IRP Hook Rootkit found by AVG

Posted 3 years, 338 days ago in Virus & Malware Removal by TJB60

This has cropped up lately and I don't think I have ever seen this report before.

"Detection name";"IRP hook, \Driver\iaStor IRP_MJ_INTERNAL_DEVICE_CONTROL -> SbCeCd.SYS +0x275C"

Does "internal device control" reference suggest it might be something benign and on the system for a function

OR it might not!

This is the only thing showing (except some tracking cookies from sites) and is not removed and healed by the AVG

Help please

Thanks

TJB

Join or Log in to Reply

Page 1 of 110 Replies
RichieUK 36762 posts Moderators
Posted 3 years, 338 days ago

Welcome :)
If you require help please follow the steps in the link below.
READ AND FOLLOW THESE STEPS BEFORE POSTING:
http://tweaks.com/forum/Topic4303-29-1.aspx

___________________________________________________________


http://www.getfirefox.net




TJB60 7 posts Forum Members
Posted 3 years, 338 days ago

Part one

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-25 10:13:52
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.12.0
Running: jr5p5vf1.exe; Driver: C:\Users\TREVOR~1\AppData\Local\Temp\fxrorpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x94F70780]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x94F70830]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x94F708D0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x94F70970]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A90599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB4F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82ABC9F8 4 Bytes [80, 07, F7, 94] {ADD BYTE [EDI], 0xf7; XCHG ESP, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82ABCCC8 8 Bytes [30, 08, F7, 94, D0, 08, F7, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 82ABCD3C 4 Bytes [70, 09, F7, 94]
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88DA2000, 0x3C849, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88DE7000, 0x3DC, 0x48000040]
? C:\Windows\System32\Drivers\SafeBoot.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1512] ole32.dll!OleLoadFromStream 76835BF6 5 Bytes JMP 5E97F621 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!CreateWindowExW 75F90E51 5 Bytes JMP 6BFB818F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxIndirectParamW 75FB4AA7 5 Bytes JMP 6C0DFE70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxParamW 75FB564A 5 Bytes JMP 6BED4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxParamA 75FCCF6A 5 Bytes JMP 6C0DFE0D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxIndirectParamA 75FCD29C 5 Bytes JMP 6C0DFED3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxIndirectA 75FDE8C9 5 Bytes JMP 6C0DFDA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxIndirectW 75FDE9C3 5 Bytes JMP 6C0DFD37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxExA 75FDEA29 5 Bytes JMP 6C0DFCD5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxExW 75FDEA4D 5 Bytes JMP 6C0DFC73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!UnhookWindowsHookEx 75F8CC7B 5 Bytes JMP 6BFC83A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!CallNextHookEx 75F8CC8F 5 Bytes JMP 6BFA9D8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!CreateWindowExW 75F90E51 5 Bytes JMP 6BFB818F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!SetWindowsHookExW 75F9210A 5 Bytes JMP 6BF64643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxIndirectParamW 75FB4AA7 5 Bytes JMP 6C0DFE70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxParamW 75FB564A 5 Bytes JMP 6BED4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxParamA 75FCCF6A 5 Bytes JMP 6C0DFE0D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxIndirectParamA 75FCD29C 5 Bytes JMP 6C0DFED3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxIndirectA 75FDE8C9 5 Bytes JMP 6C0DFDA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxIndirectW 75FDE9C3 5 Bytes JMP 6C0DFD37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxExA 75FDEA29 5 Bytes JMP 6C0DFCD5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxExW 75FDEA4D 5 Bytes JMP 6C0DFC73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ole32.dll!OleLoadFromStream 76835BF6 5 Bytes JMP 6C0E01C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ole32.dll!CoCreateInstance 7688590C 5 Bytes JMP 6BFB8C7D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4116] USER32.dll!UnhookWindowsHookEx 75F8CC7B 5 Bytes JMP 6BFC83A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4116] USER32.dll!CallNextHookEx 75F8CC8F 5 Bytes JMP 6BFA9D8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4116] USER32.dll!CreateWindowExW 75F90E51 5 Bytes JMP 6BFB818F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4116] USER32.dll!SetWindowsHookExW 75F9210A 5 Bytes JMP 6BF64643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4116] USER32.dll!DialogBoxIndirectParamW 75FB4AA7 5 Bytes JMP 6C0DFE70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4116] USER32.dll!DialogBoxParamW 75FB564A 5 Bytes JMP 6BED4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4116] USER32.dll!DialogBoxParamA 75FCCF6A 5 Bytes JMP 6C0DFE0D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4116] USER32.dll!DialogBoxIndirectParamA 75FCD29C 5 Bytes JMP 6C0DFED3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4116] USER32.dll!MessageBoxIndirectA 75FDE8C9 5 Bytes JMP 6C0DFDA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4116] USER32.dll!MessageBoxIndirectW 75FDE9C3 5 Bytes JMP 6C0DFD37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4116] USER32.dll!MessageBoxExA 75FDEA29 5 Bytes JMP 6C0DFCD5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4116] USER32.dll!MessageBoxExW 75FDEA4D 5 Bytes JMP 6C0DFC73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4116] ole32.dll!OleLoadFromStream 76835BF6 5 Bytes JMP 6C0E01C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4116] ole32.dll!CoCreateInstance 7688590C 5 Bytes JMP 6BFB8C7D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1512] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [749C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1512] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [749C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1512] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [749C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1512] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [749C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1512] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [61024F42] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1512] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [749C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1512] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [749C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1512] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [749C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----

TJB60 7 posts Forum Members
Posted 3 years, 338 days ago


DDS (Ver_10-12-12.02) - NTFSx86
Run by Trevor Burridge at 10:19:26.49 on 25/01/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.1913.648 [GMT 0:00]

AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Unipass\Securemail Client\ppauxsrv.exe
C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Unipass\Securemail Client\ppSrv.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Unipass\Securemail Client\bin\TmecSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
C:\Program Files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe
C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Unipass\Securemail Client\pptray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFHE.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Users\Trevor Burridge\Desktop\dds.com
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bbc.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ppBHOReader Class: {ac36ab03-0c7b-4363-a48e-342b7419337c} - c:\program files\unipass\securemail client\ppBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [EPSON BX310FN Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifhe.exe /fu "c:\windows\temp\E_S93E6.tmp" /EF "HKCU"
uRun: [EPSON7C56CF] c:\windows\system32\spool\drivers\w32x86\3\e_fatifhe.exe /fu "c:\windows\temp\E_S2980.tmp" /EF "HKCU"
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaReminder.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [SafeBootTrayManager] "c:\program files\safeboot tray manager\SbTrayManager.exe"
mRun: [SafeBootTokenWatcher] "c:\program files\mcafee\endpoint encryption for pc\SbTokWatch.exe"
mRun: [SbCeCore] "c:\program files\mcafee\endpoint encryption for files and folders\SbCeCore.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Private Post Tray v4] "c:\program files\unipass\securemail client\ppTray.exe"
dRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
Trusted Zone: nationwide-intermediary.co.uk\www
Trusted Zone: uk.com\exweb.exchange
Trusted Zone: unipass.co.uk
DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxps://download.yahoo.com/dl/installs/bt/yregucfg.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} - hxxp://exweb.exchange.uk.com/clientBinaries/VersionInfo.CAB
DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} - hxxp://exweb.exchange.uk.com/ClientBinaries/pvcalctl.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} - hxxp://exweb.exchange.uk.com/ClientBinaries/pvdate2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} - hxxp://exweb.exchange.uk.com/clientBinaries/pvdt70.CAB
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = SbNp scecli

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 MfeEERM;MfeEERM;c:\windows\system32\drivers\MfeEERM.sys [2009-11-30 157256]
R0 SBAlg;SBAlg;c:\windows\system32\drivers\SbAlg.sys [2010-3-21 44976]
R0 SBAlg00;SBAlg00;c:\windows\system32\drivers\SbAlg00.sys [2009-6-4 7472]
R0 SBAlg01;SBAlg01;c:\windows\system32\drivers\SbAlg01.sys [2009-6-4 7728]
R0 SBAlg11;SBAlg11;c:\windows\system32\drivers\SbAlg11.sys [2009-6-4 22992]
R0 SBAlg12;SBAlg12;c:\windows\system32\drivers\SbAlg12.sys [2009-6-4 45040]
R0 SbCe;SbCe;c:\windows\system32\drivers\SbCe.sys [2009-11-30 502344]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-12-11 6496]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [2009-12-11 33328]
R1 SbFlop;SbFlop;c:\windows\system32\drivers\SbFlop.sys [2009-12-11 34480]
R1 SbRegFlt;SbRegFlt;c:\windows\system32\drivers\SbRegFlt.sys [2009-12-11 14664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 ppAuxSrv;ppAuxSrv;c:\program files\unipass\securemail client\ppauxsrv.exe [2010-9-14 91568]
R2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\mcafee\endpoint encryption for pc\SbClientManager.exe [2009-12-11 380988]
R2 SbCeCoreService;McAfee Endpoint Encryption Core Service;c:\program files\mcafee\endpoint encryption for files and folders\SbCeCoreService.exe [2009-11-30 154440]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-3-14 24064]
R3 ppSrv;ppSrv;c:\program files\unipass\securemail client\ppSrv.exe [2010-9-14 79256]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-4 167936]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]
R3 SbCeCd;SbCeCd;c:\windows\system32\drivers\SbCeCd.sys [2009-11-30 84192]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-3-14 51512]
R3 TmecSrv;TmecSrv;c:\program files\unipass\securemail client\bin\TmecSrv.exe [2010-9-14 76176]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2010-5-11 124368]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-16 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]

=============== Created Last 30 ================

2011-01-22 10:52:50 -------- d-----w- c:\program files\Trend Micro
2011-01-20 16:22:45 -------- d-----w- c:\users\trevor~1\appdata\roaming\ieSpell
2011-01-20 16:22:17 -------- d-----w- c:\program files\ieSpell

==================== Find3M ====================

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:36 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:36:16 801792 ----a-w- c:\windows\system32\FntCache.dll
2010-11-02 04:35:51 1074176 ----a-w- c:\windows\system32\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- c:\windows\system32\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:23:44 107520 ----a-w- c:\windows\system32\cdd.dll

============= FINISH: 10:19:45.10 ===============

RichieUK 36762 posts Moderators
Posted 3 years, 338 days ago

**Important**
First of all for anyone else reading this topic other than this topic starter should read on.
Please note that some of the instructions given in this topic may be customized for this particular computer only,and could possibly cause problems if used on another computer with different issues.


Ok,lets make a start:
If you don't know or understand anything posted by myself in this topic,please don't hesitate to ask,i'm here to help.
Please DO NOT run any other tools,fixes or scans etc while i'm helping you,this could complicate the malware removal process.


Download MBRCheck to your desktop.
* Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
* It will show a black screen with some data on it.
* A report called MBRcheckxxxx.txt will be on your desktop
* Open this report and post its content in your next reply.


* Please download TDSSKiller.zip and save it to your desktop.
* Extract the zip file to your desktop (Very important its located there!).
* Click on Start > Run copy and paste the following bold text into the "Open:" space, then press Enter
"%userprofile%\desktop\tdsskiller.exe" -l report.txt
* When its finished press any key to continue.
* If needed reboot the computer.
It will produce a text file (report.txt) on your desktop.
Post the entire contents of that file into your next reply.


Download Security Check by screen317 and save it to your Desktop.
Double-click on SecurityCheck.exe and follow the on-screen instructions inside the black box.
Notepad should open a file named checkup.txt.
Copy and paste the entire contents of that file into your next reply.


**Important**
First backup the Windows Registry using Erunt by following the steps in the link below:
How to backup Windows Registry using ERUNT.

* Download OTL by OldTimer, saving it to your desktop.
* Close all open windows on the Task Bar.
* Double click on the OTL icon to run it,if running Vista or Win 7,right click on the icon and select 'Run as Administrator'.
* When the window appears,checkmark the boxes beside LOP Check and Purity Check.
* Under the Standard Registry box change it to All.
* Copy ALL the text in the code box below to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

netsvc
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

* Return to OTListIt, right click in the "Custom Scans/Fixes" window (under the light blue bar) and choose Paste.
* Click the "Run Scan" button. Do not change any settings unless otherwise told to do so. The scan wont take long.
* When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
* Please copy and paste the entire contents of OTL.Txt and Extras.Txt into your next reply.


Post the following in your next reply:

The contents of MBRcheckxxxx.txt
The contents of report.txt from the TDSSKiller scan.
The contents of checkup.txt from the Security Check scan.
The contents of OTL.txt and Extras.txt

___________________________________________________________


http://www.getfirefox.net




TJB60 7 posts Forum Members
Posted 3 years, 338 days ago

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite Pro L450
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 175):
0x82A13000 \SystemRoot\system32\ntkrnlpa.exe
0x82E23000 \SystemRoot\system32\halmacpi.dll
0x80BB3000 \SystemRoot\system32\kdcom.dll
0x88423000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8849B000 \SystemRoot\system32\PSHED.dll
0x884AC000 \SystemRoot\system32\BOOTVID.dll
0x884B4000 \SystemRoot\system32\CLFS.SYS
0x884F6000 \SystemRoot\system32\CI.dll
0x88616000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88687000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88695000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x886DD000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x886E6000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x886EE000 \SystemRoot\system32\DRIVERS\pci.sys
0x88718000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x88723000 \SystemRoot\System32\drivers\partmgr.sys
0x88734000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8873C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88747000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x88757000 \SystemRoot\System32\drivers\volmgrx.sys
0x887A2000 \SystemRoot\System32\drivers\mountmgr.sys
0x887B8000 \SystemRoot\system32\DRIVERS\pciide.sys
0x887BF000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8883C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x88916000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8891F000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x88942000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8894C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x88955000 \SystemRoot\System32\Drivers\SBAlg.sys
0x88960000 \SystemRoot\System32\Drivers\SBAlg00.sys
0x88962000 \SystemRoot\System32\Drivers\SBAlg01.sys
0x88964000 \SystemRoot\System32\Drivers\SBAlg11.sys
0x8896A000 \SystemRoot\System32\Drivers\SBAlg12.sys
0x88975000 \SystemRoot\system32\drivers\fltmgr.sys
0x889A9000 \SystemRoot\system32\drivers\fileinfo.sys
0x889BA000 \SystemRoot\System32\Drivers\MfeEERM.sys
0x88A1A000 \SystemRoot\System32\Drivers\SbCe.sys
0x88A93000 \SystemRoot\System32\Drivers\SbFsLock.sys
0x88A95000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88BC4000 \SystemRoot\System32\Drivers\msrpc.sys
0x88A00000 \SystemRoot\System32\Drivers\ksecdd.sys
0x885A1000 \SystemRoot\System32\Drivers\cng.sys
0x88BEF000 \SystemRoot\System32\drivers\pcw.sys
0x889DF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x88C2D000 \SystemRoot\system32\drivers\ndis.sys
0x88CE4000 \SystemRoot\system32\drivers\NETIO.SYS
0x88D22000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x88D47000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x88D50000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x88D8F000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x88D94000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x88DDB000 \SystemRoot\System32\Drivers\spldr.sys
0x88DE3000 \SystemRoot\System32\Drivers\SafeBoot.sys
0x88C00000 \SystemRoot\System32\drivers\rdyboost.sys
0x889E8000 \SystemRoot\System32\Drivers\mup.sys
0x889F8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x88800000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x887CD000 \SystemRoot\system32\DRIVERS\disk.sys
0x88E23000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x88E48000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x88E4D000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x88F4F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88F6E000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x88F7A000 \SystemRoot\System32\Drivers\Null.SYS
0x88F81000 \SystemRoot\System32\Drivers\Beep.SYS
0x88F88000 \SystemRoot\System32\drivers\vga.sys
0x88F94000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x88FB5000 \SystemRoot\System32\drivers\watchdog.sys
0x88FC2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x88FCA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x88FD2000 \SystemRoot\system32\drivers\rdprefmp.sys
0x88FDA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x88FE5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8DC05000 \SystemRoot\System32\drivers\tcpip.sys
0x8DD4E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8DD7F000 \SystemRoot\system32\DRIVERS\avgfwd6x.sys
0x8DD90000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DDA7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DDB2000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8E620000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E652000 \SystemRoot\system32\drivers\afd.sys
0x8E6AC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8E6B3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E6D2000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8E6E3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E6F1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E704000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E714000 \SystemRoot\System32\Drivers\SbRegFlt.SYS
0x8E71B000 \SystemRoot\System32\Drivers\SbFlop.SYS
0x8E724000 \SystemRoot\System32\Drivers\RsvLock.SYS
0x8E72D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E76E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E778000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E782000 \SystemRoot\System32\drivers\discache.sys
0x8E78E000 \SystemRoot\system32\drivers\csc.sys
0x8E600000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E7F2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8F206000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8F242000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8FC20000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x90247000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x902FE000 \SystemRoot\System32\drivers\dxgmms1.sys
0x90337000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90342000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9038D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9039C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x903BB000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x8F263000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x903E7000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x903F1000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8FC0A000 \SystemRoot\System32\Drivers\SbCeCd.SYS
0x8F377000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F37D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F38F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8F39C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8F3AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F3C6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F3D1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x88E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x887DE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x88400000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F3F3000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x88FF3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x88600000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x903FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F42C000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F460000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F46E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F4B2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90415000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x906B1000 \SystemRoot\system32\drivers\portcls.sys
0x906E0000 \SystemRoot\system32\drivers\drmk.sys
0x906F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x906FD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90715000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90748000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9074A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90761000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90785000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x9078B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F4C3000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x90798000 \SystemRoot\System32\Drivers\dump_SbHiber.sys
0x90799000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x95980000 \SystemRoot\System32\win32k.sys
0x907AA000 \SystemRoot\System32\drivers\Dxapi.sys
0x907B4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95BE0000 \SystemRoot\System32\TSDDD.dll
0x95820000 \SystemRoot\System32\cdd.dll
0x907BF000 \SystemRoot\system32\drivers\luafv.sys
0x907DA000 \SystemRoot\system32\drivers\WudfPf.sys
0x90400000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8F59D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8F5E3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8F400000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x907F4000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x88E56000 \SystemRoot\system32\drivers\HTTP.sys
0x8F413000 \SystemRoot\system32\DRIVERS\bowser.sys
0x88EDB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x88EED000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x88F10000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x98E25000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x98E58000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0x98E61000 \SystemRoot\system32\drivers\peauth.sys
0x98EF8000 \SystemRoot\System32\Drivers\fastfat.SYS
0x98F22000 \SystemRoot\System32\Drivers\secdrv.SYS
0x98F2C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x98F4D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x98F5A000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x98F64000 \SystemRoot\System32\DRIVERS\srv2.sys
0x98FB3000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x98035000 \SystemRoot\System32\DRIVERS\srv.sys
0x77520000 \Windows\System32\ntdll.dll
0x48370000 \Windows\System32\smss.exe
0x77760000 \Windows\System32\apisetschema.dll

Processes (total 98):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
412 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
612 csrss.exe
668 C:\Windows\System32\wininit.exe
680 csrss.exe
736 C:\Windows\System32\winlogon.exe
764 C:\Windows\System32\services.exe
772 C:\Windows\System32\lsass.exe
780 C:\Windows\System32\lsm.exe
920 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\spoolsv.exe
1660 C:\Windows\System32\svchost.exe
1736 C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe
1784 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1808 C:\Program Files\AVG\AVG10\avgfws.exe
1832 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1852 C:\Program Files\Bonjour\mDNSResponder.exe
1888 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
1924 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
464 C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe
752 C:\Windows\System32\svchost.exe
568 C:\Windows\System32\TODDSrv.exe
1572 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2104 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2188 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
2296 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2532 WmiPrvSE.exe
2640 C:\Program Files\AVG\AVG10\avgam.exe
2676 C:\Windows\System32\taskhost.exe
2732 C:\Program Files\AVG\AVG10\avgnsx.exe
3008 C:\Windows\System32\dwm.exe
3056 C:\Windows\explorer.exe
3308 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
3324 C:\Program Files\Toshiba TEMPRO\TemproTray.exe
3332 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
3340 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
3352 C:\Windows\System32\igfxtray.exe
3368 C:\Windows\System32\hkcmd.exe
3376 C:\Windows\System32\igfxpers.exe
3384 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
3392 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
3764 C:\Windows\System32\svchost.exe
3816 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
3844 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3852 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3868 C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
3876 C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
3884 C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
3892 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3908 C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
3924 C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
3932 C:\Program Files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe
4040 C:\Windows\System32\igfxsrvc.exe
4048 C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe
2788 C:\Program Files\iTunes\iTunesHelper.exe
3076 C:\Program Files\AVG\AVG10\avgtray.exe
3272 C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFHE.EXE
2452 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4332 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
4356 C:\Windows\System32\conhost.exe
4432 C:\Windows\System32\igfxext.exe
4556 C:\Program Files\iPod\bin\iPodService.exe
4752 C:\Windows\System32\SearchIndexer.exe
4988 C:\Windows\System32\svchost.exe
5012 C:\Windows\System32\taskeng.exe
5104 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
5316 C:\Program Files\Internet Explorer\iexplore.exe
5556 C:\Windows\System32\svchost.exe
5728 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
5796 C:\Program Files\AVG\AVG10\avgcsrvx.exe
6000 C:\Program Files\Internet Explorer\iexplore.exe
4840 dllhost.exe
5468 C:\Program Files\Windows Media Player\wmpnetwk.exe
4972 C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
4084 C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
5712 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
3520 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
1972 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
4188 C:\Program Files\Unipass\Securemail Client\bin\TmecSrv.exe
2500 C:\Program Files\Unipass\Securemail Client\bin\ppauxsrv.exe
1796 C:\Program Files\Unipass\Securemail Client\bin\ppSrv.exe
5812 C:\Program Files\Unipass\Securemail Client\bin\pptray.exe
5328 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
1288 C:\Program Files\AVG\AVG10\avgcsrvx.exe
6016 C:\Windows\System32\audiodg.exe
1252 C:\Windows\System32\SearchFilterHost.exe
3208 C:\Program Files\Internet Explorer\iexplore.exe
4008 C:\Windows\System32\SearchProtocolHost.exe
3252 C:\Users\Trevor Burridge\Desktop\MBRCheck.exe
3280 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`19100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`35600000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVT-26ZCT0, Rev: 12.01A12

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 9D43B6B8B72E6816F8B088135E02D21E2F936AFD


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

I did enter 3 and exit

TJB60 7 posts Forum Members
Posted 3 years, 338 days ago

2011/01/25 13:01:59.0991 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/25 13:01:59.0991 ================================================================================
2011/01/25 13:01:59.0991 SystemInfo:
2011/01/25 13:01:59.0991
2011/01/25 13:01:59.0991 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/25 13:01:59.0991 Product type: Workstation
2011/01/25 13:01:59.0991 ComputerName: WORKTOSHIBA
2011/01/25 13:01:59.0991 UserName: Trevor Burridge
2011/01/25 13:01:59.0991 Windows directory: C:\Windows
2011/01/25 13:01:59.0991 System windows directory: C:\Windows
2011/01/25 13:01:59.0991 Processor architecture: Intel x86
2011/01/25 13:01:59.0991 Number of processors: 1
2011/01/25 13:01:59.0991 Page size: 0x1000
2011/01/25 13:01:59.0991 Boot type: Normal boot
2011/01/25 13:01:59.0991 ================================================================================
2011/01/25 13:02:00.0318 Initialize success
2011/01/25 13:05:43.0942 ================================================================================
2011/01/25 13:05:43.0942 Scan started
2011/01/25 13:05:43.0942 Mode: Manual;
2011/01/25 13:05:43.0942 ================================================================================
2011/01/25 13:05:51.0836 ================================================================================
2011/01/25 13:05:51.0836 Scan finished
2011/01/25 13:05:51.0836 ================================================================================

TJB60 7 posts Forum Members
Posted 3 years, 338 days ago

Results of screen317's Security Check version 0.99.8
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 2011
McAfee Endpoint Encryption for Files and Folders
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 14
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

RichieUK 36762 posts Moderators
Posted 3 years, 338 days ago

Post the contents of OTL.txt and Extras.txt from the OTL scan please.

___________________________________________________________


http://www.getfirefox.net




TJB60 7 posts Forum Members
Posted 3 years, 338 days ago

OTL logfile created on: 1/25/2011 1:15:36 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Users\Trevor Burridge\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 91.47 Gb Free Space | 78.55% Space Free | Partition Type: NTFS
Drive D: | 116.05 Gb Total Space | 110.41 Gb Free Space | 95.14% Space Free | Partition Type: NTFS

Computer Name: WORKTOSHIBA | User Name: Trevor Burridge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/25 13:14:23 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\Trevor Burridge\Desktop\OTL.exe
PRC - [2011/01/25 13:11:43 | 000,879,047 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\SecurityCheck.exe
PRC - [2011/01/17 11:30:52 | 000,076,648 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Unipass\Securemail Client\bin\TmecSrv.exe
PRC - [2011/01/17 11:15:36 | 000,344,400 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Unipass\Securemail Client\bin\pptray.exe
PRC - [2011/01/17 11:15:18 | 000,110,928 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Unipass\Securemail Client\bin\ppSrv.exe
PRC - [2011/01/17 11:10:28 | 000,161,616 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Unipass\Securemail Client\bin\ppauxsrv.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/12/01 04:14:46 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/11/23 13:34:16 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/11 08:41:08 | 001,050,072 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproTray.exe
PRC - [2009/12/11 09:15:30 | 000,172,092 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe
PRC - [2009/12/11 09:14:43 | 000,380,988 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe
PRC - [2009/11/30 09:43:50 | 000,277,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe
PRC - [2009/11/30 09:43:47 | 000,154,440 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe
PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/02 14:41:34 | 000,173,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2009/08/19 13:20:52 | 000,069,632 | ---- | M] () -- C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
PRC - [2009/08/17 10:48:46 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/08/17 10:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/13 12:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/08/11 11:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/08/10 19:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/06 14:02:02 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2009/08/06 12:06:58 | 000,466,792 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2009/08/05 14:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 14:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/05 14:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/08/03 17:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 17:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/30 11:24:24 | 000,134,032 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
PRC - [2009/07/28 21:12:56 | 007,625,248 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009/07/14 01:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/13 15:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/05/19 16:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/03/24 02:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/13 20:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2008/11/17 06:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFHE.EXE
PRC - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/25 13:14:23 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\Trevor Burridge\Desktop\OTL.exe
MOD - [2011/01/17 11:15:48 | 000,056,656 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Unipass\Securemail Client\bin\PPTrayHk.dll
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/17 11:30:52 | 000,076,648 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Unipass\Securemail Client\bin\TmecSrv.exe -- (TmecSrv)
SRV - [2011/01/17 11:15:18 | 000,110,928 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Unipass\Securemail Client\bin\ppSrv.exe -- (ppSrv)
SRV - [2011/01/17 11:10:28 | 000,161,616 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Unipass\Securemail Client\bin\ppauxsrv.exe -- (ppAuxSrv)
SRV - [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/11/02 04:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/16 13:03:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/11 08:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/11 09:14:43 | 000,380,988 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe -- (SafeBootClientManager)
SRV - [2009/11/30 09:43:47 | 000,154,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe -- (SbCeCoreService)
SRV - [2009/08/17 10:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 19:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 14:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/03 17:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/04/26 16:22:42 | 001,011,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/03/21 10:45:41 | 000,044,976 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SBAlg)
DRV - [2009/12/11 09:13:32 | 000,014,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbRegFlt.sys -- (SbRegFlt)
DRV - [2009/12/11 09:13:24 | 000,006,496 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/12/11 09:13:18 | 000,033,328 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RsvLock.sys -- (RsvLock)
DRV - [2009/12/11 09:13:07 | 000,034,480 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFlop.sys -- (SbFlop)
DRV - [2009/12/11 09:12:38 | 000,103,760 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/12/11 07:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/30 09:43:52 | 000,502,344 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbCe.sys -- (SbCe)
DRV - [2009/11/30 09:43:28 | 000,157,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MfeEERM.sys -- (MfeEERM)
DRV - [2009/11/30 09:43:27 | 000,084,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbCeCd.sys -- (SbCeCd)
DRV - [2009/08/27 08:00:10 | 005,946,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/07/30 20:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009/07/30 16:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/28 21:02:42 | 002,735,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/24 15:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/20 17:48:32 | 000,213,552 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/14 15:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 00:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 22:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 22:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/22 17:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/06/04 11:32:52 | 000,022,992 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg11.sys -- (SBAlg11)
DRV - [2009/06/04 11:32:52 | 000,007,472 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg00.sys -- (SBAlg00)
DRV - [2009/06/04 11:32:51 | 000,045,040 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg12.sys -- (SBAlg12)
DRV - [2009/06/04 11:32:50 | 000,007,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg01.sys -- (SBAlg01)
DRV - [2009/05/22 21:52:04 | 000,167,936 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/28 09:10:23 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ppBHOReader Class) - {AC36AB03-0C7B-4363-A48E-342B7419337C} - C:\Program Files\Unipass\Securemail Client\bin\ppBHO.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Private Post Tray v4] C:\Program Files\Unipass\Securemail Client\bin\ppTray.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SafeBootTokenWatcher] C:\Program Files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe ()
O4 - HKLM..\Run: [SbCeCore] C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [EPSON BX310FN Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFHE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON7C56CF] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFHE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\Trevor Burridge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: nationwide-intermediary.co.uk ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: uk.com ([exweb.exchange] http in Trusted sites)
O15 - HKCU\..Trusted Domains: uk.com ([exweb.exchange] https in Trusted sites)
O15 - HKCU\..Trusted Domains: unipass.co.uk ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: unipass.co.uk ([]https in Trusted sites)
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} https://download.yahoo.com/dl/installs/bt/yregucfg.cab (RegUserCfgUI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} http://exweb.exchange.uk.com/clientBinaries/VersionInfo.CAB (VersionInfo.clsVersionInfo)
O16 - DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} http://exweb.exchange.uk.com/ClientBinaries/pvcalctl.cab (ProtoView Calendar Control)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} http://exweb.exchange.uk.com/ClientBinaries/pvdate2.cab (ProtoView Date Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} http://exweb.exchange.uk.com/clientBinaries/pvdt70.CAB (ProtoView DataTable Control 7.0 (OLEDB))
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2011/01/25 13:14:17 | 000,603,136 | ---- | C] (OldTimer Tools) -- C:\Users\Trevor Burridge\Desktop\OTL.exe
[2011/01/25 13:05:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/25 13:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/01/25 13:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/25 13:03:32 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Trevor Burridge\Desktop\erunt-setup.exe
[2011/01/25 13:00:26 | 000,000,000 | ---D | C] -- C:\Users\Trevor Burridge\Desktop\tdsskiller
[2011/01/25 11:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unipass Securemail Client
[2011/01/25 11:31:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/01/22 19:39:18 | 001,350,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Trevor Burridge\Desktop\TDSSKiller.exe
[2011/01/22 10:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/20 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\Trevor Burridge\AppData\Roaming\ieSpell
[2011/01/20 16:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\ieSpell
[2011/01/18 11:20:23 | 000,000,000 | ---D | C] -- C:\Users\Trevor Burridge\Desktop\Hamblion
[2011/01/18 11:13:11 | 000,000,000 | ---D | C] -- C:\Users\Trevor Burridge\Desktop\Work Related Draft Letters
[2011/01/13 10:52:08 | 000,000,000 | ---D | C] -- C:\Users\Trevor Burridge\Desktop\Parker Hornchurch
[2011/01/12 08:22:24 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/12 08:22:17 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/01/12 08:22:17 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/01/12 08:22:16 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/01/12 08:22:16 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/01/12 08:22:16 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/01/12 08:22:16 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/01/12 08:22:16 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/01/12 08:22:16 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/01/12 08:22:16 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/01/12 08:22:16 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/01/12 08:22:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/01/12 08:22:16 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/25 13:14:23 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\Trevor Burridge\Desktop\OTL.exe
[2011/01/25 13:11:43 | 000,879,047 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\SecurityCheck.exe
[2011/01/25 13:03:59 | 000,001,081 | ---- | M] () -- C:\Users\Trevor Burridge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/25 13:03:51 | 000,000,901 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\NTREGOPT.lnk
[2011/01/25 13:03:51 | 000,000,882 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\ERUNT.lnk
[2011/01/25 13:03:37 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Trevor Burridge\Desktop\erunt-setup.exe
[2011/01/25 13:00:30 | 001,350,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Trevor Burridge\Desktop\TDSSKiller.exe
[2011/01/25 12:59:43 | 001,237,433 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\tdsskiller.zip
[2011/01/25 12:56:54 | 000,080,384 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\MBRCheck.exe
[2011/01/25 12:38:33 | 000,017,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/25 12:38:33 | 000,017,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/25 11:29:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/25 11:29:07 | 1504,333,824 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/25 11:27:34 | 000,063,488 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\Vince and Jane DRAFT Suit Letter.doc
[2011/01/25 10:17:57 | 000,624,128 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\dds.com
[2011/01/25 10:02:09 | 000,296,448 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\jr5p5vf1.exe
[2011/01/25 09:25:46 | 104,840,651 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/01/25 09:25:46 | 000,644,059 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/01/24 19:22:14 | 000,043,193 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\Hannah and Tim.pdf
[2011/01/24 11:39:08 | 000,020,480 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\The Freedom of Information Act.doc
[2011/01/24 11:08:36 | 000,096,166 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/01/22 11:31:11 | 000,000,904 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\AVG Rootkit search file.csv
[2011/01/20 22:31:23 | 000,050,176 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\Gateway_LOA_for_Schemes[1].doc
[2011/01/20 22:31:02 | 000,121,856 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\Gateway_Letter_of_Authority_(Insurance_Company)[1].doc
[2011/01/20 22:30:31 | 000,040,960 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\Customer_Due_Diligence_Form[1].doc
[2011/01/19 10:48:42 | 000,108,544 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\Keyfacts about our services Mr and Mrs Green.doc
[2011/01/18 16:06:58 | 000,188,928 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\Phill Hewetson Change of Address.DOC
[2011/01/18 11:57:57 | 000,050,176 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\Mark and Carioline Life Cover shortfall.doc
[2011/01/13 15:43:31 | 000,021,352 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\Nationwide 5 Year Fixed rate 30 years.pdf
[2011/01/13 15:43:02 | 000,022,097 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\Woolwich Lifetime Tracker 30 yrs.pdf
[2011/01/12 11:43:08 | 000,082,038 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\Skipton Bond.pdf
[2010/12/30 11:16:54 | 000,055,806 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\Phil 2 year tracker £80000.pdf
[2010/12/30 11:14:44 | 000,055,876 | ---- | M] () -- C:\Users\Trevor Burridge\Desktop\Phil 3 year Tracker £80000.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/25 13:11:33 | 000,879,047 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\SecurityCheck.exe
[2011/01/25 13:03:59 | 000,001,081 | ---- | C] () -- C:\Users\Trevor Burridge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/25 13:03:51 | 000,000,901 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\NTREGOPT.lnk
[2011/01/25 13:03:51 | 000,000,882 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\ERUNT.lnk
[2011/01/25 12:59:43 | 001,237,433 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\tdsskiller.zip
[2011/01/25 12:56:48 | 000,080,384 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\MBRCheck.exe
[2011/01/25 10:17:52 | 000,624,128 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\dds.com
[2011/01/25 10:02:08 | 000,296,448 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\jr5p5vf1.exe
[2011/01/24 19:22:14 | 000,043,193 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\Hannah and Tim.pdf
[2011/01/24 11:39:07 | 000,020,480 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\The Freedom of Information Act.doc
[2011/01/22 11:31:11 | 000,000,904 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\AVG Rootkit search file.csv
[2011/01/20 22:31:22 | 000,050,176 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\Gateway_LOA_for_Schemes[1].doc
[2011/01/20 22:31:02 | 000,121,856 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\Gateway_Letter_of_Authority_(Insurance_Company)[1].doc
[2011/01/20 22:30:31 | 000,040,960 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\Customer_Due_Diligence_Form[1].doc
[2011/01/19 10:48:42 | 000,108,544 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\Keyfacts about our services Mr and Mrs Green.doc
[2011/01/19 10:30:39 | 000,063,488 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\Vince and Jane DRAFT Suit Letter.doc
[2011/01/18 16:06:58 | 000,188,928 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\Phill Hewetson Change of Address.DOC
[2011/01/18 11:57:56 | 000,050,176 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\Mark and Carioline Life Cover shortfall.doc
[2011/01/13 15:43:31 | 000,021,352 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\Nationwide 5 Year Fixed rate 30 years.pdf
[2011/01/13 15:43:02 | 000,022,097 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\Woolwich Lifetime Tracker 30 yrs.pdf
[2011/01/12 11:43:08 | 000,082,038 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\Skipton Bond.pdf
[2010/12/30 11:16:54 | 000,055,806 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\Phil 2 year tracker £80000.pdf
[2010/12/30 11:14:44 | 000,055,876 | ---- | C] () -- C:\Users\Trevor Burridge\Desktop\Phil 3 year Tracker £80000.pdf
[2010/10/12 12:31:04 | 000,010,593 | ---- | C] () -- C:\Windows\CSTBox.INI
[2010/06/16 11:51:37 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/16 11:51:37 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/06/16 11:50:31 | 001,323,098 | ---- | C] () -- C:\Windows\System32\MBLKeyHook.dll
[2010/06/16 11:50:31 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2010/06/16 11:50:30 | 000,000,305 | ---- | C] () -- C:\Windows\System32\Install.ini
[2010/06/16 11:50:30 | 000,000,260 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2010/06/16 11:50:23 | 000,663,552 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2010/06/16 11:50:19 | 000,377,856 | ---- | C] () -- C:\Windows\System32\tx32.dll
[2010/06/15 15:16:22 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2010/06/15 15:11:33 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS71.DLL
[2010/03/14 10:38:59 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/12/11 09:12:38 | 000,103,760 | ---- | C] () -- C:\Windows\System32\drivers\SafeBoot.sys
[2009/09/04 09:39:48 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/04 09:39:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/04/28 03:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Custom Scans ==========








[2009/07/14 01:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 01:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 01:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys


[2009/07/14 01:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 01:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 01:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys


[2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll


[2009/06/04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys


[2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys


[2009/07/14 01:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 01:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll


[2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys


[2009/07/14 01:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 01:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll




[2009/07/14 01:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/14 01:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll




[2009/12/11 09:12:38 | 000,103,760 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\SafeBoot.sys





========== Files - Unicode (All) ==========
[2011/01/19 14:13:45 | 000,000,000 | ---D | M](C:\Users\Trevor Burridge\Desktop\?Vince and Jane Remortgage) -- C:\Users\Trevor Burridge\Desktop\‌Vince and Jane Remortgage
[2010/12/21 14:29:31 | 000,000,000 | ---D | C](C:\Users\Trevor Burridge\Desktop\?Vince and Jane Remortgage) -- C:\Users\Trevor Burridge\Desktop\‌Vince and Jane Remortgage




OTL Extras logfile created on: 1/25/2011 1:15:36 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Users\Trevor Burridge\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 91.47 Gb Free Space | 78.55% Space Free | Partition Type: NTFS
Drive D: | 116.05 Gb Total Space | 110.41 Gb Free Space | 95.14% Space Free | Partition Type: NTFS

Computer Name: WORKTOSHIBA | User Name: Trevor Burridge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ ]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ \shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04E7A3BB-DB38-481C-A809-35FA60C78EDF}" = AVG 2011
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B06D4123-8026-4558-AD43-E9F5E2D71DC0}" = Unipass Securemail Client
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D06C8513-EA0A-4F63-9108-C29F2088D707}" = The Key
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D809EE46-E653-453E-B228-1337A12CCFD5}" = IQ4
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG" = AVG 2011
"Canon iP90 Setup Utility" = Canon iP90 Setup Utility
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONBJ_Deinstall_CNMCP71.DLL" = Canon iP90
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"EPSON BX310FN Series" = EPSON BX310FN Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Exweb v6.02" = Exweb v6.02
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ieSpell" = ieSpell
"InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"McAfee Endpoint Encryption for Files and Folders" = McAfee Endpoint Encryption for Files and Folders
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mortgage brain" = mortgage brain
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2011 2:10:47 PM | Computer Name = Worktoshiba | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 1/2/2011 6:04:33 AM | Computer Name = Worktoshiba | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 1/3/2011 8:46:53 AM | Computer Name = Worktoshiba | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 1/5/2011 6:02:33 AM | Computer Name = Worktoshiba | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16700 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e34 Start
Time: 01cbacbf1dc6f54c Termination Time: 47 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: dd67941f-18b2-11e0-a19c-705ab681b920

Error - 1/7/2011 8:14:49 AM | Computer Name = Worktoshiba | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Application or service 'TmecSrv' could not be restarted.

Error - 1/7/2011 9:27:36 AM | Computer Name = Worktoshiba | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 1/11/2011 11:04:02 AM | Computer Name = Worktoshiba | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 1/11/2011 3:30:27 PM | Computer Name = Worktoshiba | Source = Application Error | ID = 1000
Description = Faulting application name: WINWORD.EXE, version: 11.0.8328.0, time
stamp: 0x4c717ed1 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0002fc77 Faulting process
id: 0x704 Faulting application start time: 0x01cbb1c5f9e05322 Faulting application
path: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE Faulting module path:
C:\Windows\SYSTEM32\ntdll.dll Report Id: 3e164563-1db9-11e0-a252-705ab681b920

Error - 1/12/2011 9:14:59 AM | Computer Name = Worktoshiba | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 1/14/2011 11:27:12 AM | Computer Name = Worktoshiba | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 1/15/2011 5:00:31 PM | Computer Name = Worktoshiba | Source = DCOM | ID = 10016
Description =

Error - 1/16/2011 5:24:04 AM | Computer Name = Worktoshiba | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 1/16/2011 5:24:32 AM | Computer Name = Worktoshiba | Source = DCOM | ID = 10016
Description =

Error - 1/17/2011 6:38:50 AM | Computer Name = Worktoshiba | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 1/17/2011 6:39:12 AM | Computer Name = Worktoshiba | Source = DCOM | ID = 10016
Description =

Error - 1/18/2011 6:38:03 AM | Computer Name = Worktoshiba | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 1/18/2011 6:38:14 AM | Computer Name = Worktoshiba | Source = DCOM | ID = 10016
Description =

Error - 1/19/2011 4:41:00 AM | Computer Name = Worktoshiba | Source = Service Control Manager | ID = 7038
Description = The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with
the currently configured password due to the following error: %%1352 To ensure that
the service is configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error - 1/19/2011 5:26:41 AM | Computer Name = Worktoshiba | Source = DCOM | ID = 10016
Description =

Error - 1/20/2011 5:27:35 AM | Computer Name = Worktoshiba | Source = DCOM | ID = 10016
Description =





Good luck and thanks

RichieUK 36762 posts Moderators
Posted 3 years, 338 days ago

Download TFC by OldTimer to your Desktop.
* Please double-click TFC.exe to run it,if you're running Windows Vista right click on TFC.exe and click on "Run as Administrator".
* It will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Let it run uninterrupted until it's finished.
* Once it's finished it should reboot your machine.If it doesn't,please manually restart the pc to ensure a complete cleanup.


Please download Malwarebytes Anti-Malware from Here or Here.
Double Click mbam-setup.exe to install the application.
(If using Windows Vista/Windows 7,be sure to "Run As Administrator").

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan",then click "Scan".
* Make sure ALL partitions/hard drives are selected in the opening box,then click "Start Scan".
* The scan will certainly take some time to finish so please be patient.
* When the scan is complete, click OK, then click Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Run F-Secure Online Scanner.
Note:
If you are using Windows Vista/Win 7, open your web browser by right-clicking on its icon and select "Run as administrator" to perform this scan.

Before you can start scanning your computer, you need to install the F-Secure Online Scanner add-on for your browser.

* First read the licence terms on the opening page,then place a check in the box "I have read and accepted the license terms",then click on "Install".
* Install the 'Add On' when prompted,then click Start.
* Then click to select Full Scan.
* Then click on "Start",the "Downloading files.." window will appear.
* Once the files have installed,the scan will then start automatically,and will take some time to finish,so please be patient.
* When the scan completes, click the Automatic cleaning (recommended) button.
* Click the Full Report button then copy and paste the entire report into your next reply.


Also let me know how your pc is running now.

___________________________________________________________


http://www.getfirefox.net