Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Top Of the range Laptop Slow as Dogs Balls

Started by sir32 , Jun 16 2011 05:56 AM

Please log in to reply

#1
sir32

Posted 16 June 2011 - 05:56 AM

New Member

Member
3 posts

hi Guys/Girls,
I Have spent really good money on a high power laptop and after 5 months it is running "SLOW AS DOGS BALLS" I'm at wits end and would really appriaciate any help. i am very computer savy so should be easy to fix i just don't have the knowledge/know how

i have run OTL and this is the log file i got:

OTL logfile created on: 6/16/2011 9:08:55 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = E:\downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.99 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.09% Memory free
15.98 Gb Paging File | 13.51 Gb Available in Paging File | 84.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 108.10 Gb Total Space | 22.83 Gb Free Space | 21.12% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.95 Gb Free Space | 97.46% Space Free | Partition Type: FAT
Drive E: | 463.76 Gb Total Space | 318.73 Gb Free Space | 68.73% Space Free | Partition Type: NTFS

Computer Name: SIR32-PC | User Name: SIR32 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/06/16 21:08:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\downloads\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 21:30:46 | 003,588,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgui.exe
PRC - [2011/04/09 18:03:34 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/02/10 19:53:16 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:04 | 000,580,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgcfgex.exe
PRC - [2010/11/30 18:44:07 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/09/09 19:26:00 | 005,251,072 | ---- | M] (Telstra) -- C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe
PRC - [2010/08/09 15:17:26 | 000,214,384 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Telstra\Mobile Broadband Manager\SwiApiMuxX.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- E:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2009/12/24 07:04:20 | 000,370,688 | ---- | M] (StarWind Software) -- e:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/11/06 14:02:04 | 002,717,024 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/10/29 03:45:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/10/03 05:56:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/03 05:56:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/07/29 12:56:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/06/30 09:50:42 | 001,811,728 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2009/03/11 11:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/02/03 11:37:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe
PRC - [2008/07/25 03:54:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/01/05 12:18:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (SafeList) ==========

MOD - [2011/06/16 21:08:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\downloads\OTL.exe
MOD - [2010/11/20 21:25:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/11 06:24:54 | 000,824,688 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/11/06 14:35:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/11/06 02:49:12 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/10/22 02:00:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/09/29 07:16:02 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/07/29 09:18:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 11:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/02/13 09:13:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2011/05/21 22:05:39 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/10 19:53:16 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/30 18:44:07 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/09/02 09:53:08 | 000,308,080 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/24 07:04:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- e:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/10/28 12:42:14 | 000,252,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/10/22 03:10:44 | 000,193,904 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/10/07 01:51:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/10/03 05:56:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/08/28 03:58:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/11 06:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/11 11:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/01/05 12:18:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/20 23:03:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:02:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:02:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 20:37:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:07:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/12 08:40:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/01 10:14:41 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/16 10:04:44 | 000,135,168 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2010/07/16 10:04:44 | 000,121,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/07/16 10:04:44 | 000,121,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/07/16 10:04:44 | 000,121,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/07/16 10:04:44 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010/07/15 07:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010/07/15 07:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/06/21 15:07:34 | 000,102,656 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swiwdmbusx64.sys -- (swiwdmbus)
DRV:64bit: - [2010/06/21 14:51:30 | 000,210,944 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV:64bit: - [2010/06/21 14:51:02 | 000,240,640 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV:64bit: - [2010/06/10 16:11:40 | 000,235,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2010/04/30 19:32:28 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2010/04/26 16:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/03/01 17:35:26 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV:64bit: - [2009/11/14 10:17:36 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/04 01:51:18 | 000,074,016 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2009/10/17 07:26:40 | 000,701,952 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/10/03 05:28:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/25 10:25:00 | 000,212,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009/09/15 07:00:26 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009/08/19 11:11:06 | 000,049,568 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
DRV:64bit: - [2009/08/06 05:26:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/07/31 13:52:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/31 10:50:18 | 000,281,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/29 12:32:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/25 08:27:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/25 04:03:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/15 08:01:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 14:42:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/14 11:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 08:46:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/30 02:55:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/23 09:36:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/20 11:45:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/20 02:30:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/20 02:29:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/18 04:31:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/16 06:28:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/11 06:08:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 11:07:14 | 000,376,848 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2009/05/28 11:07:14 | 000,061,712 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/04/17 13:21:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007/02/16 23:12:28 | 000,022,528 | ---- | M] (Christian Diefer) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fanio.sys -- (fanio)
DRV - [2010/07/15 07:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 07:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/01/27 10:45:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/27 10:45:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/27 10:45:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/12/28 15:03:40 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/04/29 10:59:52 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\massfilter.sys -- (massfilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/06/03 21:05:37 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/11 06:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ShoppingReport2) - {258C9770-1713-4021-8D7E-1F184A2BD754} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (SmartShopper Networks)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [reminder] C:\Program Files\TOSHIBA\TFMU\reminder.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe (Telstra)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [AlcoholAutomount] e:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [NoWindowsUpdate] Reg Error: Invalid data type. File not found
O4 - HKCU..\Run: [Steam] File not found
O4 - HKCU..\Run: [Windows86] File not found
O4 - Startup: C:\Users\SIR32\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (SmartShopper Networks)
O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (SmartShopper Networks)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.242.33 61.9.211.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/06 14:41:12 | 000,001,807 | ---- | M] () - D:\AUTOEXEC_SRV.BAT -- [ FAT ]
O32 - AutoRun File - [2009/08/06 09:06:38 | 000,000,863 | ---- | M] () - D:\autoexec.bat -- [ FAT ]
O32 - AutoRun File - [2000/03/31 14:12:28 | 000,000,000 | ---D | M] - D:\autodmi -- [ FAT ]
O32 - AutoRun File - [2009/06/11 07:12:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2a8558d7-5907-11e0-b13e-c80aa933b9df}\Shell - "" = AutoRun
O33 - MountPoints2\{2a8558d7-5907-11e0-b13e-c80aa933b9df}\Shell\AutoRun\command - "" = H:\WIN\setup.exe
O33 - MountPoints2\{2f9e5df4-449e-11e0-a4da-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{2f9e5df4-449e-11e0-a4da-00a0c6000000}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 20:55:09 | 000,000,000 | ---D | C] -- C:\Users\SIR32\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/16 20:54:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/04 20:37:03 | 000,000,000 | ---D | C] -- C:\Users\SIR32\AppData\Roaming\Apple Computer
[2011/06/04 20:37:03 | 000,000,000 | ---D | C] -- C:\Users\SIR32\AppData\Local\Apple Computer
[2011/06/04 20:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/04 20:36:54 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2011/06/04 20:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/04 20:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/04 20:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/06/04 20:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/06/04 20:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/06/04 20:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/06/04 20:36:25 | 000,000,000 | ---D | C] -- C:\Users\SIR32\AppData\Local\Apple
[2011/06/04 20:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/06/04 20:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/06/04 20:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/04 20:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/06/04 20:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/06/04 20:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/05/19 21:39:40 | 000,000,000 | ---D | C] -- C:\Users\SIR32\Documents\extension plans 22-7-10_electrical_files
[2011/05/19 21:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IMSIDesign TurboCAD Professional 15
[2011/05/19 21:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\IMSIDesign
[2011/05/19 21:31:58 | 000,000,000 | ---D | C] -- C:\Users\SIR32\Documents\TurboCAD 15
[2011/05/19 21:31:58 | 000,000,000 | ---D | C] -- C:\Users\SIR32\AppData\Roaming\IMSIDesign
[2011/04/26 19:55:49 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Users\SIR32\AppData\Local\cscript.exe
[2011/04/26 19:55:49 | 000,127,232 | ---- | C] (Microsoft Corporation) -- C:\Users\SIR32\AppData\Local\osppc.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/16 20:55:09 | 000,002,975 | ---- | M] () -- C:\Users\SIR32\Desktop\HiJackThis.lnk
[2011/06/16 18:21:20 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/16 18:21:20 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/16 18:19:54 | 005,665,082 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/06/16 18:19:54 | 002,663,334 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/06/16 18:19:54 | 000,005,152 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/06/16 18:19:45 | 118,700,261 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2011/06/16 18:14:16 | 000,017,920 | ---- | M] () -- C:\windows\SysNative\rpcnetp.exe
[2011/06/16 18:14:14 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\windows\SysWow64\rpcnet.dll
[2011/06/16 18:14:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/16 18:14:09 | 2138,415,103 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/03 21:05:37 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/06/01 16:28:01 | 000,266,400 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2011/06/01 16:28:01 | 000,266,400 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011/06/01 14:35:57 | 000,266,400 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2011/05/26 17:59:04 | 025,571,334 | ---- | M] () -- C:\Users\SIR32\Documents\Plan - Copy.bmp
[2011/05/23 20:13:09 | 000,000,000 | -H-- | M] () -- C:\Users\SIR32\Documents\Default.rdp
[2011/05/19 21:41:44 | 000,131,270 | ---- | M] () -- C:\Users\SIR32\Documents\electrical.xps
[2011/05/19 21:39:40 | 000,000,339 | ---- | M] () -- C:\Users\SIR32\Documents\extension plans 22-7-10_electrical.htm
[2011/05/19 21:34:37 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\TurboCAD Professional 15.lnk
[2011/05/19 20:24:30 | 000,183,152 | ---- | M] () -- C:\Users\SIR32\Documents\erin reg2.xps
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/16 20:55:09 | 000,002,975 | ---- | C] () -- C:\Users\SIR32\Desktop\HiJackThis.lnk
[2011/06/04 20:36:23 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/23 21:07:06 | 025,571,334 | ---- | C] () -- C:\Users\SIR32\Documents\Plan - Copy.bmp
[2011/05/23 20:13:09 | 000,000,000 | -H-- | C] () -- C:\Users\SIR32\Documents\Default.rdp
[2011/05/19 21:41:44 | 000,131,270 | ---- | C] () -- C:\Users\SIR32\Documents\electrical.xps
[2011/05/19 21:39:40 | 000,000,339 | ---- | C] () -- C:\Users\SIR32\Documents\extension plans 22-7-10_electrical.htm
[2011/05/19 21:34:37 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\TurboCAD Professional 15.lnk
[2011/05/19 20:24:30 | 000,183,152 | ---- | C] () -- C:\Users\SIR32\Documents\erin reg2.xps
[2011/04/26 19:55:49 | 002,945,485 | ---- | C] () -- C:\Users\SIR32\AppData\Local\tokensall.dat
[2011/04/26 19:55:49 | 000,143,360 | ---- | C] () -- C:\Users\SIR32\AppData\Local\PortQry.exe
[2011/04/26 19:55:49 | 000,052,704 | ---- | C] () -- C:\Users\SIR32\AppData\Local\regall.reg
[2011/04/26 19:55:49 | 000,049,377 | ---- | C] () -- C:\Users\SIR32\AppData\Local\ospp.vbs
[2011/04/26 19:55:49 | 000,033,019 | ---- | C] () -- C:\Users\SIR32\AppData\Local\slerror.xml
[2011/04/26 19:55:49 | 000,032,256 | ---- | C] () -- C:\Users\SIR32\AppData\Local\instsrv.exe
[2011/04/26 19:55:49 | 000,014,176 | ---- | C] () -- C:\Users\SIR32\AppData\Local\ospprearm.exe
[2011/04/26 19:55:49 | 000,008,192 | ---- | C] () -- C:\Users\SIR32\AppData\Local\srvany.exe
[2011/04/26 19:55:49 | 000,001,012 | ---- | C] () -- C:\Users\SIR32\AppData\Local\service.inf
[2011/04/26 19:55:49 | 000,000,796 | ---- | C] () -- C:\Users\SIR32\AppData\Local\hs_message.vbs
[2011/04/26 19:55:49 | 000,000,148 | ---- | C] () -- C:\Users\SIR32\AppData\Local\DisableService.reg
[2011/02/04 16:30:17 | 000,000,005 | ---- | C] () -- C:\Users\SIR32\AppData\Roaming\openList.awt
[2011/02/04 16:30:17 | 000,000,005 | ---- | C] () -- C:\Users\SIR32\AppData\Roaming\closedList.awt
[2010/11/28 09:55:38 | 002,217,088 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe
[2010/11/28 09:55:38 | 000,014,848 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll
[2010/11/28 09:55:37 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe
[2010/11/28 09:55:37 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys
[2010/11/28 09:55:37 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys
[2010/11/28 08:57:01 | 000,000,017 | ---- | C] () -- C:\Users\SIR32\AppData\Local\resmon.resmoncfg
[2010/09/18 18:41:33 | 000,266,400 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2010/09/18 18:41:32 | 002,434,856 | ---- | C] () -- C:\windows\SysWow64\pbsvc_bc2.exe
[2010/09/18 18:41:32 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2010/09/17 21:37:38 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/06/16 13:38:14 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/06/16 12:57:36 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.dll
[2010/06/16 12:57:24 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.exe
[2009/07/14 15:08:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 12:05:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 12:04:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 09:40:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 09:12:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/14 06:33:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/11 06:56:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/09/27 19:12:45 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\.minecraft
[2010/10/07 21:12:25 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\AVG10
[2011/05/19 21:31:58 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\IMSIDesign
[2010/09/17 21:35:38 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\Leadertech
[2010/12/24 22:25:29 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\Polynomial
[2010/09/17 20:18:07 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\Sierra Wireless
[2011/03/06 22:49:52 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\Toshiba
[2011/06/16 21:07:43 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\uTorrent
[2011/03/03 20:19:08 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\Vodafone
[2010/11/24 18:02:32 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\WildTangent
[2010/09/17 19:21:34 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\WinBatch
[2011/04/05 16:47:36 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Kind regards
Jake

Edited by sir32, 16 June 2011 - 05:58 AM.

#2
RKinner

Posted 16 June 2011 - 09:07 PM

Malware Expert

Expert
24,623 posts

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Open OTL again (Right click and Run As Administrator) and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Ron

#3
sir32

Posted 17 June 2011 - 05:57 AM

New Member

Topic Starter
Member
3 posts

hi RKinner,
thanks for your speedy reply
logs as requested
Malware Log
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6876

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

17/06/2011 9:02:43 PM
mbam-log-2011-06-17 (21-02-35).txt

Scan type: Quick scan
Objects scanned: 169115
Time elapsed: 1 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 36
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.
HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows86 (Trojan.Agent) -> Value: Windows86 -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\shoppingreport2 (Adware.ShoppingReport2) -> No action taken.
c:\program files (x86)\shoppingreport2\Bin (Adware.ShoppingReport2) -> No action taken.
c:\program files (x86)\shoppingreport2\Bin\2.7.34 (Adware.ShoppingReport2) -> No action taken.

Files Infected:
c:\program files (x86)\shoppingreport2\Bin\2.7.34\shoppingreport.dll (Adware.SmartShopper) -> No action taken.
c:\Users\SIR32\AppData\Local\Temp\mini-kms_activator_v1.053.exe (PUP.Hacktool.Office) -> No action taken.
c:\Users\SIR32\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> No action taken.
c:\program files (x86)\shoppingreport2\Uninst.exe (Adware.ShoppingReport2) -> No action taken.

Process Explorer Log
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 93.26 0 K 24 K
iexplore.exe 5412 1.98 158,324 K 144,252 K Internet Explorer Microsoft Corporation
procexp64.exe 6020 1.37 31,864 K 49,972 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
SynTPEnh.exe 3092 0.72 5,828 K 14,308 K Synaptics TouchPad Enhancements Synaptics Incorporated
iexplore.exe 6016 0.56 87,740 K 84,284 K Internet Explorer Microsoft Corporation
Interrupts n/a 0.56 0 K 0 K Hardware Interrupts and DPCs
FlashUtil10b.exe 6788 0.45 1,952 K 5,500 K Adobe Flash Player Helper 10.0 r22 Adobe Systems, Inc.
dwm.exe 3320 0.31 27,988 K 35,660 K Desktop Window Manager Microsoft Corporation
System 4 0.26 372 K 131,172 K
sidebar.exe 4180 0.19 66,280 K 63,784 K Windows Desktop Gadgets Microsoft Corporation
csrss.exe 816 0.11 3,152 K 7,472 K Client Server Runtime Process Microsoft Corporation
explorer.exe 3352 0.07 53,240 K 72,024 K Windows Explorer Microsoft Corporation
TelstraUCM.exe 4592 0.05 11,316 K 22,936 K Mobile Broadband Manager Telstra
G35.exe 4416 0.03 139,292 K 19,712 K Logitech© G35 Headset Logitech©
svchost.exe 136 0.02 6,168 K 11,464 K Host Process for Windows Services Microsoft Corporation
IAStorDataMgrSvc.exe 2496 0.01 20,804 K 16,676 K IAStorDataSvc Intel Corporation
services.exe 876 0.01 8,308 K 11,928 K Services and Controller app Microsoft Corporation
AVGIDSAgent.exe 2760 0.01 28,820 K 21,048 K AVG Identity Protection Service AVG Technologies CZ, s.r.o.
reader_sl.exe 4436 < 0.01 1,932 K 4,700 K Adobe Acrobat SpeedLauncher Adobe Systems Incorporated
avgwdsvc.exe 1980 < 0.01 10,552 K 19,904 K AVG Watchdog Service AVG Technologies CZ, s.r.o.
iPodService.exe 4968 < 0.01 4,264 K 8,492 K iPodService Module (64-bit) Apple Inc.
avgtray.exe 4428 < 0.01 8,604 K 1,992 K AVG Tray Monitor AVG Technologies CZ, s.r.o.
svchost.exe 1084 < 0.01 34,904 K 43,580 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1296 < 0.01 15,340 K 18,116 K Host Process for Windows Services Microsoft Corporation
SmartFaceVWatcher.exe 3680 < 0.01 6,652 K 9,840 K SmartFaceVWatcher TOSHIBA Corporation
SwiApiMuxX.exe 5084 < 0.01 2,016 K 5,476 K Sierra Wireless API MUX Sierra Wireless, Inc.
PnkBstrA.exe 1580 < 0.01 1,400 K 4,288 K
IAStorIcon.exe 4284 < 0.01 23,980 K 21,836 K IAStorIcon Intel Corporation
svchost.exe 1204 < 0.01 11,592 K 18,632 K Host Process for Windows Services Microsoft Corporation
svchost.exe 704 < 0.01 22,008 K 24,288 K Host Process for Windows Services Microsoft Corporation
StarWindServiceAE.exe 2144 < 0.01 3,060 K 5,932 K StarWind iSCSI Target (Alcohol Edition) StarWind Software
wmpnetwk.exe 5448 < 0.01 12,332 K 29,708 K Windows Media Player Network Sharing Service Microsoft Corporation
AppleMobileDeviceService.exe 1852 < 0.01 2,688 K 7,944 K MobileDeviceService Apple Inc.
SearchIndexer.exe 2456 < 0.01 18,692 K 7,920 K Microsoft Windows Search Indexer Microsoft Corporation
svchost.exe 1444 < 0.01 21,452 K 24,684 K Host Process for Windows Services Microsoft Corporation
AVGIDSMonitor.exe 4904 < 0.01 2,548 K 6,504 K
avgchsva.exe 436 < 0.01 39,124 K 2,016 K AVG Cache Server AVG Technologies CZ, s.r.o.
nvvsvc.exe 1924 < 0.01 6,880 K 14,056 K NVIDIA Driver Helper Service, Version 266.58 NVIDIA Corporation
iTunesHelper.exe 4620 < 0.01 6,356 K 13,608 K iTunesHelper Apple Inc.
avgrsa.exe 480 < 0.01 46,248 K 4,240 K AVG Resident Shield Service AVG Technologies CZ, s.r.o.
svchost.exe 4168 < 0.01 9,252 K 16,264 K Host Process for Windows Services Microsoft Corporation
TODDSrv.exe 2264 < 0.01 2,420 K 5,540 K TDCSrv Application TOSHIBA Corporation
csrss.exe 724 < 0.01 2,888 K 7,340 K Client Server Runtime Process Microsoft Corporation
iviRegMgr.exe 1272 < 0.01 1,380 K 4,268 K RegMgr Module InterVideo
NvXDSync.exe 1912 < 0.01 8,236 K 18,116 K NVIDIA User Experience Driver Component NVIDIA Corporation
WmiPrvSE.exe 1012 8,252 K 12,776 K WMI Provider Host Microsoft Corporation
WmiPrvSE.exe 3688 3,896 K 7,872 K WMI Provider Host Microsoft Corporation
winlogon.exe 1380 4,428 K 8,348 K Windows Logon Application Microsoft Corporation
wininit.exe 808 2,120 K 5,168 K Windows Start-Up Application Microsoft Corporation
TPwrMain.exe 3248 8,164 K 13,116 K TOSHIBA Power Saver TOSHIBA Corporation
TPCHWMsg.exe 3188 4,144 K 7,516 K TOSHIBA PC Health Monitor TOSHIBA Corporation
TPCHSrv.exe 1652 4,904 K 9,280 K TOSHIBA PC Health Monitor TOSHIBA Corporation
TosVolRegulator.exe 2072 6,944 K 6,068 K Toshiba Volume Regulator TOSHIBA Corporation
TosSmartSrv.exe 6860 3,648 K 8,216 K TosSmartSrv.exe TOSHIBA Corporation
TosSENotify.exe 3560 5,700 K 11,000 K TosSENotify.exe.mui TOSHIBA Corporation
TosReelTimeMonitor.exe 4116 2,972 K 7,400 K Monitor of TOSHIBA ReelTime TOSHIBA Corporation
TosNcCore.exe 4108 3,872 K 8,936 K Message Center TOSHIBA Corporation
TosCoSrv.exe 2296 3,992 K 6,412 K TOSHIBA Power Saver TOSHIBA Corporation
TosBtSrv.exe 4476 3,100 K 6,344 K TOSHIBA Bluetooth Service TOSHIBA CORPORATION
TosBtMng.exe 4228 8,256 K 12,988 K Bluetooth Manager TOSHIBA CORPORATION.
TosBtHSP.exe 1936 5,284 K 8,748 K TosBtHSP TOSHIBA CORPORATION.
TosBtHid.exe 3728 1,952 K 4,912 K TosBtHid TOSHIBA CORPORATION.
TosA2dp.exe 4260 5,488 K 8,932 K TosA2DP TOSHIBA CORPORATION.
ThpSrv.exe 2240 2,136 K 4,044 K TOSHIBA HDD Protection Service TOSHIBA Corporation
ThpSrv.exe 4000 2,852 K 6,176 K TOSHIBA HDD Protection Service TOSHIBA Corporation
TecoService.exe 2392 3,384 K 6,512 K TOSHIBA eco Utility Service TOSHIBA Corporation
Teco.exe 3748 4,048 K 8,088 K TOSHIBA eco Utility TOSHIBA Corporation
TCrdMain.exe 3668 18,288 K 27,412 K TOSHIBA Flash Cards TOSHIBA Corporation
TCrdKBB.exe 4912 2,448 K 4,500 K TCrdKBB Application
taskhost.exe 3208 9,244 K 10,788 K Host Process for Windows Tasks Microsoft Corporation
taskeng.exe 5612 3,224 K 7,232 K Task Scheduler Engine Microsoft Corporation
SynTPHelper.exe 3628 2,340 K 4,364 K Synaptics Pointing Device Helper Synaptics Incorporated
SwiCardDetect64.exe 2188 4,128 K 8,440 K Sierra Wireless Inc Card Detect Service Sierra Wireless, Inc.
svchost.exe 744 6,444 K 10,412 K Host Process for Windows Services Microsoft Corporation
svchost.exe 6076 12,244 K 14,916 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1052 15,412 K 26,976 K Host Process for Windows Services Microsoft Corporation
svchost.exe 5284 2,976 K 6,376 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2164 2,448 K 5,984 K Host Process for Windows Services Microsoft Corporation
sppsvc.exe 6856 3,040 K 8,492 K Microsoft Software Protection Platform Service Microsoft Corporation
spoolsv.exe 1644 12,096 K 18,016 K Spooler SubSystem App Microsoft Corporation
smss.exe 336 764 K 1,448 K Windows Session Manager Microsoft Corporation
SmoothView.exe 1848 2,320 K 4,220 K SmoothView TOSHIBA Corporation
rundll32.exe 3956 2,732 K 7,236 K Windows host process (Rundll32) Microsoft Corporation
rpcnet.exe 2084 2,272 K 6,032 K rpcnet Absolute Software Corp.
o2flash.exe 1324 1,100 K 3,528 K O2 Flash Memory Service O2Micro International
nvvsvc.exe 472 3,500 K 8,396 K NVIDIA Driver Helper Service, Version 266.58 NVIDIA Corporation
NDSTray.exe 5380 8,740 K 7,400 K ConfigFree Task Tray Menu TOSHIBA CORPORATION
mDNSResponder.exe 2008 2,192 K 5,932 K Bonjour Service Apple Inc.
mbamservice.exe 3880 90,436 K 32,960 K Malwarebytes' Anti-Malware Malwarebytes Corporation
mbamgui.exe 4632 2,880 K 7,648 K Malwarebytes' Anti-Malware Malwarebytes Corporation
lsm.exe 892 3,352 K 5,112 K Local Session Manager Service Microsoft Corporation
lsass.exe 884 5,424 K 12,484 K Local Security Authority Process Microsoft Corporation
jusched.exe 4564 1,528 K 4,328 K Java™ Update Scheduler Sun Microsystems, Inc.
iexplore.exe 5960 11,168 K 24,628 K Internet Explorer Microsoft Corporation
HDMICtrlMan.exe 4068 7,516 K 15,880 K HDMICtrlMan.exe TOSHIBA Corporation.
HCMSoundChanger.exe 1504 2,196 K 6,764 K SoundChanger.exe TOSHIBA Corporation.
dllhost.exe 3264 3,176 K 6,656 K COM Surrogate Microsoft Corporation
CFSwMgr.exe 5832 4,304 K 8,224 K ConfigFree Switch Manager Process TOSHIBA CORPORATION
CFSvcs.exe 6800 2,100 K 1,132 K ConfigFree Service Process TOSHIBA CORPORATION
CFIWmxSvcs64.exe 4148 2,116 K 4,216 K ConfigFree Service Process TOSHIBA CORPORATION
cAudioFilterAgent64.exe 4056 3,256 K 6,792 K Conexant High Definition Audio Filter Agent Conexant Systems, Inc.
avgnsa.exe 2612 16,032 K 1,108 K AVG Online Shield Service AVG Technologies CZ, s.r.o.
audiodg.exe 1160 17,312 K 17,692 K Windows Audio Device Graph Isolation Microsoft Corporation

Vew System Log
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/06/2011 9:10:37 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/06/2011 11:33:52 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

VEW Application Log
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/06/2011 9:12:13 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/06/2011 11:40:30 AM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 17/06/2011 11:40:30 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL LOG (quick Scan)
OTL logfile created on: 6/17/2011 9:22:49 PM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = E:\downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.99 Gb Total Physical Memory | 5.68 Gb Available Physical Memory | 71.10% Memory free
15.98 Gb Paging File | 13.31 Gb Available in Paging File | 83.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 108.10 Gb Total Space | 22.84 Gb Free Space | 21.13% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.95 Gb Free Space | 97.46% Space Free | Partition Type: FAT
Drive E: | 463.76 Gb Total Space | 318.71 Gb Free Space | 68.72% Space Free | Partition Type: NTFS

Computer Name: SIR32-PC | User Name: SIR32 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/06/16 21:08:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\downloads\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 19:53:16 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/11/30 18:44:07 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/09/09 19:26:00 | 005,251,072 | ---- | M] (Telstra) -- C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe
PRC - [2010/08/09 15:17:26 | 000,214,384 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Telstra\Mobile Broadband Manager\SwiApiMuxX.exe
PRC - [2009/12/24 07:04:20 | 000,370,688 | ---- | M] (StarWind Software) -- e:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/11/06 14:02:04 | 002,717,024 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/10/29 03:45:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/10/03 05:56:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/03 05:56:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/07/30 09:12:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2009/07/29 12:56:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/06/30 09:50:42 | 001,811,728 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2009/06/09 07:04:58 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009/06/04 08:03:14 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/03/11 11:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/02/03 11:37:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe
PRC - [2008/07/25 03:54:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/01/05 12:18:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (SafeList) ==========

MOD - [2011/06/16 21:08:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\downloads\OTL.exe
MOD - [2010/11/20 21:25:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/11 06:24:54 | 000,824,688 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/11/06 14:35:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/11/06 02:49:12 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/10/22 02:00:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/09/29 07:16:02 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/07/29 09:18:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 11:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/02/13 09:13:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/21 22:05:39 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/10 19:53:16 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/30 18:44:07 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/09/02 09:53:08 | 000,308,080 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/24 07:04:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- e:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/10/28 12:42:14 | 000,252,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/10/22 03:10:44 | 000,193,904 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/10/07 01:51:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/10/03 05:56:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/08/28 03:58:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/11 06:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/11 11:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/01/05 12:18:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/20 23:03:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:02:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:02:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 20:37:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:07:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/12 08:40:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/01 10:14:41 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/16 10:04:44 | 000,135,168 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2010/07/16 10:04:44 | 000,121,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/07/16 10:04:44 | 000,121,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/07/16 10:04:44 | 000,121,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/07/16 10:04:44 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010/07/15 07:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010/07/15 07:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/06/21 15:07:34 | 000,102,656 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swiwdmbusx64.sys -- (swiwdmbus)
DRV:64bit: - [2010/06/21 14:51:30 | 000,210,944 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV:64bit: - [2010/06/21 14:51:02 | 000,240,640 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV:64bit: - [2010/06/10 16:11:40 | 000,235,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2010/04/30 19:32:28 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2010/04/26 16:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/03/01 17:35:26 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV:64bit: - [2009/11/14 10:17:36 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/04 01:51:18 | 000,074,016 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2009/10/17 07:26:40 | 000,701,952 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/10/03 05:28:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/25 10:25:00 | 000,212,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009/09/15 07:00:26 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009/08/19 11:11:06 | 000,049,568 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
DRV:64bit: - [2009/08/06 05:26:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/07/31 13:52:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/31 10:50:18 | 000,281,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/29 12:32:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/25 08:27:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/25 04:03:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/15 08:01:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 14:42:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/14 11:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 08:46:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/30 02:55:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/23 09:36:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/20 11:45:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/20 02:30:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/20 02:29:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/18 04:31:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/16 06:28:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/11 06:08:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 11:07:14 | 000,376,848 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2009/05/28 11:07:14 | 000,061,712 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/04/17 13:21:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007/02/16 23:12:28 | 000,022,528 | ---- | M] (Christian Diefer) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fanio.sys -- (fanio)
DRV - [2010/07/15 07:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 07:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/01/27 10:45:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/27 10:45:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/27 10:45:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/12/28 15:03:40 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/04/29 10:59:52 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\massfilter.sys -- (massfilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/06/03 21:05:37 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/11 06:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [reminder] C:\Program Files\TOSHIBA\TFMU\reminder.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe (Telstra)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [AlcoholAutomount] e:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [NoWindowsUpdate] Reg Error: Invalid data type. File not found
O4 - HKCU..\Run: [Steam] File not found
O4 - Startup: C:\Users\SIR32\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.242.33 61.9.134.49
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/06 14:41:12 | 000,001,807 | ---- | M] () - D:\AUTOEXEC_SRV.BAT -- [ FAT ]
O32 - AutoRun File - [2009/08/06 09:06:38 | 000,000,863 | ---- | M] () - D:\autoexec.bat -- [ FAT ]
O32 - AutoRun File - [2000/03/31 14:12:28 | 000,000,000 | ---D | M] - D:\autodmi -- [ FAT ]
O32 - AutoRun File - [2009/06/11 07:12:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2a8558d7-5907-11e0-b13e-c80aa933b9df}\Shell - "" = AutoRun
O33 - MountPoints2\{2a8558d7-5907-11e0-b13e-c80aa933b9df}\Shell\AutoRun\command - "" = H:\WIN\setup.exe
O33 - MountPoints2\{2f9e5df4-449e-11e0-a4da-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{2f9e5df4-449e-11e0-a4da-00a0c6000000}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 20:57:34 | 000,000,000 | ---D | C] -- C:\Users\SIR32\AppData\Roaming\Malwarebytes
[2011/06/17 20:57:27 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/17 20:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/17 20:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/17 20:57:24 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/06/16 20:55:09 | 000,000,000 | ---D | C] -- C:\Users\SIR32\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/16 20:54:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/04 20:37:03 | 000,000,000 | ---D | C] -- C:\Users\SIR32\AppData\Roaming\Apple Computer
[2011/06/04 20:37:03 | 000,000,000 | ---D | C] -- C:\Users\SIR32\AppData\Local\Apple Computer
[2011/06/04 20:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/04 20:36:54 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2011/06/04 20:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/04 20:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/04 20:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/06/04 20:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/06/04 20:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/06/04 20:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/06/04 20:36:25 | 000,000,000 | ---D | C] -- C:\Users\SIR32\AppData\Local\Apple
[2011/06/04 20:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/06/04 20:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/06/04 20:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/04 20:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/06/04 20:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/06/04 20:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/05/19 21:39:40 | 000,000,000 | ---D | C] -- C:\Users\SIR32\Documents\extension plans 22-7-10_electrical_files
[2011/05/19 21:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IMSIDesign TurboCAD Professional 15
[2011/05/19 21:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\IMSIDesign
[2011/05/19 21:31:58 | 000,000,000 | ---D | C] -- C:\Users\SIR32\Documents\TurboCAD 15
[2011/05/19 21:31:58 | 000,000,000 | ---D | C] -- C:\Users\SIR32\AppData\Roaming\IMSIDesign
[2011/04/26 19:55:49 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Users\SIR32\AppData\Local\cscript.exe
[2011/04/26 19:55:49 | 000,127,232 | ---- | C] (Microsoft Corporation) -- C:\Users\SIR32\AppData\Local\osppc.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 21:11:50 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 21:11:50 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 21:10:33 | 005,699,270 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/06/17 21:10:33 | 002,680,682 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/06/17 21:10:33 | 000,005,152 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/06/17 21:04:46 | 000,017,920 | ---- | M] () -- C:\windows\SysNative\rpcnetp.exe
[2011/06/17 21:04:44 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\windows\SysWow64\rpcnet.dll
[2011/06/17 21:04:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/17 21:04:39 | 2138,415,103 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/17 20:57:27 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/17 20:40:57 | 118,878,779 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2011/06/16 20:55:09 | 000,002,975 | ---- | M] () -- C:\Users\SIR32\Desktop\HiJackThis.lnk
[2011/06/03 21:05:37 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/06/01 16:28:01 | 000,266,400 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2011/06/01 16:28:01 | 000,266,400 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011/06/01 14:35:57 | 000,266,400 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/05/26 17:59:04 | 025,571,334 | ---- | M] () -- C:\Users\SIR32\Documents\Plan - Copy.bmp
[2011/05/23 20:13:09 | 000,000,000 | -H-- | M] () -- C:\Users\SIR32\Documents\Default.rdp
[2011/05/19 21:41:44 | 000,131,270 | ---- | M] () -- C:\Users\SIR32\Documents\electrical.xps
[2011/05/19 21:39:40 | 000,000,339 | ---- | M] () -- C:\Users\SIR32\Documents\extension plans 22-7-10_electrical.htm
[2011/05/19 21:34:37 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\TurboCAD Professional 15.lnk
[2011/05/19 20:24:30 | 000,183,152 | ---- | M] () -- C:\Users\SIR32\Documents\erin reg2.xps
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/17 20:57:27 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/16 20:55:09 | 000,002,975 | ---- | C] () -- C:\Users\SIR32\Desktop\HiJackThis.lnk
[2011/06/04 20:36:23 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/23 21:07:06 | 025,571,334 | ---- | C] () -- C:\Users\SIR32\Documents\Plan - Copy.bmp
[2011/05/23 20:13:09 | 000,000,000 | -H-- | C] () -- C:\Users\SIR32\Documents\Default.rdp
[2011/05/19 21:41:44 | 000,131,270 | ---- | C] () -- C:\Users\SIR32\Documents\electrical.xps
[2011/05/19 21:39:40 | 000,000,339 | ---- | C] () -- C:\Users\SIR32\Documents\extension plans 22-7-10_electrical.htm
[2011/05/19 21:34:37 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\TurboCAD Professional 15.lnk
[2011/05/19 20:24:30 | 000,183,152 | ---- | C] () -- C:\Users\SIR32\Documents\erin reg2.xps
[2011/04/26 19:55:49 | 002,945,485 | ---- | C] () -- C:\Users\SIR32\AppData\Local\tokensall.dat
[2011/04/26 19:55:49 | 000,143,360 | ---- | C] () -- C:\Users\SIR32\AppData\Local\PortQry.exe
[2011/04/26 19:55:49 | 000,052,704 | ---- | C] () -- C:\Users\SIR32\AppData\Local\regall.reg
[2011/04/26 19:55:49 | 000,049,377 | ---- | C] () -- C:\Users\SIR32\AppData\Local\ospp.vbs
[2011/04/26 19:55:49 | 000,033,019 | ---- | C] () -- C:\Users\SIR32\AppData\Local\slerror.xml
[2011/04/26 19:55:49 | 000,032,256 | ---- | C] () -- C:\Users\SIR32\AppData\Local\instsrv.exe
[2011/04/26 19:55:49 | 000,014,176 | ---- | C] () -- C:\Users\SIR32\AppData\Local\ospprearm.exe
[2011/04/26 19:55:49 | 000,008,192 | ---- | C] () -- C:\Users\SIR32\AppData\Local\srvany.exe
[2011/04/26 19:55:49 | 000,001,012 | ---- | C] () -- C:\Users\SIR32\AppData\Local\service.inf
[2011/04/26 19:55:49 | 000,000,796 | ---- | C] () -- C:\Users\SIR32\AppData\Local\hs_message.vbs
[2011/04/26 19:55:49 | 000,000,148 | ---- | C] () -- C:\Users\SIR32\AppData\Local\DisableService.reg
[2011/02/04 16:30:17 | 000,000,005 | ---- | C] () -- C:\Users\SIR32\AppData\Roaming\openList.awt
[2011/02/04 16:30:17 | 000,000,005 | ---- | C] () -- C:\Users\SIR32\AppData\Roaming\closedList.awt
[2010/11/28 09:55:38 | 002,217,088 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe
[2010/11/28 09:55:38 | 000,014,848 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll
[2010/11/28 09:55:37 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe
[2010/11/28 09:55:37 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys
[2010/11/28 09:55:37 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys
[2010/11/28 08:57:01 | 000,000,017 | ---- | C] () -- C:\Users\SIR32\AppData\Local\resmon.resmoncfg
[2010/09/18 18:41:33 | 000,266,400 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2010/09/18 18:41:32 | 002,434,856 | ---- | C] () -- C:\windows\SysWow64\pbsvc_bc2.exe
[2010/09/18 18:41:32 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2010/09/17 21:37:38 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/06/16 13:38:14 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/06/16 12:57:36 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.dll
[2010/06/16 12:57:24 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.exe
[2009/07/14 15:08:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 12:05:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 12:04:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 09:40:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 09:12:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/14 06:33:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/11 06:56:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/09/27 19:12:45 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\.minecraft
[2010/10/07 21:12:25 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\AVG10
[2011/05/19 21:31:58 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\IMSIDesign
[2010/09/17 21:35:38 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\Leadertech
[2010/12/24 22:25:29 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\Polynomial
[2010/09/17 20:18:07 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\Sierra Wireless
[2011/03/06 22:49:52 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\Toshiba
[2011/06/16 21:46:09 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\uTorrent
[2011/03/03 20:19:08 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\Vodafone
[2010/11/24 18:02:32 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\WildTangent
[2010/09/17 19:21:34 | 000,000,000 | ---D | M] -- C:\Users\SIR32\AppData\Roaming\WinBatch
[2011/04/05 16:47:36 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

The run scan with the extra registry didn't produce a log file
thanks very much for your help
i thought my computer was pretty clean but obviously not
and could you pleas tell me what your looking for in thes logs to help me fix the computer in the future

Kind Regards
Jake

#4
RKinner

Posted 17 June 2011 - 06:38 AM

Malware Expert

Expert
24,623 posts

When you ran MBAM you missed a step:

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

Please do it over. It mostly found adware but it did find a trojan
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows86 (Trojan.Agent) -> Value: Windows86 -> No action taken."
"c:\Users\SIR32\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> No action taken."

I thought you would be clean too but your are not. The other checks will reveal other non-malware problems but I'm not seeing any.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

#5
sir32

Posted 19 June 2011 - 07:04 AM

New Member

Topic Starter
Member
3 posts

Hi Ron,
Scanned with malware again nothing came up.

scanned with online eset and nothing came up.

and i couldn't get bit defender to work.

any other idea's?

regards
Jake

#6
RKinner

Posted 19 June 2011 - 08:21 AM

Malware Expert

Expert
24,623 posts

Please post the latest MBAM log even if it says it found nothing.

Start, All Programs, then Accessories.
Right-click Command Prompt, and then click Run as administrator.
At the command prompt, type lodctr /r, and then press ENTER.

That should fix the one error we saw in the events log.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Check the Device Manager for problems:
(Start) then rightclick on My Computer and select Manage. Then Device Manager.
click on each of the + marks to open each item. Look for yellow marked items and
uninstall them or delete them and reboot. Do they come back with yellow marks?

Check for a bad program:
Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator. Type
msconfig
followed by an Enter.
Go to the Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. If it doesn't run faster then go back into msconfig and recheck the
things you turned off. If it helps then go back and turn on a few items each
time (and reboot) until you find the culprit.

Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool.
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.