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptsp.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\actxprxy.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe File not found

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)

SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)

SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)

SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)

SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)

SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)

SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (RSELSVC) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)

SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()

SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()

========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- C:\windows\System32\DRIVERS\RtsUCcid.sys File not found

DRV - (RtsUIR) -- C:\windows\System32\DRIVERS\Rts516xIR.sys File not found

DRV - (RSUSBSTOR) -- C:\windows\System32\Drivers\RtsUStor.sys File not found

DRV - (aswFW) -- C:\windows\System32\drivers\aswFW.sys (AVAST Software)

DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswNdis2) -- C:\windows\System32\drivers\aswNdis2.sys (AVAST Software)

DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswRdr) -- C:\windows\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (aswNdis) -- C:\windows\system32\DRIVERS\aswNdis.sys (ALWIL Software)

DRV - (AvgTdiX) -- C:\windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (tos_sps32) -- C:\windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)

DRV - (TVALZ) -- C:\windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)

DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (LPCFilter) -- C:\windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)

DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)

DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation)

DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSCA

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSCA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/21 10:52:10 | 000,000,000 | ---D | M]

[2009/10/29 05:37:40 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\Mozilla\Firefox\extensions

[2009/10/29 05:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Day Bduard\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (LSI Corp.)

O4 - HKLM..\Run: [LveOkZkfgnsc] C:\Users\Day Bduard\AppData\Local\Temp\drweb.exe File not found

O4 - HKLM..\Run: [LveOkZkfgotc] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found

O4 - HKLM..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found

O4 - HKLM..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found

O4 - HKLM..\Run: [LveOkZkfgotc(Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found

O4 - HKLM..\Run: [LveOkZkfgouqc] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe File not found

O4 - HKLM..\Run: [LveOkZkfgouqcWindows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe File not found

O4 - HKLM..\Run: [LveOkZkfgpZ] C:\Users\Day Bduard\AppData\Local\Temp\mdm.exe File not found

O4 - HKLM..\Run: [LveOkZkfgsre] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe File not found

O4 - HKLM..\Run: [LveOkZkfgsre(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe File not found

O4 - HKLM..\Run: [LvOWPiejloOmd.com/dw/dw.php?id=%s&ver=d01] C:\Users\DAYBDU~1\AppData\Local\Temp\izd6as.exe File not found

O4 - HKLM..\Run: [LvOWPiejlq+] C:\Users\DAYBDU~1\AppData\Local\Temp\liz27b.exe File not found

O4 - HKLM..\Run: [LvOWPiejlspS] C:\Users\DAYBDU~1\AppData\Local\Temp\osumdrbts4.exe File not found

O4 - HKLM..\Run: [Mquxe] C:\Windows\system.exe File not found

O4 - HKLM..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Windows\system.exe File not found

O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found

O4 - HKCU..\Run: [LveOkZkfgnsc] C:\Users\Day Bduard\AppData\Local\Temp\drweb.exe File not found

O4 - HKCU..\Run: [LveOkZkfgotc] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found

O4 - HKCU..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found

O4 - HKCU..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found

O4 - HKCU..\Run: [LveOkZkfgotc(Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found

O4 - HKCU..\Run: [LveOkZkfgouqc] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe File not found

O4 - HKCU..\Run: [LveOkZkfgouqcWindows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe File not found

O4 - HKCU..\Run: [LveOkZkfgpZ] C:\Users\Day Bduard\AppData\Local\Temp\mdm.exe File not found

O4 - HKCU..\Run: [LveOkZkfgsre] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe File not found

O4 - HKCU..\Run: [LveOkZkfgsre(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe File not found

O4 - HKCU..\Run: [LvOWPiejlmc] C:\Users\DAYBDU~1\AppData\Local\Temp\mdm.exe File not found

O4 - HKCU..\Run: [LvOWPiejloOmd.com/dw/dw.php?id=%s&ver=d01] C:\Users\DAYBDU~1\AppData\Local\Temp\izd6as.exe File not found

O4 - HKCU..\Run: [LvOWPiejlora] C:\Users\DAYBDU~1\AppData\Local\Temp\iexplarer.exe File not found

O4 - HKCU..\Run: [LvOWPiejlotc] C:\Users\DAYBDU~1\AppData\Local\Temp\hexdump.exe File not found

O4 - HKCU..\Run: [LvOWPiejlotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\DAYBDU~1\AppData\Local\Temp\hexdump.exe File not found

O4 - HKCU..\Run: [LvOWPiejlotc(Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] C:\Users\DAYBDU~1\AppData\Local\Temp\hexdump.exe File not found

O4 - HKCU..\Run: [LvOWPiejlq+] C:\Users\DAYBDU~1\AppData\Local\Temp\liz27b.exe File not found

O4 - HKCU..\Run: [LvOWPiejlqvc] C:\Users\DAYBDU~1\AppData\Local\Temp\wininst.exe File not found

O4 - HKCU..\Run: [LvOWPiejlqW] C:\Users\DAYBDU~1\AppData\Local\Temp\drweb.exe File not found

O4 - HKCU..\Run: [LvOWPiejlspS] C:\Users\DAYBDU~1\AppData\Local\Temp\osumdrbts4.exe File not found

O4 - HKCU..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] C:\Windows\cmd.exe File not found

O4 - HKCU..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\cmd.exe File not found

O4 - HKCU..\Run: [Mquxe] C:\Windows\system.exe File not found

O4 - HKCU..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Windows\system.exe File not found

O4 - HKCU..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\system.exe File not found

O4 - HKCU..\Run: [Mquxela/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Windows\system.exe File not found

O4 - HKCU..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Windows\win.exe File not found

O4 - HKCU..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\win.exe File not found

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [uqpe] C:\windows\avp.exe File not found

O4 - HKCU..\Run: [uqqZ] C:\windows\cmd.exe File not found

O4 - HKCU..\Run: [uquxe] C:\windows\system.exe File not found

O4 - HKCU..\Run: [uqva] C:\windows\win.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NOFOLDEROPTIONS = 1

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)

NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.XVID - xvidvfw.dll File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/09/13 23:31:10 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Day Bduard\Desktop\OTL.exe

[2010/09/13 22:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live

[2010/09/13 20:08:47 | 000,000,000 | ---D | C] -- C:\avrescue

[2010/09/13 17:10:18 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\AppData\Roaming\Avira

[2010/09/13 17:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/09/13 17:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010/09/12 15:53:41 | 000,000,000 | ---D | C] -- C:\Converted Video Files

[2010/09/12 14:34:08 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\AppData\Roaming\Malwarebytes

[2010/09/12 14:33:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys

[2010/09/12 14:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/09/12 14:33:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2010/09/12 14:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/09/12 01:04:16 | 000,165,584 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys

[2010/09/12 01:04:16 | 000,017,744 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys

[2010/09/12 01:04:15 | 000,340,048 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys

[2010/09/12 01:04:15 | 000,099,792 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFW.sys

[2010/09/12 01:03:41 | 000,190,416 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswNdis2.sys

[2010/09/12 01:03:41 | 000,050,768 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys

[2010/09/12 01:03:41 | 000,046,672 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys

[2010/09/12 01:03:41 | 000,023,376 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys

[2010/09/12 01:03:08 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswNdis.sys

[2010/09/12 01:03:07 | 000,167,592 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe

[2010/09/12 01:03:07 | 000,038,848 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr

[2010/09/12 01:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software

[2010/09/12 01:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010/09/10 17:02:56 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\AppData\Roaming\SUPERAntiSpyware.com

[2010/09/10 17:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/09/09 21:03:48 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server

[2010/09/09 13:02:43 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\AppData\Roaming\HPAppData

[2010/09/08 00:36:25 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\AppData\Roaming\dvdcss

[2010/09/07 00:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/09/07 00:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/08/25 21:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\Search Settings

[2010/08/25 21:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar

[2010/08/25 21:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2010/08/25 21:16:34 | 000,311,296 | ---- | C] (Koyote Soft - http://www.koyotesoft.com) -- C:\windows\System32\TubeFinder.exe

[2010/08/25 21:16:32 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\AppData\Roaming\FreeFLVConverter

[2010/08/25 21:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter

[2010/08/25 21:14:09 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\Documents\Pazera_Free_FLV_to_AVI_Converter[1]

[2010/08/25 21:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010/08/25 20:59:54 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\AppData\Roaming\Any Flv Converter

[2010/08/25 20:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Any Flv Converter

[2010/08/22 11:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/08/20 16:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video Converter

[2010/07/15 16:47:50 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll

[2010/07/01 16:18:57 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\Documents\Movies

[2010/06/18 00:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2 C:\Users\Day Bduard\Documents\*.tmp files -> C:\Users\Day Bduard\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/13 23:52:20 | 003,932,160 | -HS- | M] () -- C:\Users\Day Bduard\ntuser.dat

[2010/09/13 23:33:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/09/13 23:31:17 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Day Bduard\Desktop\OTL.exe

[2010/09/13 23:00:02 | 000,468,493 | ---- | M] () -- C:\windows\hpoins37.dat

[2010/09/13 22:59:54 | 000,468,493 | ---- | M] () -- C:\windows\hpoins37.dat.temp

[2010/09/13 22:56:31 | 000,000,438 | ---- | M] () -- C:\windows\win.ini

[2010/09/13 22:55:43 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/13 22:55:43 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/13 22:48:44 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/09/13 22:48:13 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT

[2010/09/13 22:47:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2010/09/13 22:47:54 | 2287,632,384 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/13 22:46:45 | 001,380,885 | -H-- | M] () -- C:\Users\Day Bduard\AppData\Local\IconCache.db

[2010/09/13 20:27:23 | 064,592,103 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm

[2010/09/13 20:23:01 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk

[2010/09/13 20:22:54 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt

[2010/09/12 21:51:51 | 009,054,208 | ---- | M] () -- C:\Users\Day Bduard\Documents\The_End_Of_Heartache.mp3

[2010/09/12 17:10:16 | 000,713,888 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI

[2010/09/12 17:10:16 | 000,619,642 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2010/09/12 17:10:16 | 000,107,792 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2010/09/12 14:33:57 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/10 23:14:14 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/09/10 01:17:40 | 000,042,196 | ---- | M] () -- C:\Users\Day Bduard\Documents\Sharaput POL 203 FAll 2010.docx

[2010/09/09 21:04:38 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

[2010/09/09 18:07:39 | 005,322,992 | ---- | M] () -- C:\Users\Day Bduard\Documents\Drake-9am In Dallas.mp3

[2010/09/09 13:02:19 | 000,037,552 | ---- | M] () -- C:\Users\Day Bduard\Documents\CYC347_course_outline_fall_2010.docx

[2010/09/07 19:01:29 | 000,014,074 | ---- | M] () -- C:\Users\Day Bduard\Documents\Obama!!.docx

[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr

[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe

[2010/09/07 10:54:16 | 000,099,792 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFW.sys

[2010/09/07 10:53:58 | 000,340,048 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys

[2010/09/07 10:53:35 | 000,190,416 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswNdis2.sys

[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys

[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys

[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys

[2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys

[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys

[2010/09/07 10:24:46 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\windows\System32\drivers\aswNdis.sys

[2010/09/07 00:22:26 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/08/25 21:16:36 | 000,001,090 | ---- | M] () -- C:\Users\Day Bduard\Desktop\Free FLV Converter.lnk

[2010/08/24 17:58:35 | 349,478,411 | ---- | M] () -- C:\windows\MEMORY.DMP

[2010/08/22 11:28:37 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/08/21 14:21:36 | 000,376,032 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2010/08/20 16:53:46 | 000,096,536 | ---- | M] () -- C:\Users\Day Bduard\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/08/08 22:44:54 | 000,011,375 | ---- | M] () -- C:\Users\Day Bduard\Documents\Can you speak more than one language.docx

[2010/08/08 15:59:00 | 000,002,503 | ---- | M] () -- C:\Users\Day Bduard\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/08/08 15:59:00 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2010/07/26 19:04:42 | 000,001,414 | ---- | M] () -- C:\Users\Day Bduard\Desktop\Continue Flash Player Installation.lnk

[2010/07/23 02:37:16 | 000,311,296 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\windows\System32\TubeFinder.exe

[2010/07/20 20:45:56 | 000,018,349 | ---- | M] () -- C:\Users\Day Bduard\Documents\WATER.docx

[2010/07/19 23:02:29 | 000,000,162 | -H-- | M] () -- C:\Users\Day Bduard\Documents\~$WATER.docx

[2010/07/18 16:32:51 | 000,001,152 | ---- | M] () -- C:\windows\System32\mapisvc.inf

[2010/07/15 16:47:52 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys

[2010/07/15 16:47:50 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll

[2010/07/15 16:46:50 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys

[2010/07/03 12:43:40 | 008,122,287 | ---- | M] () -- C:\Users\Day Bduard\Documents\10 - Circle Of Hell - www.file24ever.com.mp3

[2010/07/03 12:43:40 | 003,827,756 | ---- | M] () -- C:\Users\Day Bduard\Documents\03 - Meet John Constantine - www.file24ever.com.mp3

[2010/07/01 23:22:09 | 004,439,132 | ---- | M] () -- C:\Users\Day Bduard\Documents\JuniorMafiaGetMoney.mp3

[2010/07/01 23:21:23 | 007,355,206 | ---- | M] () -- C:\Users\Day Bduard\Documents\clipse-footsteps__feat_kobe_.mp3

[2010/07/01 23:21:23 | 003,193,820 | ---- | M] () -- C:\Users\Day Bduard\Documents\10 - Clipse - Counseling _Featuring Nicole Hurst_ _Produced By The Neptunes_.mp3

[2010/07/01 23:21:22 | 004,990,945 | ---- | M] () -- C:\Users\Day Bduard\Documents\Clipse - We Got It For Cheap (Intro).mp3

[2010/07/01 23:21:22 | 003,655,622 | ---- | M] () -- C:\Users\Day Bduard\Documents\Clipse_Freedom.mp3

[2010/07/01 22:59:34 | 012,356,527 | ---- | M] () -- C:\Users\Day Bduard\Documents\01 Door Man.mp3

[2010/06/30 22:37:34 | 005,386,951 | ---- | M] () -- C:\Users\Day Bduard\Documents\The Clipse Feat. Pharrell _ Kenna -Life Change.mp3

[2010/06/30 22:37:34 | 005,121,260 | ---- | M] () -- C:\Users\Day Bduard\Documents\The Clipse -Champion.mp3

[2010/06/30 22:37:32 | 004,395,334 | ---- | M] () -- C:\Users\Day Bduard\Documents\Clipse Ft_ Yo Gotti - Showin_ Out _Prod_ .mp3

[2010/06/30 22:37:32 | 004,371,463 | ---- | M] () -- C:\Users\Day Bduard\Documents\The Clipse -There Was A Murder.mp3

[2010/06/30 01:37:51 | 000,016,775 | ---- | M] () -- C:\Users\Day Bduard\Documents\Arts and Crafts.docx

[2010/06/29 21:48:06 | 004,300,757 | ---- | M] () -- C:\Users\Day Bduard\Documents\nas - just a moment (ft. quan).mp3

[2010/06/29 21:47:05 | 012,236,067 | ---- | M] () -- C:\Users\Day Bduard\Documents\06 - Unknown - Track 6.mp3

[2010/06/29 21:47:05 | 011,515,850 | ---- | M] () -- C:\Users\Day Bduard\Documents\07 - Unknown - Track 7.mp3

[2010/06/29 21:47:04 | 009,803,133 | ---- | M] () -- C:\Users\Day Bduard\Documents\02 - Unknown - Track 2.mp3

[2010/06/29 21:47:04 | 008,210,951 | ---- | M] () -- C:\Users\Day Bduard\Documents\drake-forever__feat_lil_wayne__eminem_and_kanye_west_.mp3

[2010/06/29 21:47:04 | 007,287,637 | ---- | M] () -- C:\Users\Day Bduard\Documents\Eminem_-_Taking_My_Ball.mp3

[2010/06/29 21:47:04 | 007,032,172 | ---- | M] () -- C:\Users\Day Bduard\Documents\Eminem_-_Elevator.mp3

[2010/06/29 21:47:04 | 006,174,357 | ---- | M] () -- C:\Users\Day Bduard\Documents\Eminem-BuffaloBill.mp3

[2010/06/28 22:51:06 | 000,012,112 | ---- | M] () -- C:\Users\Day Bduard\Documents\My Opinion.docx

[2010/06/22 14:54:13 | 004,076,254 | ---- | M] () -- C:\Users\Day Bduard\Documents\TearsForFears-HeadOverHeels.mp3

[2 C:\Users\Day Bduard\Documents\*.tmp files -> C:\Users\Day Bduard\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/13 22:40:18 | 000,000,264 | ---- | C] () -- C:\Users\Day Bduard\AppData\Roaming\WinssCookie.txt

[2010/09/12 21:12:17 | 009,054,208 | ---- | C] () -- C:\Users\Day Bduard\Documents\The_End_Of_Heartache.mp3

[2010/09/12 14:33:57 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/12 01:04:16 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk

[2010/09/10 23:12:14 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/09/10 01:17:39 | 000,042,196 | ---- | C] () -- C:\Users\Day Bduard\Documents\Sharaput POL 203 FAll 2010.docx

[2010/09/09 21:04:38 | 000,000,005 | ---- | C] () -- C:\zrpt.xml

[2010/09/09 17:35:15 | 005,322,992 | ---- | C] () -- C:\Users\Day Bduard\Documents\Drake-9am In Dallas.mp3

[2010/09/09 12:38:02 | 000,037,552 | ---- | C] () -- C:\Users\Day Bduard\Documents\CYC347_course_outline_fall_2010.docx

[2010/09/07 19:01:28 | 000,014,074 | ---- | C] () -- C:\Users\Day Bduard\Documents\Obama!!.docx

[2010/09/07 00:22:26 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/08/25 21:16:36 | 000,001,090 | ---- | C] () -- C:\Users\Day Bduard\Desktop\Free FLV Converter.lnk

[2010/08/25 21:16:33 | 000,364,544 | ---- | C] () -- C:\windows\System32\PropertyGrid.ocx

[2010/08/25 21:16:33 | 000,208,500 | ---- | C] () -- C:\windows\System32\ReyXpBasics.tlb

[2010/08/25 21:16:32 | 000,024,576 | ---- | C] () -- C:\windows\System32\ControlSubX.ocx

[2010/08/22 11:28:37 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/08/08 22:44:53 | 000,011,375 | ---- | C] () -- C:\Users\Day Bduard\Documents\Can you speak more than one language.docx

[2010/07/26 19:04:42 | 000,001,414 | ---- | C] () -- C:\Users\Day Bduard\Desktop\Continue Flash Player Installation.lnk

[2010/07/19 23:02:29 | 000,000,162 | -H-- | C] () -- C:\Users\Day Bduard\Documents\~$WATER.docx

[2010/07/06 01:07:03 | 000,018,349 | ---- | C] () -- C:\Users\Day Bduard\Documents\WATER.docx

[2010/07/01 20:00:45 | 008,122,287 | ---- | C] () -- C:\Users\Day Bduard\Documents\10 - Circle Of Hell - www.file24ever.com.mp3

[2010/07/01 20:00:45 | 003,827,756 | ---- | C] () -- C:\Users\Day Bduard\Documents\03 - Meet John Constantine - www.file24ever.com.mp3

[2010/06/30 01:37:43 | 000,016,775 | ---- | C] () -- C:\Users\Day Bduard\Documents\Arts and Crafts.docx

[2010/06/28 22:51:04 | 000,012,112 | ---- | C] () -- C:\Users\Day Bduard\Documents\My Opinion.docx

[2010/01/12 22:07:03 | 006,694,666 | ---- | C] () -- C:\Users\Day Bduard\AppData\Roaming\UserTile.png

[2010/01/12 21:27:21 | 000,000,070 | ---- | C] () -- C:\windows\A4W.INI

[2010/01/12 17:36:23 | 000,061,440 | ---- | C] () -- C:\windows\System32\cygz.dll

[2009/11/01 08:07:27 | 002,012,153 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2009/10/29 05:42:14 | 000,057,344 | ---- | C] () -- C:\windows\System32\CMDRedirect.dll

[2009/10/28 11:44:10 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI

[2009/10/28 11:33:02 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll

[2009/10/28 11:26:05 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll

[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009/04/28 07:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll

========== LOP Check ==========

[2010/08/25 21:09:05 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\Any Flv Converter

[2010/09/14 00:16:11 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\Azureus

[2009/10/28 15:20:21 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\CopyTrans

[2010/08/25 21:16:45 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\FreeFLVConverter

[2010/01/02 06:08:34 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\Toshiba

[2009/10/28 15:34:06 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\TuneAid

[2009/10/29 05:43:40 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\TuneUpMedia

[2009/10/29 05:42:16 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\Twins Software

[2010/01/07 18:03:58 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\Ulead Systems

[2009/11/16 01:05:32 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\Uniblue

[2009/10/29 04:50:35 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\WildTangent

[2009/10/28 15:19:19 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\WindSolutions

[2010/07/01 11:04:15 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2009/08/20 10:00:40 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2010/09/13 22:47:54 | 2287,632,384 | -HS- | M] () -- C:\hiberfil.sys

[2009/10/29 02:32:52 | 000,551,368 | ---- | M] () -- C:\ituneslib.itl

[2010/09/13 22:47:55 | 3050,176,512 | -HS- | M] () -- C:\pagefile.sys

[2010/09/09 21:04:38 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\Fonts\*.com >

[2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont

[2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont

[2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2009/07/13 21:15:25 | 000,319,488 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpfppw73.dll

[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

[2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2009/10/28 12:20:30 | 000,000,221 | -HS- | M] () -- C:\Users\Day Bduard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

[2010/09/13 23:31:17 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Day Bduard\Desktop\OTL.exe

[2009/10/29 02:29:41 | 005,517,824 | ---- | M] (Jeffrey Harris) -- C:\Users\Day Bduard\Desktop\SharePod.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

[2010/08/04 07:20:53 | 000,000,402 | -HS- | M] () -- C:\Users\Day Bduard\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

[2010/09/13 23:00:04 | 002,012,153 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >

[1 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >

[2009/06/10 17:17:19 | 000,116,288 | ---- | M] () -- C:\Windows\System32\PerfCenterCpl.ico

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >

[2009/10/28 11:36:53 | 000,051,558 | ---- | M] () -- C:\Windows\Logs\DirectX.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >

[2010/09/13 23:54:20 | 003,932,160 | -HS- | M] () -- C:\Users\Day Bduard\ntuser.dat

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 02:47:16

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0CB6E0BD

< End of report >

[D. Elliot]

Here are the results from Extras.Txt

OTL Extras logfile created on: 9/13/2010 11:52:15 PM - Run 1

OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Day Bduard\Desktop

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 434.43 Gb Total Space | 335.46 Gb Free Space | 77.22% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DAYBDUARD-PC

Current User Name: Day Bduard

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Minimal

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableSR" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{0167F157-DAB9-46b0-86C4-7C66DDA85B48}" = HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5

"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status

"{0409c45d-df44-4b98-93b0-572697aa054a}" = F4400

"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board

"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes

"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer

"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp

"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application

"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3

"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

[MrCharlie]

I'm not sure what version of Windows you are running.

ComboFix only runs on XP, Vista and Windows 7 (32-bit only).

If you have Windows 7 64-bit don't run it!

ComboFix must be run from an Administrative account

-------------------------------------------------------------------------

Download ComboFix from one of these locations:

Link 1

Link 2

ComboFix Guide

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit. More info HERE
  They may interfere with the running of ComboFix.
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have SP3, use the SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please let me know.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

5.Give it atleast 20-30 minutes to finish if needed.

MrC

[D. Elliot]

Hi,

I do have windows 7, but I'm not sure what you mean by "bits"

[MrCharlie]

I pretty sure you're running 32-bit but lets check.

Right click on My Computer and choose Properties > on the General Tab > Under System it should tell you.

Also Please do this:

Please post a HJT log of the system:

You can download the HJT installer HERE:

Doubleclick HJTInstall.exe to install it. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Save the log to a convenient location.

Copy and paste it into your post.

MrC

[D. Elliot]

Ok, I checked and I am the 32 type. Here are the results from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:55:57 AM, on 14/09/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ltmoh\ltmoh.exe

C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe

C:\Program Files\TOSHIBA\TECO\TEco.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\windows\system32\igfxext.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\taskeng.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\helppane.exe

C:\windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>>

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP

O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60

O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [LvOWPiejlspS] C:\Users\DAYBDU~1\AppData\Local\Temp\osumdrbts4.exe

O4 - HKLM\..\Run: [LvOWPiejlq+] C:\Users\DAYBDU~1\AppData\Local\Temp\liz27b.exe

O4 - HKLM\..\Run: [LvOWPiejloOmd.com/dw/dw.php?id=%s&ver=d01] C:\Users\DAYBDU~1\AppData\Local\Temp\izd6as.exe

O4 - HKLM\..\Run: [LveOkZkfgotc] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe

O4 - HKLM\..\Run: [LveOkZkfgpZ] C:\Users\Day Bduard\AppData\Local\Temp\mdm.exe

O4 - HKLM\..\Run: [LveOkZkfgnsc] C:\Users\Day Bduard\AppData\Local\Temp\drweb.exe

O4 - HKLM\..\Run: [LveOkZkfgouqc] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe

O4 - HKLM\..\Run: [LveOkZkfgsre] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe

O4 - HKLM\..\Run: [LveOkZkfgotc(Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe

O4 - HKLM\..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe

O4 - HKLM\..\Run: [LveOkZkfgouqcWindows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe

O4 - HKLM\..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [LveOkZkfgsre(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Mquxe] C:\Windows\system.exe

O4 - HKLM\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Windows\system.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [LvOWPiejlspS] C:\Users\DAYBDU~1\AppData\Local\Temp\osumdrbts4.exe

O4 - HKCU\..\Run: [LvOWPiejlq+] C:\Users\DAYBDU~1\AppData\Local\Temp\liz27b.exe

O4 - HKCU\..\Run: [LvOWPiejloOmd.com/dw/dw.php?id=%s&ver=d01] C:\Users\DAYBDU~1\AppData\Local\Temp\izd6as.exe

O4 - HKCU\..\Run: [LvOWPiejlotc] C:\Users\DAYBDU~1\AppData\Local\Temp\hexdump.exe

O4 - HKCU\..\Run: [uquxe] C:\windows\system.exe

O4 - HKCU\..\Run: [LvOWPiejlmc] C:\Users\DAYBDU~1\AppData\Local\Temp\mdm.exe

O4 - HKCU\..\Run: [LvOWPiejlqW] C:\Users\DAYBDU~1\AppData\Local\Temp\drweb.exe

O4 - HKCU\..\Run: [uqqZ] C:\windows\cmd.exe

O4 - HKCU\..\Run: [LvOWPiejlora] C:\Users\DAYBDU~1\AppData\Local\Temp\iexplarer.exe

O4 - HKCU\..\Run: [LvOWPiejlqvc] C:\Users\DAYBDU~1\AppData\Local\Temp\wininst.exe

O4 - HKCU\..\Run: [uqva] C:\windows\win.exe

O4 - HKCU\..\Run: [uqpe] C:\windows\avp.exe

O4 - HKCU\..\Run: [LvOWPiejlotc(Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] C:\Users\DAYBDU~1\AppData\Local\Temp\hexdump.exe

O4 - HKCU\..\Run: [LvOWPiejlotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\DAYBDU~1\AppData\Local\Temp\hexdump.exe

O4 - HKCU\..\Run: [LveOkZkfgotc] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe

O4 - HKCU\..\Run: [Mquxe] C:\Windows\system.exe

O4 - HKCU\..\Run: [LveOkZkfgpZ] C:\Users\Day Bduard\AppData\Local\Temp\mdm.exe

O4 - HKCU\..\Run: [LveOkZkfgnsc] C:\Users\Day Bduard\AppData\Local\Temp\drweb.exe

O4 - HKCU\..\Run: [LveOkZkfgouqc] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe

O4 - HKCU\..\Run: [LveOkZkfgsre] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe

O4 - HKCU\..\Run: [LveOkZkfgotc(Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe

O4 - HKCU\..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\win.exe

O4 - HKCU\..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe

O4 - HKCU\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Windows\system.exe

O4 - HKCU\..\Run: [LveOkZkfgouqcWindows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe

O4 - HKCU\..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] C:\Windows\cmd.exe

O4 - HKCU\..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe

O4 - HKCU\..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Windows\win.exe

O4 - HKCU\..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\cmd.exe

O4 - HKCU\..\Run: [LveOkZkfgsre(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe

O4 - HKCU\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\system.exe

O4 - HKCU\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Windows\system.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Program Files\LSI SoftModem\agrsmsvc.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

--

End of file - 17172 bytes

[MrCharlie]

OK, you are heavily infected, go ahead and run ComboFix.

Please follow the directions carefully especially about disabling your malware programs.

Post the log back here, MrC

[D. Elliot]

Hi,

Here are the results:

ComboFix 10-09-14.01 - Day Bduard 14/09/2010 13:17:42.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.2909.1736 [GMT -4:00]

Running from: c:\users\Day Bduard\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Dealio Toolbar

c:\program files\Dealio Toolbar\IE\4.0.2\config.ini

c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

c:\program files\Dealio Toolbar\Res\amazon.gif

c:\program files\Dealio Toolbar\Res\apple.gif

c:\program files\Dealio Toolbar\Res\barnes.gif

c:\program files\Dealio Toolbar\Res\bestbuy.gif

c:\program files\Dealio Toolbar\Res\dealio_logo.gif

c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif

c:\program files\Dealio Toolbar\Res\ebay.gif

c:\program files\Dealio Toolbar\Res\icon_settings.gif

c:\program files\Dealio Toolbar\Res\macys.gif

c:\program files\Dealio Toolbar\Res\newegg.gif

c:\program files\Dealio Toolbar\Res\overstock.gif

c:\program files\Dealio Toolbar\Res\search-button-hover.gif

c:\program files\Dealio Toolbar\Res\search-button.gif

c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif

c:\program files\Dealio Toolbar\Res\search-chevron.gif

c:\program files\Dealio Toolbar\Res\search_amazon.gif

c:\program files\Dealio Toolbar\Res\search_dealio.gif

c:\program files\Dealio Toolbar\Res\search_ebay.gif

c:\program files\Dealio Toolbar\Res\search_yahoo.gif

c:\program files\Dealio Toolbar\Res\target.gif

c:\program files\Dealio Toolbar\Res\walmart.gif

c:\program files\Dealio Toolbar\Res\widgets.xml

c:\program files\Dealio Toolbar\WidgiHelper.exe

c:\program files\Search Settings

c:\program files\Search Settings\SeARchsettings.dll

c:\program files\Search Settings\SearchSettings.exe

c:\program files\Search Settings\SearchSettingsRes409.dll

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

.

((((((((((((((((((((((((( Files Created from 2010-08-14 to 2010-09-14 )))))))))))))))))))))))))))))))

.

2010-09-14 17:51 . 2010-09-14 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-09-14 17:51 . 2010-09-14 17:51 -------- d-----w- c:\users\Day Bduard\AppData\Local\temp

2010-09-14 15:55 . 2010-09-14 15:55 -------- d-----w- c:\program files\Trend Micro

2010-09-14 02:39 . 2010-09-14 02:49 -------- d-----w- c:\program files\Microsoft Windows OneCare Live

2010-09-14 00:08 . 2010-09-14 00:08 -------- d-----w- C:\avrescue

2010-09-13 21:10 . 2010-09-13 21:10 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\Avira

2010-09-13 21:05 . 2010-09-13 21:05 -------- d-----w- c:\programdata\Avira

2010-09-13 21:05 . 2010-09-13 21:05 -------- d-----w- c:\program files\Avira

2010-09-12 19:53 . 2010-09-14 04:03 -------- d-----w- C:\Converted Video Files

2010-09-12 18:34 . 2010-09-12 18:34 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\Malwarebytes

2010-09-12 18:33 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-12 18:33 . 2010-09-12 18:33 -------- d-----w- c:\programdata\Malwarebytes

2010-09-12 18:33 . 2010-09-14 16:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-12 18:33 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-12 05:04 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-09-12 05:04 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-09-12 05:04 . 2010-09-07 14:54 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys

2010-09-12 05:04 . 2010-09-07 14:53 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2010-09-12 05:03 . 2010-09-07 14:53 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2010-09-12 05:03 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-09-12 05:03 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-09-12 05:03 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-09-12 05:03 . 2010-09-07 14:24 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2010-09-12 05:03 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr

2010-09-12 05:03 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-09-12 05:03 . 2010-09-12 05:03 -------- d-----w- c:\programdata\Alwil Software

2010-09-12 05:03 . 2010-09-12 05:03 -------- d-----w- c:\program files\Alwil Software

2010-09-10 21:02 . 2010-09-10 21:02 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\SUPERAntiSpyware.com

2010-09-10 21:02 . 2010-09-10 21:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-09-09 17:02 . 2010-09-09 17:02 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\HPAppData

2010-09-08 04:36 . 2010-09-09 01:11 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\dvdcss

2010-09-07 04:21 . 2010-09-07 04:21 -------- d-----w- c:\program files\iPod

2010-09-07 04:21 . 2010-09-07 04:22 -------- d-----w- c:\program files\iTunes

2010-08-26 01:17 . 2010-08-26 01:17 -------- d-----w- c:\program files\Application Updater

2010-08-26 01:16 . 2010-07-23 06:37 311296 ----a-w- c:\windows\system32\TubeFinder.exe

2010-08-26 01:16 . 2009-06-19 23:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL

2010-08-26 01:16 . 2009-06-19 23:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL

2010-08-26 01:16 . 2010-08-26 01:16 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\FreeFLVConverter

2010-08-26 01:16 . 2010-08-26 01:16 -------- d-----w- c:\program files\Free FLV Converter

2010-08-26 01:16 . 2009-06-19 23:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL

2010-08-26 01:16 . 2009-06-19 23:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL

2010-08-26 01:16 . 2009-06-19 23:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL

2010-08-26 00:59 . 2010-08-26 01:09 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\Any Flv Converter

2010-08-26 00:59 . 2010-08-26 01:09 -------- d-----w- c:\program files\Any Flv Converter

2010-08-22 15:28 . 2010-08-22 15:28 -------- d-----w- c:\program files\QuickTime

2010-08-20 20:50 . 2010-08-20 22:02 -------- d-----w- c:\program files\Total Video Converter

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-14 15:04 . 2009-11-01 21:50 468493 ----a-w- c:\windows\hpoins37.dat

2010-09-14 04:16 . 2009-10-29 09:39 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\Azureus

2010-09-14 04:15 . 2009-11-15 17:57 -------- d-----w- c:\programdata\Yahoo! Companion

2010-09-12 04:47 . 2009-11-26 18:05 -------- d-----w- c:\programdata\avg9

2010-09-11 18:13 . 2009-10-30 11:00 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\vlc

2010-09-11 03:14 . 2009-08-20 23:23 -------- d-----w- c:\program files\Common Files\Adobe

2010-09-07 04:21 . 2009-10-28 18:48 -------- d-----w- c:\program files\Common Files\Apple

2010-09-01 18:58 . 2009-10-29 09:37 -------- d-----w- c:\program files\Vuze

2010-08-26 01:25 . 2009-11-26 18:06 -------- d-----w- c:\programdata\AVG Security Toolbar

2010-08-20 20:53 . 2009-10-28 16:20 96536 ----a-w- c:\users\Day Bduard\AppData\Local\GDIPFONTCACHEV1.DAT

2010-08-12 02:46 . 2009-10-28 15:50 -------- d-----w- c:\program files\Microsoft Works

2010-08-12 02:43 . 2009-10-28 15:51 -------- d-----w- c:\programdata\Microsoft Help

2010-08-08 19:58 . 2009-11-04 21:44 -------- d-----w- c:\program files\Safari

2010-08-02 05:08 . 2010-01-12 20:51 -------- d-----w- c:\program files\DoremiSoft

2010-07-29 06:30 . 2010-08-11 23:13 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-07-29 06:30 . 2010-08-11 23:13 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-07-15 20:47 . 2009-11-26 18:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-15 20:47 . 2010-07-15 20:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 20:46 . 2009-11-26 18:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-30 06:25 . 2010-08-11 23:13 978432 ----a-w- c:\windows\system32\wininet.dll

2010-06-22 02:47 . 2010-08-11 23:13 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-22 02:47 . 2010-08-11 23:13 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-06-22 02:47 . 2010-08-11 23:13 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-06-19 06:33 . 2010-08-11 23:13 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-06-19 06:33 . 2010-08-11 23:13 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-06-19 06:23 . 2010-08-11 23:13 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-06-19 04:07 . 2010-08-11 23:13 2326016 ----a-w- c:\windows\system32\win32k.sys

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-10 333192]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]

[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-10 333192]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]

[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]

@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"

[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]

2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080]

"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]

"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-10 1324384]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]

"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]

"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]

"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]

"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-09-07 119200]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1343400]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]

S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]

S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-10 464264]

S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-10 234888]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]

S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 181616]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 859136]

S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 04:16]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 04:16]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

HKCU-Run-Uquxe - c:\windows\system.exe

HKCU-Run-UqqZ - c:\windows\cmd.exe

HKCU-Run-Uqva - c:\windows\win.exe

HKCU-Run-Uqpe - c:\windows\avp.exe

HKCU-Run-Mquxe - c:\windows\system.exe

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe

HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe

HKLM-Run-Mquxe - c:\windows\system.exe

AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000020

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\sppsvc.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\windows\system32\igfxext.exe

c:\program files\AVG\AVG9\avgtray.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnscfg.exe

.

**************************************************************************

.

Completion time: 2010-09-14 14:06:38 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-14 18:06

Pre-Run: 360,252,047,360 bytes free

Post-Run: 361,870,483,456 bytes free

- - End Of File - - B9E5B8D773CF25E08DEE43BF03D1F157

[MrCharlie]

Well Done

Please post a fresh HJT log of the system, MrC

[D. Elliot]

Hi,

Here are the results (fingers crossed)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:36:57 PM, on 14/09/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\windows\system32\Dwm.exe

C:\windows\system32\taskhost.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ltmoh\ltmoh.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe

C:\Program Files\TOSHIBA\TECO\TEco.exe

C:\windows\system32\igfxext.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\windows\Explorer.exe

C:\windows\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AVG\AVG9\avgui.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP

O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60

O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Windows\system.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\win.exe

O4 - HKCU\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Windows\system.exe

O4 - HKCU\..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] C:\Windows\cmd.exe

O4 - HKCU\..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Windows\win.exe

O4 - HKCU\..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\cmd.exe

O4 - HKCU\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\system.exe

O4 - HKCU\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Windows\system.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll

O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Program Files\LSI SoftModem\agrsmsvc.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

--

End of file - 11741 bytes

[MrCharlie]

OK, go to your control panels add/remove programs an uninstall Application Updater. <----malware

----------------------------

Run HJT and fix these:

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKLM\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Windows\system.exe

O4 - HKCU\..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\win.exe

O4 - HKCU\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Windows\system.exe

O4 - HKCU\..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Windows\win.exe

O4 - HKCU\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\system.exe

O4 - HKCU\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Windows\system.exe

O4 - HKCU\..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] C:\Windows\cmd.exe

O4 - HKCU\..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\cmd.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

Click on Fix Checked when finished and exit HijackThis.

Reboot and post a fresh HJT log, MrC

[D. Elliot]

Hi,

I've check my control panel/programs and I don't see the 'application updater.'

[D. Elliot]

I just followed through with the other instructions in regards to HTJ. Here are the results:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:25:28 PM, on 14/09/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\System32\rundll32.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ltmoh\ltmoh.exe

C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe

C:\Program Files\TOSHIBA\TECO\TEco.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\taskeng.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP

O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60

O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\cmd.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll

O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Program Files\LSI SoftModem\agrsmsvc.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

--

End of file - 10907 bytes

[MrCharlie]

I'm sorry...I don't have W7 so I assumed is was add/remove programs.

The link below explains how to uninstall a program in W7:

http://www.netomatix.com/post/2009/08/09/A...-Windows-7.aspx

The rest of it looks good, Let me know.....MrC

[D. Elliot]

Hi,

I still don't see the file. Could it still be eleswhere?

[MrCharlie]

Maybe ComboFix took it out.

Make sure this folder is deleted:

C:\Program Files\Application Updater

Let me know, MrC