Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

hi guys, Badly Infected System, Please help!?

Started by zzedexx , May 02 2011 12:08 PM

This topic is locked

#1
zzedexx

Posted 02 May 2011 - 12:08 PM

Member

Member
37 posts

hi, hope someone can help me + thanks in advance.

have had an epic battle just to get this system stable/workable enough to join and post here!

a while ago noticed that windows updates wouldnt (never?) install for some reason.
then started out maybe a week or two ago getting random bluescreen/systemcrashes + AVG warnings about Malware being detected...

the major problems started after i tried to download a file via a site that i thought was like mediafire but noticed something dodgy was going on and it was taking a long time and the file wouldn't save as expected

got a chance the other day to try to start running scans and trying to do something about it.

whatever is/was on here has been some nasty stuff.

i've had all sorts of probs running scans and at one point was hardly able to get a login to complete.
have had exe's blocked and start menu stuff dissappeared (files seem to have been 'hidden')

finally managed to run VipreRESCUE9160 and Malwarebytes via 'right click/ Run as Admin' and things have improved but need to find what else is still on here and try to get this system back to being 'okay'/safe again!

just ran QUICK SCAN using OTL:

here is the log..

OTL logfile created on: 2011,05,03 03:21:29 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\end user\Desktop\iN
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: yyyy,MM,dd

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.04 Gb Total Space | 67.20 Gb Free Space | 14.83% Space Free | Partition Type: NTFS

Computer Name: BEUCEPHALUS | User Name: end user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011,05,01 00:16:00 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\end user\Desktop\iN\jug.exe
PRC - [2011,04,13 21:53:46 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011,01,07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011,01,07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011,01,06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011,01,06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010,12,05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010,12,05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010,10,22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010,10,22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2009,11,22 01:52:16 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009,11,06 03:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009,11,06 03:15:02 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009,10,31 11:20:10 | 000,427,320 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
PRC - [2009,10,31 06:48:42 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009,10,31 06:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009,10,30 08:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009,10,30 08:08:34 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009,10,29 14:02:38 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2009,10,29 13:13:44 | 000,467,304 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2009,10,29 05:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009,10,28 14:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009,10,27 04:15:40 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009,10,24 15:28:58 | 000,832,856 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2009,10,22 03:30:34 | 000,518,720 | -H-- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2009,10,07 03:23:12 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009,10,07 03:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009,10,03 07:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009,10,03 07:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009,10,01 13:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009,10,01 13:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009,09,29 08:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009,09,29 08:30:32 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe
PRC - [2009,07,30 10:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2009,07,29 14:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009,07,29 09:43:04 | 000,128,344 | -H-- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009,07,29 08:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009,07,23 07:40:40 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009,07,22 05:43:44 | 000,701,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
PRC - [2009,07,14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009,07,14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009,07,14 11:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009,03,11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009,02,21 03:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009,01,14 15:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

========== Modules (SafeList) ==========

MOD - [2011,05,01 00:16:00 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\end user\Desktop\iN\jug.exe
MOD - [2009,07,14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2011,01,06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010,10,22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009,11,06 03:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009,10,31 06:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009,10,30 08:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009,10,28 14:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009,10,22 04:39:14 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009,10,22 03:30:34 | 000,518,720 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2009,10,07 03:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009,10,03 07:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009,10,01 13:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009,10,01 13:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009,09,29 08:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009,08,28 04:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009,07,29 09:43:04 | 000,128,344 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009,07,14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009,03,11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009,02,21 03:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

========== Driver Services (SafeList) ==========

DRV - [2010,12,08 04:12:38 | 000,251,728 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010,11,12 13:19:38 | 000,299,984 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010,11,09 14:56:12 | 000,098,392 | -H-- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010,09,13 15:27:54 | 000,025,680 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010,09,07 03:48:56 | 000,034,384 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010,09,07 03:48:50 | 000,026,064 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010,08,19 20:42:38 | 000,123,472 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010,08,19 20:42:38 | 000,030,288 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010,08,19 20:42:36 | 000,021,072 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009,11,14 09:07:04 | 009,927,176 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009,10,27 06:39:04 | 000,125,696 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009,10,03 07:33:24 | 000,862,208 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009,09,25 11:54:26 | 000,169,320 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009,09,24 04:25:18 | 000,120,432 | -H-- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009,09,18 06:54:14 | 000,041,088 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009,09,15 08:29:36 | 000,049,400 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009,09,10 15:31:48 | 000,102,912 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009,09,04 15:12:40 | 000,180,736 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009,08,22 07:24:04 | 000,066,592 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009,08,06 06:55:08 | 000,061,168 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009,07,31 15:02:34 | 000,036,208 | -H-- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009,07,31 11:45:56 | 000,022,912 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009,07,29 14:01:26 | 000,069,480 | -H-- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009,07,25 09:57:06 | 000,275,536 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009,07,25 05:31:58 | 000,021,608 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009,07,15 09:28:42 | 000,023,512 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009,07,14 16:13:10 | 000,015,216 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009,07,14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009,07,14 09:51:11 | 000,034,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009,07,14 08:13:48 | 001,035,776 | -H-- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009,06,30 10:16:22 | 000,013,120 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2009,06,30 04:25:24 | 000,030,272 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2009,06,30 04:17:00 | 000,059,904 | -H-- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2009,06,23 11:04:58 | 000,024,064 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009,06,20 13:31:08 | 000,012,920 | -H-- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009,06,20 03:57:20 | 000,079,872 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009,06,20 03:56:48 | 000,042,472 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009,06,18 05:59:46 | 000,046,984 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009,06,12 07:05:04 | 000,626,688 | -H-- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2009,05,20 15:59:00 | 000,011,776 | -H-- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid)
DRV - [2008,04,25 12:16:00 | 000,005,632 | -H-- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAU&bmod=TSAU
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSAU&bmod=TSAU

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAU&bmod=TSAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011,04,13 02:25:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011,04,13 21:53:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011,04,13 21:53:55 | 000,000,000 | ---D | M]

[2010,12,02 12:14:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\end user\AppData\Roaming\mozilla\Extensions
[2011,05,02 15:14:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\end user\AppData\Roaming\mozilla\Firefox\Profiles\hqzx4227.default\extensions
[2011,02,23 10:31:06 | 000,000,000 | -H-D | M] (Download Manager Tweak) -- C:\Users\end user\AppData\Roaming\mozilla\Firefox\Profiles\hqzx4227.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011,04,13 03:13:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011,04,13 02:25:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011,04,13 21:53:51 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011,04,13 21:53:51 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011,04,13 21:53:51 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011,04,13 21:53:51 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [swg] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009,06,11 07:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2e6bb4ca-fdb3-11df-9625-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{2e6bb4ca-fdb3-11df-9625-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2e6bb4d0-fdb3-11df-9625-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{2e6bb4d0-fdb3-11df-9625-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{788daf0e-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788daf0e-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{788db08f-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db08f-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{788db20e-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db20e-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{788db8d7-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db8d7-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{788db8da-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db8da-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dbc7ccab-fdd0-11df-9625-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc7ccab-fdd0-11df-9625-001e101fe5e1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{dbc7ccae-fdd0-11df-9625-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc7ccae-fdd0-11df-9625-001e101fe5e1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f640535e-a9ce-11df-982a-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{f640535e-a9ce-11df-982a-705ab6816c8d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f6405366-a9ce-11df-982a-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{f6405366-a9ce-11df-982a-705ab6816c8d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\windows\system32\config\systemprofile\AppData\Local\kfi.exe" -a "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\windows\system32\config\systemprofile\AppData\Local\kfi.exe" -a "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011,05,02 03:18:38 | 000,000,000 | -H-D | C] -- C:\Windows Recovery
[2011,05,01 10:40:12 | 000,000,000 | -H-D | C] -- C:\Users\end user\AppData\Roaming\Malwarebytes
[2011,05,01 10:39:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011,05,01 10:39:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011,05,01 10:39:48 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011,05,01 10:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011,05,01 00:52:24 | 000,098,392 | -H-- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2011,05,01 00:52:24 | 000,027,984 | -H-- | C] (Sunbelt Software) -- C:\windows\System32\sbbd.exe
[2011,05,01 00:52:07 | 000,000,000 | -H-D | C] -- C:\VIPRERESCUE
[2011,05,01 00:37:47 | 007,734,240 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\end user\Desktop\mblam-setup.exe
[2011,04,29 12:11:24 | 000,000,000 | -H-D | C] -- C:\Users\end user\Desktop\HAND#
[2011,04,28 15:44:33 | 000,000,000 | ---D | C] -- C:\Users\end user\Documents\KPR
[2011,04,28 15:41:27 | 000,000,000 | ---D | C] -- C:\Users\end user\Documents\WiLDCATS
[2011,04,19 11:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageShack Uploader
[2011,04,18 23:56:57 | 000,000,000 | -H-D | C] -- C:\windows\Sun
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011,05,03 03:22:00 | 000,016,080 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011,05,03 03:22:00 | 000,016,080 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011,05,03 03:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At4.job
[2011,05,03 02:40:00 | 000,000,920 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-355442463-701767184-3524845949-1004UA.job
[2011,05,03 02:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At3.job
[2011,05,03 01:00:01 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At2.job
[2011,05,03 00:44:01 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At1.job
[2011,05,03 00:09:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011,05,02 23:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At24.job
[2011,05,02 22:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At23.job
[2011,05,02 21:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At22.job
[2011,05,02 20:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At21.job
[2011,05,02 19:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At20.job
[2011,05,02 18:00:01 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At19.job
[2011,05,02 17:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At18.job
[2011,05,02 16:00:01 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At17.job
[2011,05,02 14:51:35 | 000,011,174 | -HS- | M] () -- C:\ProgramData\5oh7603awd86
[2011,05,02 14:51:33 | 000,011,174 | -HS- | M] () -- C:\Users\end user\AppData\Local\5oh7603awd86
[2011,05,02 08:33:57 | 113,928,874 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2011,05,02 08:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At9.job
[2011,05,02 07:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At8.job
[2011,05,02 06:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At7.job
[2011,05,02 05:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At6.job
[2011,05,02 04:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At5.job
[2011,05,02 03:18:40 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~20438792r
[2011,05,02 03:18:40 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~20438792
[2011,05,02 03:18:38 | 000,000,586 | -H-- | M] () -- C:\Windows Recovery.lnk
[2011,05,02 03:18:35 | 000,000,336 | -H-- | M] () -- C:\ProgramData\20438792
[2011,05,01 22:56:39 | 000,711,442 | -H-- | M] () -- C:\windows\System32\perfh009.dat
[2011,05,01 22:56:39 | 000,139,504 | -H-- | M] () -- C:\windows\System32\perfc009.dat
[2011,05,01 15:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At16.job
[2011,05,01 14:40:00 | 000,000,868 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-355442463-701767184-3524845949-1004Core.job
[2011,05,01 14:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At15.job
[2011,05,01 13:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At14.job
[2011,05,01 12:00:01 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At13.job
[2011,05,01 11:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At12.job
[2011,05,01 00:38:44 | 000,000,000 | -H-- | M] () -- C:\Users\end user\Desktop\mbam-setup.exe
[2011,05,01 00:36:24 | 007,734,240 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\end user\Desktop\mblam-setup.exe
[2011,04,30 15:08:50 | 000,000,355 | -H-- | M] () -- C:\Users\end user\Desktop\BEAUCEPHELUS.lnk
[2011,04,30 10:00:00 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At11.job
[2011,04,30 09:11:12 | 000,000,340 | -H-- | M] () -- C:\windows\tasks\At10.job
[2011,04,29 12:32:14 | 000,000,939 | -H-- | M] () -- C:\Users\end user\IMAGES.lnk
[2011,04,29 12:09:57 | 000,001,499 | -H-- | M] () -- C:\Users\end user\Desktop\#.lnk
[2011,04,26 02:58:53 | 000,000,112 | -H-- | M] () -- C:\ProgramData\aDRCIj.dat
[2011,04,20 00:55:38 | 000,212,355 | ---- | M] () -- C:\Users\end user\Documents\hayden's 1st birthday invite.jpg
[2011,04,19 16:31:13 | 000,017,408 | -H-- | M] () -- C:\Users\end user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011,04,18 10:56:22 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011,04,15 17:43:47 | 000,154,909 | -H-- | M] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2011,04,13 03:13:42 | 000,001,932 | -H-- | M] () -- C:\Users\end user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011,04,13 03:04:41 | 000,016,274 | ---- | M] () -- C:\Users\end user\Documents\SearchResults20110413.csv
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011,05,02 08:52:59 | 000,011,174 | -HS- | C] () -- C:\Users\end user\AppData\Local\5oh7603awd86
[2011,05,02 03:18:40 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~20438792r
[2011,05,02 03:18:40 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~20438792
[2011,05,02 03:18:38 | 000,000,586 | -H-- | C] () -- C:\Windows Recovery.lnk
[2011,05,02 03:18:35 | 000,000,336 | -H-- | C] () -- C:\ProgramData\20438792
[2011,05,02 00:23:44 | 000,011,174 | -HS- | C] () -- C:\ProgramData\5oh7603awd86
[2011,05,01 00:38:44 | 000,000,000 | -H-- | C] () -- C:\Users\end user\Desktop\mbam-setup.exe
[2011,04,30 15:08:50 | 000,000,355 | -H-- | C] () -- C:\Users\end user\Desktop\BEAUCEPHELUS.lnk
[2011,04,29 12:32:14 | 000,000,939 | -H-- | C] () -- C:\Users\end user\IMAGES.lnk
[2011,04,29 12:06:31 | 000,001,499 | -H-- | C] () -- C:\Users\end user\Desktop\#.lnk
[2011,04,26 02:59:10 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At24.job
[2011,04,26 02:59:10 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At23.job
[2011,04,26 02:59:10 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At22.job
[2011,04,26 02:59:10 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At21.job
[2011,04,26 02:59:10 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At20.job
[2011,04,26 02:59:10 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At19.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At9.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At8.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At7.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At6.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At5.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At4.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At3.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At18.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At17.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At16.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At15.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At14.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At13.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At12.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At11.job
[2011,04,26 02:59:09 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At10.job
[2011,04,26 02:59:08 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At2.job
[2011,04,26 02:59:08 | 000,000,340 | -H-- | C] () -- C:\windows\tasks\At1.job
[2011,04,26 02:58:53 | 000,000,112 | -H-- | C] () -- C:\ProgramData\aDRCIj.dat
[2011,04,20 00:50:55 | 000,212,355 | ---- | C] () -- C:\Users\end user\Documents\hayden's 1st birthday invite.jpg
[2011,04,18 11:26:24 | 000,017,408 | -H-- | C] () -- C:\Users\end user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011,04,18 10:56:22 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011,04,13 03:04:41 | 000,016,274 | ---- | C] () -- C:\Users\end user\Documents\SearchResults20110413.csv
[2010,03,11 16:37:27 | 000,000,000 | -H-- | C] () -- C:\windows\NDSTray.INI
[2010,03,11 16:22:35 | 000,073,728 | -H-- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010,03,11 16:15:54 | 000,000,852 | -H-- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat
[2010,03,11 16:15:54 | 000,000,520 | -H-- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2010,03,11 16:15:54 | 000,000,520 | -H-- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010,03,11 16:15:54 | 000,000,096 | -H-- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010,03,11 16:11:50 | 000,045,056 | -H-- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2009,11,13 21:08:56 | 000,040,588 | -H-- | C] () -- C:\windows\System32\nvcoproc.bin
[2009,08,03 18:21:54 | 000,197,912 | -H-- | C] () -- C:\windows\System32\physxcudart_20.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2009,08,03 18:21:52 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2009,08,03 18:21:52 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2009,07,14 14:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009,07,14 14:33:53 | 000,446,904 | -H-- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009,07,14 12:05:48 | 000,711,442 | -H-- | C] () -- C:\windows\System32\perfh009.dat
[2009,07,14 12:05:48 | 000,291,294 | -H-- | C] () -- C:\windows\System32\perfi009.dat
[2009,07,14 12:05:48 | 000,139,504 | -H-- | C] () -- C:\windows\System32\perfc009.dat
[2009,07,14 12:05:48 | 000,031,548 | -H-- | C] () -- C:\windows\System32\perfd009.dat
[2009,07,14 12:05:05 | 000,000,741 | -H-- | C] () -- C:\windows\System32\NOISE.DAT
[2009,07,14 12:04:11 | 000,215,943 | -H-- | C] () -- C:\windows\System32\dssec.dat
[2009,07,14 09:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009,07,14 09:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009,07,14 09:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009,06,11 07:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009,04,28 22:37:00 | 000,028,672 | -H-- | C] () -- C:\windows\System32\SPCtl.dll

========== LOP Check ==========

[2010,12,02 11:18:59 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\AVG10
[2011,05,01 00:46:04 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\foobar2000
[2010,07,01 08:45:38 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\Toshiba
[2010,06,06 04:14:07 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\Ulead Systems
[2011,04,29 16:32:29 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\uTorrent
[2010,08,17 17:23:29 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\Vodafone
[2010,04,18 04:23:43 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\WildTangent
[2011,05,03 00:44:01 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At1.job
[2011,04,30 09:11:12 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At10.job
[2011,04,30 10:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At11.job
[2011,05,01 11:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At12.job
[2011,05,01 12:00:01 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At13.job
[2011,05,01 13:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At14.job
[2011,05,01 14:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At15.job
[2011,05,01 15:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At16.job
[2011,05,02 16:00:01 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At17.job
[2011,05,02 17:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At18.job
[2011,05,02 18:00:01 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At19.job
[2011,05,03 01:00:01 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At2.job
[2011,05,02 19:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At20.job
[2011,05,02 20:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At21.job
[2011,05,02 21:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At22.job
[2011,05,02 22:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At23.job
[2011,05,02 23:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At24.job
[2011,05,03 02:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At3.job
[2011,05,03 03:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At4.job
[2011,05,02 04:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At5.job
[2011,05,02 05:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At6.job
[2011,05,02 06:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At7.job
[2011,05,02 07:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At8.job
[2011,05,02 08:00:00 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At9.job
[2011,05,02 19:45:21 | 000,024,680 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

hope you guys can help and tell what i need to do next!

thanks for taking the time to read this!

xo

Zed

#2
Homburg

Posted 05 May 2011 - 03:08 AM

Trusted Helper

Malware Removal
665 posts

Hello zzedexx and welcome to GeeksToGo

I'm Homburg and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
Please do not try to fix anything without being asked
I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
I am currently reviewing your logs.

#3
zzedexx

Posted 05 May 2011 - 12:06 PM

Member

Topic Starter
Member
37 posts

hey hey!

thanks for helping!

Zed

#4
Homburg

Posted 05 May 2011 - 04:14 PM

Trusted Helper

Malware Removal
665 posts

Hello zzedexx

Please do the following:

========
Step 1
========

Run OTL Posted Image

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O35 - HKLM\..exefile [open] -- "C:\windows\system32\config\systemprofile\AppData\Local\kfi.exe" -a "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\windows\system32\config\systemprofile\AppData\Local\kfi.exe" -a "%1" %*
[2011,05,02 14:51:35 | 000,011,174 | -HS- | M] () -- C:\ProgramData\5oh7603awd86
[2011,05,02 14:51:33 | 000,011,174 | -HS- | M] () -- C:\Users\end user\AppData\Local\5oh7603awd86
[2011,05,02 03:18:40 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~20438792r
[2011,05,02 03:18:40 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~20438792
[2011,05,02 03:18:38 | 000,000,586 | -H-- | M] () -- C:\Windows Recovery.lnk
[2011,05,02 03:18:35 | 000,000,336 | -H-- | M] () -- C:\ProgramData\20438792
[2011,05,02 03:18:38 | 000,000,000 | -H-D | C] -- C:\Windows Recovery
[2011,04,29 12:09:57 | 000,001,499 | -H-- | M] () -- C:\Users\end user\Desktop\#.lnk

:Services

:Reg

:Files
C:\ProgramData\5oh7603awd86
C:\Users\end user\AppData\Local\5oh7603awd86
C:\ProgramData\~20438792r
C:\ProgramData\~20438792
C:\Windows Recovery.lnk
C:\ProgramData\20438792
C:\windows\system32\config\systemprofile\AppData\Local\kfi.exe
C:\WINDOWS\Tasks\At*.job /s
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done. Please post the fix log that is created.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

========
Step 2
========

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.

========
Step 3
========

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

========
Step4
========

Please remember to post:

OTL fix log
New OTL quick scan log
MalwareBytes log
aswMBR scan log
Any problems you are now experiencing

Homburg

#5
zzedexx

Posted 05 May 2011 - 07:41 PM

Member

Topic Starter
Member
37 posts

STEP1a OTL FIXLOG:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware (reboot) deleted successfully.
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
File "C:\windows\system32\config\systemprofile\AppData\Local\kfi.exe" -a "%1" %* not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\ProgramData\5oh7603awd86 moved successfully.
C:\Users\end user\AppData\Local\5oh7603awd86 moved successfully.
C:\ProgramData\~20438792r moved successfully.
C:\ProgramData\~20438792 moved successfully.
File C:\Windows Recovery.lnk not found.
C:\ProgramData\20438792 moved successfully.
C:\Windows Recovery folder moved successfully.
C:\Users\end user\Desktop\#.lnk moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\ProgramData\5oh7603awd86 not found.
File\Folder C:\Users\end user\AppData\Local\5oh7603awd86 not found.
File\Folder C:\ProgramData\~20438792r not found.
File\Folder C:\ProgramData\~20438792 not found.
C:\Windows Recovery.lnk moved successfully.
File\Folder C:\ProgramData\20438792 not found.
File\Folder C:\windows\system32\config\systemprofile\AppData\Local\kfi.exe not found.
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
File delete failed. C:\Users\end user\Desktop\iN\cmd.bat scheduled to be deleted on reboot.
C:\Users\end user\Desktop\iN\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: end user
->Temp folder emptied: 235835793 bytes
->Temporary Internet Files folder emptied: 31032701 bytes
->Java cache emptied: 10745 bytes
->FireFox cache emptied: 66521095 bytes
->Flash cache emptied: 48481 bytes

User: Public

User: XO
->Temp folder emptied: 83507 bytes
->Temporary Internet Files folder emptied: 36053 bytes
->FireFox cache emptied: 16860257 bytes
->Flash cache emptied: 611 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 865952 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 189811899 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 516.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: end user
->Flash cache emptied: 0 bytes

User: Public

User: XO
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05062011_112358

Files\Folders moved on Reboot...
C:\Users\end user\Desktop\iN\cmd.bat moved successfully.

Registry entries deleted on Reboot...

#6
zzedexx

Posted 05 May 2011 - 07:45 PM

Member

Topic Starter
Member
37 posts

STEP 1b OTL QUICKSCAN LOG :

OTL logfile created on: 2011,05,06 11:35:38 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\end user\Desktop\iN
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: yyyy,MM,dd

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.04 Gb Total Space | 67.37 Gb Free Space | 14.87% Space Free | Partition Type: NTFS
Drive H: | 7.39 Gb Total Space | 7.09 Gb Free Space | 95.84% Space Free | Partition Type: FAT32

Computer Name: BEUCEPHALUS | User Name: end user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011,05,01 00:16:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\end user\Desktop\iN\jug.exe
PRC - [2011,04,15 02:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011,01,25 17:42:10 | 000,083,440 | -H-- | M] (Google) -- C:\Users\end user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011,01,07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011,01,07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011,01,06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011,01,06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010,12,05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010,12,05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010,10,22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010,10,22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2009,11,22 01:52:16 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009,11,06 03:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009,11,06 03:15:02 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009,10,31 11:20:10 | 000,427,320 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
PRC - [2009,10,31 06:48:42 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009,10,31 06:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009,10,30 08:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009,10,30 08:08:34 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009,10,29 14:02:38 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2009,10,29 13:13:44 | 000,467,304 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2009,10,28 14:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009,10,27 04:15:40 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009,10,24 15:28:58 | 000,832,856 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2009,10,22 03:30:34 | 000,518,720 | -H-- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2009,10,07 03:23:12 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009,10,07 03:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009,10,03 07:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009,10,03 07:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009,10,01 13:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009,10,01 13:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009,09,29 08:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009,09,29 08:30:32 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe
PRC - [2009,07,30 10:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2009,07,29 09:43:04 | 000,128,344 | -H-- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009,07,29 08:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009,07,23 07:40:40 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009,07,22 05:43:44 | 000,701,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
PRC - [2009,07,14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009,07,14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009,07,14 11:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009,03,11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009,02,21 03:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009,01,14 15:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

========== Modules (SafeList) ==========

MOD - [2011,05,01 00:16:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\end user\Desktop\iN\jug.exe
MOD - [2009,07,14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2011,01,06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010,10,22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009,11,06 03:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009,10,31 06:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009,10,30 08:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009,10,28 14:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009,10,22 04:39:14 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009,10,22 03:30:34 | 000,518,720 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2009,10,07 03:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009,10,03 07:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009,10,01 13:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009,10,01 13:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009,09,29 08:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009,08,28 04:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009,07,29 09:43:04 | 000,128,344 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009,07,14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009,03,11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009,02,21 03:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

========== Driver Services (SafeList) ==========

DRV - [2010,12,08 04:12:38 | 000,251,728 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010,11,12 13:19:38 | 000,299,984 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010,11,09 14:56:12 | 000,098,392 | -H-- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010,09,13 15:27:54 | 000,025,680 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010,09,07 03:48:56 | 000,034,384 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010,09,07 03:48:50 | 000,026,064 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010,08,19 20:42:38 | 000,123,472 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010,08,19 20:42:38 | 000,030,288 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010,08,19 20:42:36 | 000,021,072 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009,11,14 09:07:04 | 009,927,176 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009,10,27 06:39:04 | 000,125,696 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009,10,03 07:33:24 | 000,862,208 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009,09,25 11:54:26 | 000,169,320 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009,09,24 04:25:18 | 000,120,432 | -H-- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009,09,18 06:54:14 | 000,041,088 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009,09,15 08:29:36 | 000,049,400 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009,09,10 15:31:48 | 000,102,912 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009,09,04 15:12:40 | 000,180,736 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009,08,22 07:24:04 | 000,066,592 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009,08,06 06:55:08 | 000,061,168 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009,07,31 15:02:34 | 000,036,208 | -H-- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009,07,31 11:45:56 | 000,022,912 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009,07,29 14:01:26 | 000,069,480 | -H-- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009,07,25 09:57:06 | 000,275,536 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009,07,25 05:31:58 | 000,021,608 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009,07,15 09:28:42 | 000,023,512 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009,07,14 16:13:10 | 000,015,216 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009,07,14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009,07,14 09:51:11 | 000,034,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009,07,14 08:13:48 | 001,035,776 | -H-- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009,06,30 10:16:22 | 000,013,120 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2009,06,30 04:25:24 | 000,030,272 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2009,06,30 04:17:00 | 000,059,904 | -H-- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2009,06,23 11:04:58 | 000,024,064 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009,06,20 13:31:08 | 000,012,920 | -H-- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009,06,20 03:57:20 | 000,079,872 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009,06,20 03:56:48 | 000,042,472 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009,06,18 05:59:46 | 000,046,984 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009,06,12 07:05:04 | 000,626,688 | -H-- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2009,05,20 15:59:00 | 000,011,776 | -H-- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid)
DRV - [2008,04,25 12:16:00 | 000,005,632 | -H-- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAU&bmod=TSAU
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSAU&bmod=TSAU

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAU&bmod=TSAU
IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011,04,13 02:25:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011,05,04 14:52:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010,12,02 12:14:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\end user\AppData\Roaming\mozilla\Extensions
[2011,05,03 21:41:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\end user\AppData\Roaming\mozilla\Firefox\Profiles\hqzx4227.default\extensions
[2011,02,23 10:31:06 | 000,000,000 | -H-D | M] (Download Manager Tweak) -- C:\Users\end user\AppData\Roaming\mozilla\Firefox\Profiles\hqzx4227.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011,05,04 14:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011,04,13 02:25:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011,04,15 02:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010,01,01 18:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010,01,01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010,01,01 18:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010,01,01 18:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010,01,01 18:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-355442463-701767184-3524845949-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-21-355442463-701767184-3524845949-1004..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe (Abhmmth Figbdvr)
O4 - HKU\S-1-5-21-355442463-701767184-3524845949-1004..\Run: [swg] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\end user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009,06,11 07:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2e6bb4ca-fdb3-11df-9625-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{2e6bb4ca-fdb3-11df-9625-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2e6bb4d0-fdb3-11df-9625-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{2e6bb4d0-fdb3-11df-9625-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{788daf0e-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788daf0e-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{788db08f-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db08f-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{788db20e-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db20e-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{788db8d7-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db8d7-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{788db8da-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db8da-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dbc7ccab-fdd0-11df-9625-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc7ccab-fdd0-11df-9625-001e101fe5e1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{dbc7ccae-fdd0-11df-9625-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc7ccae-fdd0-11df-9625-001e101fe5e1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f640535e-a9ce-11df-982a-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{f640535e-a9ce-11df-982a-705ab6816c8d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f6405366-a9ce-11df-982a-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{f6405366-a9ce-11df-982a-705ab6816c8d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-355442463-701767184-3524845949-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\windows\system32\config\systemprofile\AppData\Local\kfi.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\windows\system32\config\systemprofile\AppData\Local\kfi.exe" -a "%1" %*
O37 - HKU\S-1-5-21-355442463-701767184-3524845949-1004\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011,05,06 11:23:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011,05,03 04:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\ERDNT
[2011,05,03 04:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011,05,03 04:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011,05,01 10:40:12 | 000,000,000 | -H-D | C] -- C:\Users\end user\AppData\Roaming\Malwarebytes
[2011,05,01 10:39:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011,05,01 10:39:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011,05,01 10:39:48 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011,05,01 10:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011,05,01 00:52:24 | 000,098,392 | -H-- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2011,05,01 00:52:24 | 000,027,984 | -H-- | C] (Sunbelt Software) -- C:\windows\System32\sbbd.exe
[2011,05,01 00:52:07 | 000,000,000 | -H-D | C] -- C:\VIPRERESCUE
[2011,05,01 00:37:47 | 007,734,240 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\end user\Desktop\mblam-setup.exe
[2011,04,29 12:11:24 | 000,000,000 | -H-D | C] -- C:\Users\end user\Desktop\HAND#
[2011,04,28 15:44:33 | 000,000,000 | ---D | C] -- C:\Users\end user\Documents\KPR
[2011,04,28 15:41:27 | 000,000,000 | ---D | C] -- C:\Users\end user\Documents\WiLDCATS
[2011,04,19 11:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageShack Uploader
[2011,04,18 23:56:57 | 000,000,000 | -H-D | C] -- C:\windows\Sun
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011,05,06 11:33:28 | 000,016,080 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011,05,06 11:33:28 | 000,016,080 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011,05,06 11:26:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011,05,06 10:40:00 | 000,000,920 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-355442463-701767184-3524845949-1004UA.job
[2011,05,06 07:41:43 | 114,228,425 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2011,05,05 14:41:17 | 000,000,868 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-355442463-701767184-3524845949-1004Core.job
[2011,05,04 14:52:46 | 000,002,021 | -H-- | M] () -- C:\Users\end user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011,05,04 14:52:20 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011,05,03 04:12:18 | 000,001,097 | ---- | M] () -- C:\Users\end user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011,05,03 04:11:40 | 000,000,917 | ---- | M] () -- C:\Users\end user\Desktop\NTREGOPT.lnk
[2011,05,03 04:11:40 | 000,000,898 | ---- | M] () -- C:\Users\end user\Desktop\ERUNT.lnk
[2011,05,01 22:56:39 | 000,711,442 | -H-- | M] () -- C:\windows\System32\perfh009.dat
[2011,05,01 22:56:39 | 000,139,504 | -H-- | M] () -- C:\windows\System32\perfc009.dat
[2011,05,01 00:38:44 | 000,000,000 | -H-- | M] () -- C:\Users\end user\Desktop\mbam-setup.exe
[2011,05,01 00:36:24 | 007,734,240 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\end user\Desktop\mblam-setup.exe
[2011,04,30 15:08:50 | 000,000,355 | -H-- | M] () -- C:\Users\end user\Desktop\BEAUCEPHELUS.lnk
[2011,04,29 12:32:14 | 000,000,939 | -H-- | M] () -- C:\Users\end user\IMAGES.lnk
[2011,04,26 02:58:53 | 000,000,112 | -H-- | M] () -- C:\ProgramData\aDRCIj.dat
[2011,04,20 00:55:38 | 000,212,355 | ---- | M] () -- C:\Users\end user\Documents\hayden's 1st birthday invite.jpg
[2011,04,19 16:31:13 | 000,017,408 | -H-- | M] () -- C:\Users\end user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011,04,18 10:56:22 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011,04,15 17:43:47 | 000,154,909 | -H-- | M] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2011,04,13 03:04:41 | 000,016,274 | ---- | M] () -- C:\Users\end user\Documents\SearchResults20110413.csv
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011,05,04 14:52:20 | 000,001,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011,05,04 14:52:20 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011,05,03 04:12:18 | 000,001,097 | ---- | C] () -- C:\Users\end user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011,05,03 04:11:40 | 000,000,917 | ---- | C] () -- C:\Users\end user\Desktop\NTREGOPT.lnk
[2011,05,03 04:11:40 | 000,000,898 | ---- | C] () -- C:\Users\end user\Desktop\ERUNT.lnk
[2011,05,01 00:38:44 | 000,000,000 | -H-- | C] () -- C:\Users\end user\Desktop\mbam-setup.exe
[2011,04,30 15:08:50 | 000,000,355 | -H-- | C] () -- C:\Users\end user\Desktop\BEAUCEPHELUS.lnk
[2011,04,29 12:32:14 | 000,000,939 | -H-- | C] () -- C:\Users\end user\IMAGES.lnk
[2011,04,26 02:58:53 | 000,000,112 | -H-- | C] () -- C:\ProgramData\aDRCIj.dat
[2011,04,20 00:50:55 | 000,212,355 | ---- | C] () -- C:\Users\end user\Documents\hayden's 1st birthday invite.jpg
[2011,04,18 11:26:24 | 000,017,408 | -H-- | C] () -- C:\Users\end user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011,04,18 10:56:22 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011,04,13 03:04:41 | 000,016,274 | ---- | C] () -- C:\Users\end user\Documents\SearchResults20110413.csv
[2010,03,11 16:37:27 | 000,000,000 | -H-- | C] () -- C:\windows\NDSTray.INI
[2010,03,11 16:22:35 | 000,073,728 | -H-- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010,03,11 16:15:54 | 000,000,852 | -H-- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat
[2010,03,11 16:15:54 | 000,000,520 | -H-- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2010,03,11 16:15:54 | 000,000,520 | -H-- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010,03,11 16:15:54 | 000,000,096 | -H-- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010,03,11 16:11:50 | 000,045,056 | -H-- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2009,11,13 21:08:56 | 000,040,588 | -H-- | C] () -- C:\windows\System32\nvcoproc.bin
[2009,08,03 18:21:54 | 000,197,912 | -H-- | C] () -- C:\windows\System32\physxcudart_20.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2009,08,03 18:21:52 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2009,08,03 18:21:52 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2009,07,14 14:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009,07,14 14:33:53 | 000,446,904 | -H-- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009,07,14 12:05:48 | 000,711,442 | -H-- | C] () -- C:\windows\System32\perfh009.dat
[2009,07,14 12:05:48 | 000,291,294 | -H-- | C] () -- C:\windows\System32\perfi009.dat
[2009,07,14 12:05:48 | 000,139,504 | -H-- | C] () -- C:\windows\System32\perfc009.dat
[2009,07,14 12:05:48 | 000,031,548 | -H-- | C] () -- C:\windows\System32\perfd009.dat
[2009,07,14 12:05:05 | 000,000,741 | -H-- | C] () -- C:\windows\System32\NOISE.DAT
[2009,07,14 12:04:11 | 000,215,943 | -H-- | C] () -- C:\windows\System32\dssec.dat
[2009,07,14 09:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009,07,14 09:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009,07,14 09:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009,06,11 07:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009,04,28 22:37:00 | 000,028,672 | -H-- | C] () -- C:\windows\System32\SPCtl.dll

========== LOP Check ==========

[2010,12,02 11:18:59 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\AVG10
[2011,05,01 00:46:04 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\foobar2000
[2010,07,01 08:45:38 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\Toshiba
[2010,06,06 04:14:07 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\Ulead Systems
[2011,04,29 16:32:29 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\uTorrent
[2010,08,17 17:23:29 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\Vodafone
[2010,04,18 04:23:43 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\WildTangent
[2011,02,05 19:17:43 | 000,000,000 | -H-D | M] -- C:\Users\XO\AppData\Roaming\AVG10
[2011,04,29 18:09:38 | 000,000,000 | -H-D | M] -- C:\Users\XO\AppData\Roaming\foobar2000
[2010,07,01 09:28:15 | 000,000,000 | -H-D | M] -- C:\Users\XO\AppData\Roaming\Toshiba
[2011,05,02 19:45:21 | 000,025,676 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#7
zzedexx

Posted 05 May 2011 - 07:55 PM

Member

Topic Starter
Member
37 posts

STEP 2 MBAM LOG:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6516

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2011,05,06 11:47:32
mbam-log-2011-05-06 (11-47-32).txt

Scan type: Quick scan
Objects scanned: 163802
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Spyware.Passwords.XGen) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Files Infected:
c:\Recycle.Bin\recycle.bin.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

#8
zzedexx

Posted 05 May 2011 - 08:04 PM

Member

Topic Starter
Member
37 posts

STEP 3 aswMBR LOG :

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-06 11:53:56
-----------------------------
11:53:56.813 OS Version: Windows 6.1.7600
11:53:56.813 Number of processors: 4 586 0x2502
11:53:56.813 ComputerName: BEUCEPHALUS UserName: end user
11:53:59.449 Initialize success
11:55:42.513 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0
11:55:42.517 Disk 0 Vendor: FUJITSU_ 0040 Size: 476940MB BusType: 3
11:55:42.519 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\JMCR1Port1Path0Target0Lun0
11:55:42.522 Disk 1 Vendor: JMCR____ Size: 7580MB BusType: 0
11:55:42.525 Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskFUJITSU_MJA2500BH_G2____________________00400018#4&c8505b5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
11:55:42.528 Disk 0 MBR read error 0
11:55:42.532 Disk 0 MBR scan
11:55:42.535 Disk 0 unknown MBR code
11:55:42.538 MBR BIOS signature not found 0
11:55:42.542 Disk 0 scanning sectors +953161728
11:55:42.546 Disk 0 scanning C:\windows\system32\drivers
11:55:48.425 Service scanning
11:55:51.436 Disk 0 trace - called modules:
11:55:51.441 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll >>UNKNOWN [0x8866f439]<<
11:55:51.478 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8864f030]
11:55:51.484 3 CLASSPNP.SYS[8bdde59e] -> nt!IofCallDriver -> \Device\THPDRV1[0x8864d1e8]
11:55:51.490 5 thpdrv.sys[8bfc799f] -> nt!IofCallDriver -> \IAAStorageDevice-1[0x86ac0028]
11:55:51.495 \Driver\iaStor[0x886532c8] -> IRP_MJ_CREATE -> 0x8866f439
11:55:51.502 Scan finished successfully
11:56:08.542 Disk 0 MBR has been saved successfully to "C:\Users\end user\Desktop\iN\MBR.dat"
11:56:08.549 The log file has been saved successfully to "C:\Users\end user\Desktop\iN\aswMBR.txt"

Edited by zzedexx, 05 May 2011 - 08:07 PM.

#9
zzedexx

Posted 05 May 2011 - 08:23 PM

Member

Topic Starter
Member
37 posts

STEP 4 - Any Other Problems

Hey Homburg,

Thank you very much for your excellent assistance so far!

I have run all scans and posted logs above.

No problems are obvious other than the fact that these pages were only loading 'limited' slow connection speed style up til just now..

I will let you know if i notice anything else.

uh ho..

just had my browser load up a new (random address) tab of it's own accord, so that issue still looks to be a problem :unsure:

Thanks again for your time n efforts to help fix things :yes:

Much Appreciated.

Cheers

Zed.

#10
Homburg

Posted 06 May 2011 - 10:57 AM

Trusted Helper

Malware Removal
665 posts

Hi Zed,

We've removed most of the malware but you have an infected MBR which we'll try and repair using TDSSkiller. If it's unable to do that do you have your Windows 7 disc handy? We may need it later.

Please do the following in the order I've listed:

========
Step 1
========

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

========
Step 2
========

Run OTL Posted Image

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKU\S-1-5-21-355442463-701767184-3524845949-1004..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe (Abhmmth Figbdvr)
O4 - HKU\S-1-5-21-355442463-701767184-3524845949-1004..\Run: [swg] File not found
O35 - HKU\S-1-5-21-355442463-701767184-3524845949-1004..exefile [open] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\windows\system32\config\systemprofile\AppData\Local\kfi.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\windows\system32\config\systemprofile\AppData\Local\kfi.exe" -a "%1" %*
O37 - HKU\S-1-5-21-355442463-701767184-3524845949-1004\...exe [@ = exefile] -- "%1" %*

:Services

:Reg

:Files
C:\windows\system32\config\systemprofile\AppData\Local\kfi.exe

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done and post the fix file.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

========
Step 3
========

Please remember to post:
TDSS log
OTL fix log
New OTL quick scan log

Homburg

Edited by Homburg, 06 May 2011 - 11:56 AM.

#11
zzedexx

Posted 06 May 2011 - 07:42 PM

Member

Topic Starter
Member
37 posts

Hey Homburg,

Thanks again..

Here are the new logs.

STEP 1 : TDSSKiller LOG :

2011/05/07 11:18:19.0012 1040 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/07 11:18:20.0085 1040 ================================================================================
2011/05/07 11:18:20.0085 1040 SystemInfo:
2011/05/07 11:18:20.0085 1040
2011/05/07 11:18:20.0085 1040 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/07 11:18:20.0085 1040 Product type: Workstation
2011/05/07 11:18:20.0086 1040 ComputerName: BEUCEPHALUS
2011/05/07 11:18:20.0086 1040 UserName: end user
2011/05/07 11:18:20.0086 1040 Windows directory: C:\windows
2011/05/07 11:18:20.0086 1040 System windows directory: C:\windows
2011/05/07 11:18:20.0086 1040 Processor architecture: Intel x86
2011/05/07 11:18:20.0086 1040 Number of processors: 4
2011/05/07 11:18:20.0086 1040 Page size: 0x1000
2011/05/07 11:18:20.0086 1040 Boot type: Safe boot with network
2011/05/07 11:18:20.0086 1040 ================================================================================
2011/05/07 11:18:20.0370 1040 Initialize success
2011/05/07 11:19:08.0815 1932 ================================================================================
2011/05/07 11:19:08.0815 1932 Scan started
2011/05/07 11:19:08.0815 1932 Mode: Manual;
2011/05/07 11:19:08.0815 1932 ================================================================================
2011/05/07 11:19:09.0569 1932 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/05/07 11:19:09.0740 1932 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/05/07 11:19:09.0901 1932 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/05/07 11:19:10.0059 1932 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/05/07 11:19:10.0183 1932 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/05/07 11:19:10.0360 1932 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/05/07 11:19:10.0594 1932 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/05/07 11:19:10.0837 1932 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
2011/05/07 11:19:10.0949 1932 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/05/07 11:19:11.0108 1932 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/05/07 11:19:11.0307 1932 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/05/07 11:19:11.0456 1932 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/05/07 11:19:11.0587 1932 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/05/07 11:19:11.0679 1932 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/05/07 11:19:11.0823 1932 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/05/07 11:19:11.0957 1932 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/05/07 11:19:12.0092 1932 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/05/07 11:19:12.0220 1932 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/05/07 11:19:12.0330 1932 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/05/07 11:19:12.0527 1932 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/05/07 11:19:12.0604 1932 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/05/07 11:19:12.0719 1932 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/05/07 11:19:12.0864 1932 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/05/07 11:19:13.0169 1932 AVGIDSDriver (1ca8e5fe74efd5826bbd76c0470e6ae4) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/05/07 11:19:13.0252 1932 AVGIDSEH (b9b6e535b9b49c463f68f4bcdd232944) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
2011/05/07 11:19:13.0415 1932 AVGIDSFilter (32a76fd3fc12d09c586730ef63b4b20b) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/05/07 11:19:13.0509 1932 AVGIDSShim (84431da40330cdfd84a7b92bcf0d4a05) C:\windows\system32\DRIVERS\AVGIDSShim.Sys
2011/05/07 11:19:13.0646 1932 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\windows\system32\DRIVERS\avgldx86.sys
2011/05/07 11:19:13.0789 1932 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\windows\system32\DRIVERS\avgmfx86.sys
2011/05/07 11:19:13.0893 1932 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\windows\system32\DRIVERS\avgrkx86.sys
2011/05/07 11:19:14.0048 1932 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\windows\system32\DRIVERS\avgtdix.sys
2011/05/07 11:19:14.0208 1932 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/05/07 11:19:14.0356 1932 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/05/07 11:19:14.0572 1932 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/05/07 11:19:14.0762 1932 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/05/07 11:19:14.0900 1932 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2011/05/07 11:19:14.0991 1932 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/05/07 11:19:15.0126 1932 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/05/07 11:19:15.0257 1932 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/05/07 11:19:15.0372 1932 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/05/07 11:19:15.0485 1932 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/05/07 11:19:15.0564 1932 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/05/07 11:19:15.0739 1932 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/05/07 11:19:15.0975 1932 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/05/07 11:19:16.0126 1932 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/05/07 11:19:16.0286 1932 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/05/07 11:19:16.0411 1932 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/05/07 11:19:16.0592 1932 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/05/07 11:19:16.0702 1932 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/05/07 11:19:16.0809 1932 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/05/07 11:19:16.0942 1932 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/05/07 11:19:17.0065 1932 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/05/07 11:19:17.0234 1932 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/05/07 11:19:17.0506 1932 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/05/07 11:19:17.0657 1932 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/05/07 11:19:17.0825 1932 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/05/07 11:19:18.0005 1932 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/05/07 11:19:18.0127 1932 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\windows\System32\drivers\dxgkrnl.sys
2011/05/07 11:19:18.0368 1932 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/05/07 11:19:18.0695 1932 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/05/07 11:19:18.0824 1932 enecir (f13c945115b8a8c7c4427d5925f88f23) C:\windows\system32\DRIVERS\enecir.sys
2011/05/07 11:19:18.0923 1932 enecirhid (65bf24816c2814596253f312dd35f171) C:\windows\system32\DRIVERS\enecirhid.sys
2011/05/07 11:19:19.0007 1932 enecirhidma (97d41e2831ac117af9bf8d0d9e9d027f) C:\windows\system32\DRIVERS\enecirhidma.sys
2011/05/07 11:19:19.0135 1932 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/05/07 11:19:19.0374 1932 ewusbnet (01fd440c181c2e2f993ccf7b677701e8) C:\windows\system32\DRIVERS\ewusbnet.sys
2011/05/07 11:19:19.0466 1932 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/05/07 11:19:19.0555 1932 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/05/07 11:19:19.0707 1932 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/05/07 11:19:19.0928 1932 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/05/07 11:19:20.0017 1932 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/05/07 11:19:20.0139 1932 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/05/07 11:19:20.0264 1932 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/05/07 11:19:20.0432 1932 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/05/07 11:19:20.0576 1932 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/05/07 11:19:20.0668 1932 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\windows\system32\DRIVERS\fvevol.sys
2011/05/07 11:19:20.0763 1932 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/05/07 11:19:20.0954 1932 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/05/07 11:19:21.0018 1932 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/05/07 11:19:21.0140 1932 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/05/07 11:19:21.0219 1932 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
2011/05/07 11:19:21.0405 1932 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/05/07 11:19:21.0536 1932 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/05/07 11:19:21.0627 1932 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/05/07 11:19:21.0819 1932 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/05/07 11:19:22.0084 1932 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/05/07 11:19:22.0231 1932 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/05/07 11:19:22.0422 1932 hwdatacard (988c0a49f09d75d3341cb419141793c1) C:\windows\system32\DRIVERS\ewusbmdm.sys
2011/05/07 11:19:22.0505 1932 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/05/07 11:19:22.0911 1932 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/05/07 11:19:23.0087 1932 iaStor (d5edb998656e6ecf1a17c78dab019a3c) C:\windows\system32\DRIVERS\iaStor.sys
2011/05/07 11:19:23.0221 1932 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/05/07 11:19:23.0359 1932 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/05/07 11:19:23.0606 1932 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\windows\system32\DRIVERS\Impcd.sys
2011/05/07 11:19:23.0870 1932 IntcAzAudAddService (2c314284938e308da50d49e50404d9fc) C:\windows\system32\drivers\RTKVHDA.sys
2011/05/07 11:19:24.0035 1932 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/05/07 11:19:24.0154 1932 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/05/07 11:19:24.0282 1932 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/05/07 11:19:24.0440 1932 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/05/07 11:19:24.0579 1932 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/05/07 11:19:24.0694 1932 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/05/07 11:19:24.0787 1932 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/05/07 11:19:24.0914 1932 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/05/07 11:19:25.0108 1932 JMCR (4a08d508bbba09b6177133c42c480cc0) C:\windows\system32\DRIVERS\jmcr.sys
2011/05/07 11:19:25.0193 1932 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/05/07 11:19:25.0298 1932 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/05/07 11:19:25.0437 1932 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/05/07 11:19:25.0562 1932 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
2011/05/07 11:19:25.0864 1932 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/05/07 11:19:26.0082 1932 LPCFilter (6adab14d7ad12b35bdc665b35278099b) C:\windows\system32\DRIVERS\LPCFilter.sys
2011/05/07 11:19:26.0189 1932 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/05/07 11:19:26.0279 1932 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/05/07 11:19:26.0370 1932 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/05/07 11:19:26.0446 1932 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/05/07 11:19:26.0551 1932 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/05/07 11:19:26.0673 1932 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/05/07 11:19:26.0798 1932 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/05/07 11:19:26.0952 1932 mod7700 (8aeeb5397543568860c6f681e2ed6686) C:\windows\system32\Drivers\dvb7700all.sys
2011/05/07 11:19:27.0064 1932 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/05/07 11:19:27.0223 1932 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/05/07 11:19:27.0363 1932 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/05/07 11:19:27.0480 1932 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/05/07 11:19:27.0591 1932 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/05/07 11:19:27.0717 1932 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/05/07 11:19:27.0859 1932 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/05/07 11:19:27.0966 1932 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/05/07 11:19:28.0079 1932 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/05/07 11:19:28.0190 1932 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/05/07 11:19:28.0285 1932 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/05/07 11:19:28.0403 1932 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/05/07 11:19:28.0515 1932 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/05/07 11:19:28.0722 1932 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/05/07 11:19:28.0838 1932 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/05/07 11:19:28.0945 1932 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/05/07 11:19:29.0196 1932 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/05/07 11:19:29.0269 1932 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/05/07 11:19:29.0379 1932 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/05/07 11:19:29.0493 1932 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/05/07 11:19:29.0601 1932 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/05/07 11:19:29.0864 1932 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/05/07 11:19:29.0960 1932 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/05/07 11:19:30.0064 1932 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/05/07 11:19:30.0229 1932 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/05/07 11:19:30.0332 1932 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/05/07 11:19:30.0506 1932 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/05/07 11:19:30.0600 1932 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/05/07 11:19:30.0711 1932 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/05/07 11:19:30.0832 1932 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/05/07 11:19:30.0980 1932 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/05/07 11:19:31.0072 1932 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/05/07 11:19:31.0165 1932 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/05/07 11:19:31.0498 1932 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/05/07 11:19:31.0624 1932 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/05/07 11:19:31.0778 1932 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/05/07 11:19:31.0934 1932 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/05/07 11:19:32.0066 1932 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/05/07 11:19:32.0262 1932 NVHDA (a82534d453425f5fee4b6a583fdcf3eb) C:\windows\system32\drivers\nvhda32v.sys
2011/05/07 11:19:32.0526 1932 nvlddmkm (3ef3e53bb8b1a076ca0148e973dd5f8d) C:\windows\system32\DRIVERS\nvlddmkm.sys
2011/05/07 11:19:32.0821 1932 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/05/07 11:19:32.0923 1932 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/05/07 11:19:33.0058 1932 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/05/07 11:19:33.0227 1932 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/05/07 11:19:33.0462 1932 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/05/07 11:19:33.0595 1932 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/05/07 11:19:33.0678 1932 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/05/07 11:19:33.0839 1932 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/05/07 11:19:33.0910 1932 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/05/07 11:19:34.0018 1932 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/05/07 11:19:34.0205 1932 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/05/07 11:19:34.0289 1932 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/05/07 11:19:34.0585 1932 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
2011/05/07 11:19:34.0945 1932 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/05/07 11:19:35.0030 1932 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/05/07 11:19:35.0194 1932 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/05/07 11:19:35.0310 1932 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/05/07 11:19:35.0453 1932 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/05/07 11:19:35.0565 1932 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/05/07 11:19:35.0669 1932 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/05/07 11:19:35.0812 1932 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/05/07 11:19:35.0960 1932 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/05/07 11:19:36.0089 1932 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/05/07 11:19:36.0202 1932 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/05/07 11:19:36.0317 1932 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/05/07 11:19:36.0421 1932 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/05/07 11:19:36.0534 1932 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/05/07 11:19:36.0712 1932 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/05/07 11:19:36.0879 1932 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/05/07 11:19:37.0012 1932 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/05/07 11:19:37.0122 1932 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/05/07 11:19:37.0385 1932 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/05/07 11:19:37.0562 1932 RTL8167 (bcebd5d1aabce4efb7597635e347c44b) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/05/07 11:19:37.0737 1932 rtl8192se (44b7739f2d623ad6fb46755bb60351a4) C:\windows\system32\DRIVERS\rtl8192se.sys
2011/05/07 11:19:37.0967 1932 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/05/07 11:19:38.0151 1932 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\windows\system32\drivers\SBREdrv.sys
2011/05/07 11:19:38.0256 1932 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/05/07 11:19:38.0468 1932 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\windows\system32\DRIVERS\sdbus.sys
2011/05/07 11:19:38.0621 1932 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/05/07 11:19:38.0835 1932 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/05/07 11:19:38.0958 1932 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/05/07 11:19:39.0067 1932 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/05/07 11:19:39.0256 1932 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/05/07 11:19:39.0365 1932 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/05/07 11:19:39.0474 1932 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/05/07 11:19:39.0587 1932 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/05/07 11:19:39.0779 1932 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/05/07 11:19:39.0889 1932 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/05/07 11:19:40.0008 1932 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/05/07 11:19:40.0160 1932 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/05/07 11:19:40.0303 1932 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/05/07 11:19:40.0580 1932 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\windows\system32\DRIVERS\srv.sys
2011/05/07 11:19:40.0705 1932 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\windows\system32\DRIVERS\srv2.sys
2011/05/07 11:19:40.0855 1932 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\windows\system32\DRIVERS\srvnet.sys
2011/05/07 11:19:41.0012 1932 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/05/07 11:19:41.0139 1932 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/05/07 11:19:41.0324 1932 SynTP (6da97d6b6de6326eba8ab8291ab41a09) C:\windows\system32\DRIVERS\SynTP.sys
2011/05/07 11:19:41.0588 1932 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\windows\system32\drivers\tcpip.sys
2011/05/07 11:19:41.0788 1932 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\windows\system32\DRIVERS\tcpip.sys
2011/05/07 11:19:41.0945 1932 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/05/07 11:19:42.0097 1932 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/05/07 11:19:42.0204 1932 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/05/07 11:19:42.0324 1932 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/05/07 11:19:42.0462 1932 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/05/07 11:19:42.0542 1932 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/05/07 11:19:42.0719 1932 Thpdrv (9528f2a39cb660a49f0592d57127f370) C:\windows\system32\DRIVERS\thpdrv.sys
2011/05/07 11:19:42.0806 1932 Thpevm (e17dcde74ff00ca802643b4a9a4a4a5c) C:\windows\system32\DRIVERS\Thpevm.SYS
2011/05/07 11:19:43.0266 1932 tosporte (90afa1a4451bbbee87c9f18a665d8121) C:\windows\system32\DRIVERS\tosporte.sys
2011/05/07 11:19:43.0366 1932 tosrfbd (51d7f024a66814f8bee33e4be394a03e) C:\windows\system32\DRIVERS\tosrfbd.sys
2011/05/07 11:19:43.0523 1932 tosrfbnp (74392bab3f0d4810da8436ec79d6955d) C:\windows\system32\Drivers\tosrfbnp.sys
2011/05/07 11:19:43.0591 1932 Tosrfcom (1ad9eb1b5abd0aeee4084c8153476f1e) C:\windows\system32\Drivers\tosrfcom.sys
2011/05/07 11:19:43.0693 1932 tosrfec (9ee240f7029771b21cc6200be6516d60) C:\windows\system32\DRIVERS\tosrfec.sys
2011/05/07 11:19:43.0844 1932 Tosrfhid (a72a3473180f378cc07d342803ffd580) C:\windows\system32\DRIVERS\Tosrfhid.sys
2011/05/07 11:19:43.0951 1932 tosrfnds (b2a1a6538245fd69578224bbf2fd4677) C:\windows\system32\DRIVERS\tosrfnds.sys
2011/05/07 11:19:44.0058 1932 TosRfSnd (f1ca74cca8241d8b8a024aecc643c547) C:\windows\system32\drivers\tosrfsnd.sys
2011/05/07 11:19:44.0219 1932 Tosrfusb (cab2ab2916dcb86df6ae034f319c0238) C:\windows\system32\DRIVERS\tosrfusb.sys
2011/05/07 11:19:44.0322 1932 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
2011/05/07 11:19:44.0570 1932 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/05/07 11:19:44.0751 1932 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/05/07 11:19:44.0900 1932 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/05/07 11:19:44.0974 1932 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/05/07 11:19:45.0087 1932 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/05/07 11:19:45.0234 1932 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/05/07 11:19:45.0512 1932 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/05/07 11:19:45.0650 1932 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/05/07 11:19:45.0769 1932 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/05/07 11:19:45.0930 1932 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/05/07 11:19:46.0070 1932 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/05/07 11:19:46.0189 1932 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/05/07 11:19:46.0301 1932 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/05/07 11:19:46.0404 1932 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/05/07 11:19:46.0514 1932 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/05/07 11:19:46.0643 1932 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/05/07 11:19:46.0727 1932 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/05/07 11:19:46.0900 1932 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\system32\Drivers\usbvideo.sys
2011/05/07 11:19:47.0126 1932 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/05/07 11:19:47.0237 1932 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/05/07 11:19:47.0338 1932 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/05/07 11:19:47.0451 1932 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/05/07 11:19:47.0562 1932 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/05/07 11:19:47.0660 1932 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/05/07 11:19:47.0762 1932 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/05/07 11:19:47.0920 1932 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/05/07 11:19:48.0049 1932 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/05/07 11:19:48.0175 1932 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/05/07 11:19:48.0298 1932 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/05/07 11:19:48.0423 1932 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/05/07 11:19:48.0573 1932 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/05/07 11:19:48.0733 1932 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2011/05/07 11:19:48.0875 1932 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/05/07 11:19:48.0986 1932 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/05/07 11:19:49.0075 1932 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/05/07 11:19:49.0298 1932 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/05/07 11:19:49.0395 1932 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/05/07 11:19:49.0717 1932 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/05/07 11:19:49.0828 1932 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/05/07 11:19:50.0200 1932 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
2011/05/07 11:19:50.0290 1932 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/05/07 11:19:50.0573 1932 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/05/07 11:19:50.0849 1932 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/05/07 11:19:50.0989 1932 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/05/07 11:19:51.0610 1932 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/07 11:19:51.0637 1932 ================================================================================
2011/05/07 11:19:51.0637 1932 Scan finished
2011/05/07 11:19:51.0637 1932 ================================================================================
2011/05/07 11:19:51.0719 1244 Detected object count: 1
2011/05/07 11:20:12.0888 1244 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/07 11:20:12.0888 1244 \HardDisk0 - ok
2011/05/07 11:20:12.0888 1244 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/07 11:21:18.0369 1680 Deinitialize success

#12
zzedexx

Posted 06 May 2011 - 07:43 PM

Member

Topic Starter
Member
37 posts

STEP 2 - OTL FIX LOG :

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-355442463-701767184-3524845949-1004\Software\Microsoft\Windows\CurrentVersion\Run\\4E3E0230AEBB4E96 not found.
File C:\Recycle.Bin\Recycle.Bin.exe not found.
Registry value HKEY_USERS\S-1-5-21-355442463-701767184-3524845949-1004\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_USERS\S-1-5-21-355442463-701767184-3524845949-1004_Classes\exefile\shell\open\command\\'' updated successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-355442463-701767184-3524845949-1004_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-355442463-701767184-3524845949-1004_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\windows\system32\config\systemprofile\AppData\Local\kfi.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: end user
->Temp folder emptied: 2535 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50958925 bytes
->Flash cache emptied: 1381 bytes

User: Public

User: XO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 865952 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: end user
->Flash cache emptied: 0 bytes

User: Public

User: XO
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05072011_112546

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#13
zzedexx

Posted 06 May 2011 - 07:47 PM

Member

Topic Starter
Member
37 posts

STEP 3 - NEW OTL QUICKSCAN LOG :

OTL logfile created on: 2011,05,07 11:36:48 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\end user\Desktop\iN
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: yyyy,MM,dd

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.04 Gb Total Space | 67.09 Gb Free Space | 14.81% Space Free | Partition Type: NTFS

Computer Name: BEUCEPHALUS | User Name: end user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011,05,01 00:16:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\end user\Desktop\iN\jug.exe
PRC - [2011,04,15 02:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011,01,07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011,01,07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011,01,06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011,01,06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010,12,05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010,12,05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010,10,22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010,10,22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2009,11,22 01:52:16 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009,11,06 03:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009,11,06 03:15:02 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009,10,31 11:20:10 | 000,427,320 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
PRC - [2009,10,31 06:48:42 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009,10,31 06:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009,10,30 08:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009,10,30 08:08:34 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009,10,29 14:02:38 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2009,10,29 13:13:44 | 000,467,304 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2009,10,28 14:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009,10,27 04:15:40 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009,10,24 15:28:58 | 000,832,856 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2009,10,22 03:30:34 | 000,518,720 | -H-- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2009,10,07 03:23:12 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009,10,07 03:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009,10,03 07:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009,10,03 07:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009,10,01 13:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009,10,01 13:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009,09,29 08:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009,09,29 08:30:32 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe
PRC - [2009,07,30 10:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2009,07,29 09:43:04 | 000,128,344 | -H-- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009,07,29 08:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009,07,23 07:40:40 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009,07,22 05:43:44 | 000,701,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
PRC - [2009,07,14 11:14:44 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
PRC - [2009,07,14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009,07,14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009,07,14 11:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009,03,11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009,02,21 03:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009,01,14 15:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

========== Modules (SafeList) ==========

MOD - [2011,05,01 00:16:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\end user\Desktop\iN\jug.exe
MOD - [2009,07,14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2011,01,06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010,10,22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009,11,06 03:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009,10,31 06:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009,10,30 08:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009,10,28 14:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009,10,22 04:39:14 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009,10,22 03:30:34 | 000,518,720 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2009,10,07 03:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009,10,03 07:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009,10,01 13:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009,10,01 13:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009,09,29 08:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009,08,28 04:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009,07,29 09:43:04 | 000,128,344 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009,07,14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009,03,11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009,02,21 03:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

========== Driver Services (SafeList) ==========

DRV - [2010,12,08 04:12:38 | 000,251,728 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010,11,12 13:19:38 | 000,299,984 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010,11,09 14:56:12 | 000,098,392 | -H-- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010,09,13 15:27:54 | 000,025,680 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010,09,07 03:48:56 | 000,034,384 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010,09,07 03:48:50 | 000,026,064 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010,08,19 20:42:38 | 000,123,472 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010,08,19 20:42:38 | 000,030,288 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010,08,19 20:42:36 | 000,021,072 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009,11,14 09:07:04 | 009,927,176 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009,10,27 06:39:04 | 000,125,696 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009,10,03 07:33:24 | 000,862,208 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009,09,25 11:54:26 | 000,169,320 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009,09,24 04:25:18 | 000,120,432 | -H-- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009,09,18 06:54:14 | 000,041,088 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009,09,15 08:29:36 | 000,049,400 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009,09,10 15:31:48 | 000,102,912 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009,09,04 15:12:40 | 000,180,736 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009,08,22 07:24:04 | 000,066,592 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009,08,06 06:55:08 | 000,061,168 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009,07,31 15:02:34 | 000,036,208 | -H-- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009,07,31 11:45:56 | 000,022,912 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009,07,29 14:01:26 | 000,069,480 | -H-- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009,07,25 09:57:06 | 000,275,536 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009,07,25 05:31:58 | 000,021,608 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009,07,15 09:28:42 | 000,023,512 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009,07,14 16:13:10 | 000,015,216 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009,07,14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009,07,14 09:51:11 | 000,034,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009,07,14 08:13:48 | 001,035,776 | -H-- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009,06,30 10:16:22 | 000,013,120 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2009,06,30 04:25:24 | 000,030,272 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2009,06,30 04:17:00 | 000,059,904 | -H-- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2009,06,23 11:04:58 | 000,024,064 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009,06,20 13:31:08 | 000,012,920 | -H-- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009,06,20 03:57:20 | 000,079,872 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009,06,20 03:56:48 | 000,042,472 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009,06,18 05:59:46 | 000,046,984 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009,06,12 07:05:04 | 000,626,688 | -H-- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2009,05,20 15:59:00 | 000,011,776 | -H-- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid)
DRV - [2008,04,25 12:16:00 | 000,005,632 | -H-- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAU&bmod=TSAU
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSAU&bmod=TSAU

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAU&bmod=TSAU
IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011,04,13 02:25:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011,05,04 14:52:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010,12,02 12:14:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\end user\AppData\Roaming\mozilla\Extensions
[2011,05,03 21:41:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\end user\AppData\Roaming\mozilla\Firefox\Profiles\hqzx4227.default\extensions
[2011,02,23 10:31:06 | 000,000,000 | -H-D | M] (Download Manager Tweak) -- C:\Users\end user\AppData\Roaming\mozilla\Firefox\Profiles\hqzx4227.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011,05,04 14:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011,04,13 02:25:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011,04,15 02:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010,01,01 18:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010,01,01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010,01,01 18:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010,01,01 18:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010,01,01 18:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-355442463-701767184-3524845949-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware[2]\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\end user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009,06,11 07:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2e6bb4ca-fdb3-11df-9625-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{2e6bb4ca-fdb3-11df-9625-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2e6bb4d0-fdb3-11df-9625-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{2e6bb4d0-fdb3-11df-9625-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{788daf0e-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788daf0e-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{788db08f-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db08f-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{788db20e-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db20e-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{788db8d7-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db8d7-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{788db8da-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db8da-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dbc7ccab-fdd0-11df-9625-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc7ccab-fdd0-11df-9625-001e101fe5e1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{dbc7ccae-fdd0-11df-9625-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc7ccae-fdd0-11df-9625-001e101fe5e1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f640535e-a9ce-11df-982a-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{f640535e-a9ce-11df-982a-705ab6816c8d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f6405366-a9ce-11df-982a-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{f6405366-a9ce-11df-982a-705ab6816c8d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011,05,06 11:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2]
[2011,05,06 11:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2]
[2011,05,06 11:23:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011,05,03 04:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\ERDNT
[2011,05,03 04:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011,05,03 04:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011,05,01 10:40:12 | 000,000,000 | -H-D | C] -- C:\Users\end user\AppData\Roaming\Malwarebytes
[2011,05,01 10:39:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011,05,01 10:39:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011,05,01 10:39:48 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011,05,01 10:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011,05,01 00:52:24 | 000,098,392 | -H-- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2011,05,01 00:52:24 | 000,027,984 | -H-- | C] (Sunbelt Software) -- C:\windows\System32\sbbd.exe
[2011,05,01 00:52:07 | 000,000,000 | -H-D | C] -- C:\VIPRERESCUE
[2011,05,01 00:37:47 | 007,734,240 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\end user\Desktop\mblam-setup.exe
[2011,04,29 12:11:24 | 000,000,000 | -H-D | C] -- C:\Users\end user\Desktop\HAND#
[2011,04,28 15:44:33 | 000,000,000 | ---D | C] -- C:\Users\end user\Documents\KPR
[2011,04,28 15:41:27 | 000,000,000 | ---D | C] -- C:\Users\end user\Documents\WiLDCATS
[2011,04,19 11:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageShack Uploader
[2011,04,18 23:56:57 | 000,000,000 | -H-D | C] -- C:\windows\Sun
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011,05,07 11:34:22 | 000,016,080 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011,05,07 11:34:22 | 000,016,080 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011,05,07 11:32:28 | 114,319,240 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2011,05,07 11:26:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011,05,07 01:40:00 | 000,000,920 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-355442463-701767184-3524845949-1004UA.job
[2011,05,06 14:40:00 | 000,000,868 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-355442463-701767184-3524845949-1004Core.job
[2011,05,06 11:43:16 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011,05,04 14:52:46 | 000,002,021 | -H-- | M] () -- C:\Users\end user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011,05,04 14:52:20 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011,05,03 04:12:18 | 000,001,097 | ---- | M] () -- C:\Users\end user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011,05,03 04:11:40 | 000,000,917 | ---- | M] () -- C:\Users\end user\Desktop\NTREGOPT.lnk
[2011,05,03 04:11:40 | 000,000,898 | ---- | M] () -- C:\Users\end user\Desktop\ERUNT.lnk
[2011,05,01 22:56:39 | 000,711,442 | -H-- | M] () -- C:\windows\System32\perfh009.dat
[2011,05,01 22:56:39 | 000,139,504 | -H-- | M] () -- C:\windows\System32\perfc009.dat
[2011,05,01 00:38:44 | 000,000,000 | -H-- | M] () -- C:\Users\end user\Desktop\mbam-setup.exe
[2011,05,01 00:36:24 | 007,734,240 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\end user\Desktop\mblam-setup.exe
[2011,04,30 15:08:50 | 000,000,355 | -H-- | M] () -- C:\Users\end user\Desktop\BEAUCEPHELUS.lnk
[2011,04,29 12:32:14 | 000,000,939 | -H-- | M] () -- C:\Users\end user\IMAGES.lnk
[2011,04,26 02:58:53 | 000,000,112 | -H-- | M] () -- C:\ProgramData\aDRCIj.dat
[2011,04,20 00:55:38 | 000,212,355 | ---- | M] () -- C:\Users\end user\Documents\hayden's 1st birthday invite.jpg
[2011,04,19 16:31:13 | 000,017,408 | -H-- | M] () -- C:\Users\end user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011,04,18 10:56:22 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011,04,15 17:43:47 | 000,154,909 | -H-- | M] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2011,04,13 03:04:41 | 000,016,274 | ---- | M] () -- C:\Users\end user\Documents\SearchResults20110413.csv
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011,05,06 11:43:16 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011,05,04 14:52:20 | 000,001,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011,05,04 14:52:20 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011,05,03 04:12:18 | 000,001,097 | ---- | C] () -- C:\Users\end user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011,05,03 04:11:40 | 000,000,917 | ---- | C] () -- C:\Users\end user\Desktop\NTREGOPT.lnk
[2011,05,03 04:11:40 | 000,000,898 | ---- | C] () -- C:\Users\end user\Desktop\ERUNT.lnk
[2011,05,01 00:38:44 | 000,000,000 | -H-- | C] () -- C:\Users\end user\Desktop\mbam-setup.exe
[2011,04,30 15:08:50 | 000,000,355 | -H-- | C] () -- C:\Users\end user\Desktop\BEAUCEPHELUS.lnk
[2011,04,29 12:32:14 | 000,000,939 | -H-- | C] () -- C:\Users\end user\IMAGES.lnk
[2011,04,26 02:58:53 | 000,000,112 | -H-- | C] () -- C:\ProgramData\aDRCIj.dat
[2011,04,20 00:50:55 | 000,212,355 | ---- | C] () -- C:\Users\end user\Documents\hayden's 1st birthday invite.jpg
[2011,04,18 11:26:24 | 000,017,408 | -H-- | C] () -- C:\Users\end user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011,04,18 10:56:22 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011,04,13 03:04:41 | 000,016,274 | ---- | C] () -- C:\Users\end user\Documents\SearchResults20110413.csv
[2010,03,11 16:37:27 | 000,000,000 | -H-- | C] () -- C:\windows\NDSTray.INI
[2010,03,11 16:22:35 | 000,073,728 | -H-- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010,03,11 16:15:54 | 000,000,852 | -H-- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat
[2010,03,11 16:15:54 | 000,000,520 | -H-- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2010,03,11 16:15:54 | 000,000,520 | -H-- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010,03,11 16:15:54 | 000,000,096 | -H-- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010,03,11 16:11:50 | 000,045,056 | -H-- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2009,11,13 21:08:56 | 000,040,588 | -H-- | C] () -- C:\windows\System32\nvcoproc.bin
[2009,08,03 18:21:54 | 000,197,912 | -H-- | C] () -- C:\windows\System32\physxcudart_20.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2009,08,03 18:21:52 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2009,08,03 18:21:52 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2009,07,14 14:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009,07,14 14:33:53 | 000,446,904 | -H-- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009,07,14 12:05:48 | 000,711,442 | -H-- | C] () -- C:\windows\System32\perfh009.dat
[2009,07,14 12:05:48 | 000,291,294 | -H-- | C] () -- C:\windows\System32\perfi009.dat
[2009,07,14 12:05:48 | 000,139,504 | -H-- | C] () -- C:\windows\System32\perfc009.dat
[2009,07,14 12:05:48 | 000,031,548 | -H-- | C] () -- C:\windows\System32\perfd009.dat
[2009,07,14 12:05:05 | 000,000,741 | -H-- | C] () -- C:\windows\System32\NOISE.DAT
[2009,07,14 12:04:11 | 000,215,943 | -H-- | C] () -- C:\windows\System32\dssec.dat
[2009,07,14 09:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009,07,14 09:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009,07,14 09:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009,06,11 07:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009,04,28 22:37:00 | 000,028,672 | -H-- | C] () -- C:\windows\System32\SPCtl.dll

========== LOP Check ==========

[2010,12,02 11:18:59 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\AVG10
[2011,05,01 00:46:04 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\foobar2000
[2010,07,01 08:45:38 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\Toshiba
[2010,06,06 04:14:07 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\Ulead Systems
[2011,04,29 16:32:29 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\uTorrent
[2010,08,17 17:23:29 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\Vodafone
[2010,04,18 04:23:43 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\WildTangent
[2011,02,05 19:17:43 | 000,000,000 | -H-D | M] -- C:\Users\XO\AppData\Roaming\AVG10
[2011,04,29 18:09:38 | 000,000,000 | -H-D | M] -- C:\Users\XO\AppData\Roaming\foobar2000
[2010,07,01 09:28:15 | 000,000,000 | -H-D | M] -- C:\Users\XO\AppData\Roaming\Toshiba
[2011,05,07 01:35:57 | 000,026,674 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#14
zzedexx

Posted 06 May 2011 - 07:57 PM

Member

Topic Starter
Member
37 posts

i'm supposing there was somekinda win7 disc included when i bought this machine..
fingers xst i can find it!

since the first bunch of scans i was still getting the google redirects happen + even another bluescreen so figured there was more 'fun' in store..

hopefully will find the win7 cd b4 you tell me i need it! :unsure:

thanks again for helping

cheers

Zed

#15
zzedexx

Posted 06 May 2011 - 08:27 PM

Member

Topic Starter
Member
37 posts

hmm..

found the pack of manuals+disc but (typical) looks like i got bilked on the 'Product Recovery Media'

=> Windows XP Pro SP3

dunno what chance i'd have of getting win7 disc out've them if i went back there, but i can give it a try ..

let me kno if u think i need it

cheers

Zed