Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Bonfire!!


  • This topic is locked This topic is locked
48 replies to this topic

#1 Robot Artist Ingenue

Robot Artist Ingenue

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 17 July 2012 - 08:06 PM

Hello, League of Extra-Ordinary Helpers;

Help me get back my computer/life/art/thesis-proposal back?

On July 11th, my computer was contracted with what appears to be a whole ecosystem of Malware(s).
This little machine is home to a specialty software and a number of important, un-backed-up files regarding my incomplete thesis work, which I need to submit in about ten days; therefore I cannot format it.

Being as computer-illiterate as I am, I spent the last days finding out about and -unsuccessfully- trying out a number of scanners, removal tools, etc.

Nothing helps. Maybe you will?

Please find a chronological list of symptoms, clues and complications below. (Please forgive me if it's too detailed or not detailed enough. I really am computer-illiterate, and have never been infected before) (-- Pasted far below: a dds log)

Thank you for reading.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Toshiba Satellite, Win 7 64 bit

1) Last week today - Just as I'm about to wrap up work and shut down, a Windows screen pops up; an .exe I don't recognize wants to make a change to my user settings, I decline, get suspicious, Power off. (Note - There was a Windows Update Scheduled)

2) Next morning - I turn on my computer, the same .exe (nestled under C:\Windows\Users\MyUserName) keeps wanting to make changes to my HDD. I decline..decline...it won't go away. I download and run AVG (Full Scan) -- It finds 4 Trojans, can cure 2 of them, vaults the other two. The Resident Shield warns me of various Tracking Cookies of Ads.Yieldmanager family, and another that I haven't taken a note of. (Password-snatching kind.)

3) Simultaneously, little ad windows pop up on the right below corner of my browser. (Firefox) However, the same stuff happens in Opera too, so I figure that it's a bigger problem.

4) Given AVG hasn't really spotted the first unknown .exe, I test it using Jotti's and Virus Total (which I discover, thanks to BleepingComputer!) They both monitor the .exe to be infectious. (At that point I still wasn't smart enough to take notes.)

5) I download and run Webroot SecureAnywhere Endpoint Protection - It finds and vaults the .exe. But the YieldManager troubles won't go away.

6) I try MalwareBytes to no avail. Uninstall it. Try IO Bits - doesn't help. I uninstall it. Reboot. (Note - There was another Windows Update Scheduled at that point)
and BAAAAAM..

7) My Desktop is gone. (My Desktop is 'Being Updated')....no icons..no task bar..I wait around, no life signs, task manager doesn't start, I Power Off.

8) In Safe Mode, I run the previous anti-virus programs again - no help. I try BitDefender Online Scanner - No luck. I restore the system to 2 days ago - no luck.

9) Again in Safe Mode, I download & run Kaspersky Virus Removal Tool (no luck), SmitFraudFix -- It terminates when I 'Search'. I choose to 'Clean' the next time. It processes. I reboot...and

10) In Normal Mode, the Taskbar returns - but with no functionality.

11) Back to the Safe Mode - I Back Up some files (Not realizing that all I'm doing is infecting my external hard drive and some usb sticks), take a Windows Image on a CD, run all of the above programs again (except for IO Bits) - Nothing. (I realize that while AVG scans in Command Line mode, it skips a lot of files/folders, as they are 'Locked' - These include seemingly mundane folders like 'My Documents', 'My Pictures'...and also, bigger sounding files like C:\hiberfil.sys or C:\Pagefile.sys)

12) Hopeless, I download and try the following programs in Safe Mode, to no avail -- on top running the previous ones (again and again): Trend
Micro's Housecall Online (Quick Scan/Full Scan), Microsoft Security Scanner, Eset Rogue Application Remover, Eset Smart Scan 5 (The online download will terminate, the offline download won't work as .msi won't function in Safe Mode), Rkill (under different aliases, repeatedly - won't find any malicious processes), Kaspersky TDDSKiller (multiple times)

13) In safe mode, I try Dr WebCureIt and get two warnings -- 'HOSTS file modified' (? Sounds too complicated, I don't dare act upon it), and, it's found a Killproc.7 - Frustrated, I erase it.

14) But right after that, I notice that some unfamiliar lines appear in AVG command line searches (--so perhaps it was a mistake to erase the Killproc?) -- "C:\Windows\Syswow64\ctfmon.exe File is running from an improper path." ".....<2904> File is running from an improper", etc...

15) In Safe Mode, I try SpyBot S&D - It communicates the warning - 'MS Windows Active Desktop Registry Change' (4 of them) (I leave those as they are)

16) At some point I try Avast! - bingo - It finds a Win32:Adware-gen, as the file - C:Windows\Users\Public\Documents\Regression-Analysis-Count.exe -- It vaults the .exe. I reboot and..

17) The Desktop Icons return - with No functionality....but they come alive after I try Task Manager. I run AVG. It finds some Rootkits -- before it terminates. (This happens after I pop open a Firefox browser on a whim...)

18) Back to the Safe Mode, I try another round of Spybot --- The same Windows Active Desktop Changed Settings warnings and A Tracking Cookie - Right Media (I delete it.)

19) Normal mode is back to blank desktop again...(After trying everything else...all of the above programs again...) I try ESET Online Scanner - It finds a win32/Toolbar.Zugo Application under D:downloads\setup.exe (this is the folder I've saved most of the above mentioned tools in....I guess it also means that the infection has taken over the D:drive ??) -- Eset 'cleared' it by deleting-quarantining it.

20) Normal Mode nonfunctional again, I try almost all of the programs again - Nothing finds anything anymore. I've additionaly tried McAfee Rootkit Scanner (Nope), Saphos can't work as it's an .msi file and doesn't work in Safe Mode, tried GMER (even though I knew it wouldn't work)...even tried Unhide.exe, just to be a little more optimistic ("my desktop is missing because my infections are maybe gone, la la la")

CURRENT SITUATION: Computer only really functioning in Safe Mode. The ad pop ups (right below corner) rage on. The system takes a very long time to boot. (Did I even need to mention that?! :-D)

COMPLICATIONS: 1) BACK UP: Given it all seems to be infected, do you think my 'back up' drive/usbs are infected too? In that case, I am in real deep trouble. (I don't dare log on to any pages with a password on my infected computer, therefore e-mailing myself some individual, critical files is probably out of question too?) (currently reporting from a borrowed computer) 2) SPECIALTY SOFTWARE: I have no means of reinstalling or reactivating the specialty software in my system; which I need to finish and submit my work. When I try to open it in Safe Mode, it asks me to activate it...do you think it will return to normal once I can -hopefully- return to working in normal mode?

What do you think, Doctors? Can my baby (and/or my work and...errr...future) survive?
Can we barbecue some serious malware-ass together?
Please let me know.
Thank you for reading..

ps - I am in time zone GMT +2 - any possible delay in my response will solely be due to the time difference.


-------------------------------------------------------------------------------------------------------------------
DDS LOG FOLLOWS
-------------------------------------------------------------------------------------------------------------------

Reporting Live from the infection site...

Please find the latest DDS log below.
Thank you very much for your time and energy...

---------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Toshıba at 4:15:41 on 2012-07-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1254.90.1055.18.2937.2372 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Webroot\WRSA.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Toshıba\Desktop\dds.scr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
StartupFolder: C:\Users\TOSHBA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\ArcSoft\MediaConverter 3\Monitor.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
uPolicies-explorer: NoFile = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoEncryptOnMove = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
mPolicies-explorer: NoFile = 0 (0x0)
mPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoDFSTab = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoEncryptOnMove = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
dPolicies-explorer: NoFile = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoEncryptOnMove = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Free YouTube Download - C:\Users\Toshıba\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Microsoft Excel'e &Ver - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{0A9DC337-1B13-4275-94DC-8C84C83CBC98} : DhcpNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464} : DhcpNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464}\149627F63707F6478245865684F6573756341666560294374796E6975692 : DhcpNameServer = 195.175.39.39 195.175.39.39
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464}\4545E454450275966496 : DhcpNameServer = 192.168.24.10
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464}\A5978554C4 : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{11222041-111B-46E3-BD29-EFB2449479B1}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
{326E768D-4182-46FD-9C16-1449A49795F4}
{593DDEC6-7468-4cdd-90E1-42DADAA222E9}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9519AF7E-638D-4933-BAD6-D33D23C79FE5}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{F301665A-12F8-4331-804A-5BCBD379668C}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [GrpConv] grpconv -o
mRunOnce-x64: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p
Hosts: 68.168.222.227 www.google-analytics.com.
Hosts: 68.168.222.227 ad-emea.doubleclick.net.
Hosts: 68.168.222.227 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Toshıba\AppData\Roaming\Mozilla\Firefox\Profiles\qtp6irs5.default\
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\system32\DRIVERS\thpdrv.sys --> C:\Windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS --> C:\Windows\system32\DRIVERS\Thpevm.SYS [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-7-11 688360]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\DRIVERS\QIOMem.sys --> C:\Windows\system32\DRIVERS\QIOMem.sys [?]
R3 t36gbus;Ericsson F3607gw for TOSHIBA Mobile Broadband Device (Win7);C:\Windows\system32\DRIVERS\t36gbus.sys --> C:\Windows\system32\DRIVERS\t36gbus.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;C:\Windows\system32\DRIVERS\WwanUsbMp64.sys --> C:\Windows\system32\DRIVERS\WwanUsbMp64.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-16 44808]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2012-2-24 103440]
S2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2010-3-10 359952]
S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2010-3-10 155456]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-16 1153368]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-8-26 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-11 935008]
S2 WMCoreService;Mobile Broadband Core Service;C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe [2009-8-17 424448]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 250056]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2010-3-10 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-22 113120]
S3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 t36gmdfl;Ericsson F3607gw for TOSHIBA Mobile Broadband Modem Filter (Win7);C:\Windows\system32\DRIVERS\t36gmdfl.sys --> C:\Windows\system32\DRIVERS\t36gmdfl.sys [?]
S3 t36gmdm;Ericsson F3607gw for TOSHIBA Mobile Broadband Modem (Win7);C:\Windows\system32\DRIVERS\t36gmdm.sys --> C:\Windows\system32\DRIVERS\t36gmdm.sys [?]
S3 t36gmgmt;Ericsson F3607gw for TOSHIBA Mobile Broadband Device Mgmt (Win7);C:\Windows\system32\DRIVERS\t36gmgmt.sys --> C:\Windows\system32\DRIVERS\t36gmgmt.sys [?]
S3 t36wgps;TOSHIBA Mobile Broadband GPS Port;C:\Windows\system32\DRIVERS\t36wgps64.sys --> C:\Windows\system32\DRIVERS\t36wgps64.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-12-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-07-17 20:29:21 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-17 14:28:26 53248 ----a-w- C:\Windows\SysWow64\Process.exe
2012-07-16 20:16:00 -------- d-----w- C:\Users\Tosh²ba\AppData\Local\Microsoft
2012-07-16 16:15:36 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-16 16:15:33 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-16 16:15:32 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-16 16:15:13 41224 ----a-w- C:\Windows\avastSS.scr
2012-07-16 16:14:50 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-16 16:14:50 -------- d-----w- C:\Program Files\AVAST Software
2012-07-16 14:53:34 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-16 14:53:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-16 13:40:50 -------- d-----w- C:\Users\Toshıba\DoctorWeb
2012-07-14 23:26:32 691 ----a-w- C:\Users\Toshıba\AppData\Roaming\GetValue.vbs
2012-07-14 23:26:32 35 ----a-w- C:\Users\Toshıba\AppData\Roaming\SetValue.bat
2012-07-14 22:49:06 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-07-14 22:44:08 6538 ----a-w- C:\Windows\SysWow64\tmp.reg
2012-07-14 22:13:12 -------- d-----w- C:\Users\Toshıba\AppData\Roaming\QuickScan
2012-07-14 21:57:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-14 21:57:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-13 14:21:44 -------- d-----w- C:\Program Files (x86)\IObit
2012-07-12 07:56:15 -------- d-----w- C:\Users\Toshıba\AppData\Roaming\Malwarebytes
2012-07-12 07:55:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-11 10:45:37 148664 ----a-w- C:\Windows\SysWow64\WRusr.dll
2012-07-11 10:45:37 101808 ----a-w- C:\Windows\System32\WRusr.dll
2012-07-11 10:45:35 113168 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2012-07-11 10:45:23 -------- d-----w- C:\Program Files\Webroot
2012-07-11 10:45:09 -------- d-----w- C:\ProgramData\WRData
2012-07-11 06:37:06 -------- d-----w- C:\Users\Toshıba\AppData\Roaming\AVG2012
2012-07-11 06:33:04 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-11 06:32:58 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-11 06:30:03 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-07-11 06:29:28 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-11 06:26:18 -------- d-----w- C:\$AVG
2012-07-11 06:26:17 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-11 06:26:17 -------- d-----w- C:\ProgramData\AVG2012
2012-07-11 06:22:48 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-11 06:02:49 -------- d-----w- C:\ProgramData\Common Files
2012-07-11 06:02:48 -------- d-----w- C:\ProgramData\MFAData
2012-07-11 05:56:41 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-11 05:56:41 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-25 10:52:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-25 10:51:30 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-25 10:51:00 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-25 10:51:00 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 16:33:22 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-22 16:33:16 573920 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-22 16:33:15 68576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-06-22 16:33:15 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-22 16:33:15 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-07-16 17:10:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-16 17:10:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:20 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-19 01:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 4:16:08,45 ===============


Thanks again!!

Edited by Robot Artist Ingenue, 17 July 2012 - 08:36 PM.


BC AdBot (Login to Remove)

 


#2 Robot Artist Ingenue

Robot Artist Ingenue
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 17 July 2012 - 08:20 PM

-- I have mistakenly replied myself and now can't get rid of this reply post. Any moderators out there to help remove it? Thank you..

-- For any helpers reading, the problem persists and I'm in dire need of assistance. Thank you.

Edited by Robot Artist Ingenue, 18 July 2012 - 04:43 AM.


#3 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 PM

Posted 18 July 2012 - 05:28 AM

Hi Robot Artist Ingenue :)
My name is Karsten and I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

#4 Robot Artist Ingenue

Robot Artist Ingenue
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 18 July 2012 - 05:41 AM

Thank you very much for your help, Karsten.
I look forward to cooperating with you.

#5 Robot Artist Ingenue

Robot Artist Ingenue
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 18 July 2012 - 01:59 PM

Hi Karsten,

I had to turn on the infected computer again; and in case it might change things, I ran DDS again.
(the newest log is pasted below).

Also, if it helps, after my friend's suggestion, I've found out the original .exe name:
VKYXDAQi0g.exe in C:\users\myusername (-- currently in Webroot quarantine, there's another line there: VKYXDAQi0g in HKU\S-1-5-21-445141224-985579-1930230248-10....(INCOMPLETE)\Run )
and the 'author' was noted down as: Hiller Threatslite

Thank you again for your time and energy!


------------------------------------------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Toshıba at 21:56:19 on 2012-07-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1254.90.1055.18.2937.2254 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Webroot\WRSA.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\DllHost.exe
C:\Users\Toshıba\Desktop\dds.scr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
StartupFolder: C:\Users\TOSHBA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\ArcSoft\MediaConverter 3\Monitor.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
uPolicies-explorer: NoFile = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoEncryptOnMove = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
mPolicies-explorer: NoFile = 0 (0x0)
mPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoDFSTab = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoEncryptOnMove = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
dPolicies-explorer: NoFile = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoEncryptOnMove = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Free YouTube Download - C:\Users\Toshıba\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Microsoft Excel'e &Ver - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{0A9DC337-1B13-4275-94DC-8C84C83CBC98} : DhcpNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464} : DhcpNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464}\149627F63707F6478245865684F6573756341666560294374796E6975692 : DhcpNameServer = 195.175.39.39 195.175.39.39
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464}\4545E454450275966496 : DhcpNameServer = 192.168.24.10
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464}\A5978554C4 : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{11222041-111B-46E3-BD29-EFB2449479B1}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
{326E768D-4182-46FD-9C16-1449A49795F4}
{593DDEC6-7468-4cdd-90E1-42DADAA222E9}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9519AF7E-638D-4933-BAD6-D33D23C79FE5}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{F301665A-12F8-4331-804A-5BCBD379668C}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [GrpConv] grpconv -o
mRunOnce-x64: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p
Hosts: 68.168.222.227 www.google-analytics.com.
Hosts: 68.168.222.227 ad-emea.doubleclick.net.
Hosts: 68.168.222.227 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Toshıba\AppData\Roaming\Mozilla\Firefox\Profiles\qtp6irs5.default\
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\system32\DRIVERS\thpdrv.sys --> C:\Windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS --> C:\Windows\system32\DRIVERS\Thpevm.SYS [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-7-11 688360]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\DRIVERS\QIOMem.sys --> C:\Windows\system32\DRIVERS\QIOMem.sys [?]
R3 t36gbus;Ericsson F3607gw for TOSHIBA Mobile Broadband Device (Win7);C:\Windows\system32\DRIVERS\t36gbus.sys --> C:\Windows\system32\DRIVERS\t36gbus.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;C:\Windows\system32\DRIVERS\WwanUsbMp64.sys --> C:\Windows\system32\DRIVERS\WwanUsbMp64.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-16 44808]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2012-2-24 103440]
S2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2010-3-10 359952]
S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2010-3-10 155456]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-16 1153368]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-8-26 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-11 935008]
S2 WMCoreService;Mobile Broadband Core Service;C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe [2009-8-17 424448]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 250056]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2010-3-10 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-22 113120]
S3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 t36gmdfl;Ericsson F3607gw for TOSHIBA Mobile Broadband Modem Filter (Win7);C:\Windows\system32\DRIVERS\t36gmdfl.sys --> C:\Windows\system32\DRIVERS\t36gmdfl.sys [?]
S3 t36gmdm;Ericsson F3607gw for TOSHIBA Mobile Broadband Modem (Win7);C:\Windows\system32\DRIVERS\t36gmdm.sys --> C:\Windows\system32\DRIVERS\t36gmdm.sys [?]
S3 t36gmgmt;Ericsson F3607gw for TOSHIBA Mobile Broadband Device Mgmt (Win7);C:\Windows\system32\DRIVERS\t36gmgmt.sys --> C:\Windows\system32\DRIVERS\t36gmgmt.sys [?]
S3 t36wgps;TOSHIBA Mobile Broadband GPS Port;C:\Windows\system32\DRIVERS\t36wgps64.sys --> C:\Windows\system32\DRIVERS\t36wgps64.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-12-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-07-17 20:29:21 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-17 14:28:26 53248 ----a-w- C:\Windows\SysWow64\Process.exe
2012-07-16 20:16:00 -------- d-----w- C:\Users\Tosh²ba\AppData\Local\Microsoft
2012-07-16 16:15:36 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-16 16:15:33 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-16 16:15:32 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-16 16:15:13 41224 ----a-w- C:\Windows\avastSS.scr
2012-07-16 16:14:50 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-16 16:14:50 -------- d-----w- C:\Program Files\AVAST Software
2012-07-16 14:53:34 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-16 14:53:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-16 13:40:50 -------- d-----w- C:\Users\Toshıba\DoctorWeb
2012-07-14 23:26:32 691 ----a-w- C:\Users\Toshıba\AppData\Roaming\GetValue.vbs
2012-07-14 23:26:32 35 ----a-w- C:\Users\Toshıba\AppData\Roaming\SetValue.bat
2012-07-14 22:49:06 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-07-14 22:44:08 6538 ----a-w- C:\Windows\SysWow64\tmp.reg
2012-07-14 22:13:12 -------- d-----w- C:\Users\Toshıba\AppData\Roaming\QuickScan
2012-07-14 21:57:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-14 21:57:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-13 14:21:44 -------- d-----w- C:\Program Files (x86)\IObit
2012-07-12 07:56:15 -------- d-----w- C:\Users\Toshıba\AppData\Roaming\Malwarebytes
2012-07-12 07:55:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-11 10:45:37 148664 ----a-w- C:\Windows\SysWow64\WRusr.dll
2012-07-11 10:45:37 101808 ----a-w- C:\Windows\System32\WRusr.dll
2012-07-11 10:45:35 113168 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2012-07-11 10:45:23 -------- d-----w- C:\Program Files\Webroot
2012-07-11 10:45:09 -------- d-----w- C:\ProgramData\WRData
2012-07-11 06:37:06 -------- d-----w- C:\Users\Toshıba\AppData\Roaming\AVG2012
2012-07-11 06:33:04 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-11 06:32:58 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-11 06:30:03 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-07-11 06:29:28 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-11 06:26:18 -------- d-----w- C:\$AVG
2012-07-11 06:26:17 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-11 06:26:17 -------- d-----w- C:\ProgramData\AVG2012
2012-07-11 06:22:48 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-11 06:02:49 -------- d-----w- C:\ProgramData\Common Files
2012-07-11 06:02:48 -------- d-----w- C:\ProgramData\MFAData
2012-07-11 05:56:41 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-11 05:56:41 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-25 10:52:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-25 10:51:30 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-25 10:51:00 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-25 10:51:00 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 16:33:22 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-22 16:33:16 573920 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-22 16:33:15 68576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-06-22 16:33:15 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-22 16:33:15 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-07-16 17:10:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-16 17:10:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:20 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
.
============= FINISH: 21:56:54,89 ===============

Edited by Robot Artist Ingenue, 18 July 2012 - 02:11 PM.


#6 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 PM

Posted 18 July 2012 - 02:09 PM

Hi again. :)

:welcome: to BleepingComputer.

My name is Karsten and I'll help you with the cleanup of malware from your computer.

Please be aware of the following:
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 3 days, I am assuming that you don't need help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

It looks like you are using a very old version of DDS. Could you please do the following:
We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#7 Robot Artist Ingenue

Robot Artist Ingenue
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 18 July 2012 - 02:35 PM

Thank you, Karsten; I'm on it!

#8 Robot Artist Ingenue

Robot Artist Ingenue
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 18 July 2012 - 02:51 PM

Hi Karsten,

Please find the newest log pasted below.

With many thanks for your help,

Burcu

------------------------------------------------------------


.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Toshıba at 22:44:41 on 2012-07-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1254.90.1055.18.2937.2295 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Webroot\WRSA.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Toshıba\Desktop\dds-2.scr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
StartupFolder: C:\Users\TOSHBA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\ArcSoft\MediaConverter 3\Monitor.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
uPolicies-explorer: NoFile = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoEncryptOnMove = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
mPolicies-explorer: NoFile = 0 (0x0)
mPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoDFSTab = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoEncryptOnMove = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
dPolicies-explorer: NoFile = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoEncryptOnMove = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Free YouTube Download - C:\Users\Toshıba\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Microsoft Excel'e &Ver - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{0A9DC337-1B13-4275-94DC-8C84C83CBC98} : DhcpNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464} : DhcpNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464}\149627F63707F6478245865684F6573756341666560294374796E6975692 : DhcpNameServer = 195.175.39.39 195.175.39.39
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464}\4545E454450275966496 : DhcpNameServer = 192.168.24.10
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464}\A5978554C4 : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{11222041-111B-46E3-BD29-EFB2449479B1}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
{326E768D-4182-46FD-9C16-1449A49795F4}
{593DDEC6-7468-4cdd-90E1-42DADAA222E9}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9519AF7E-638D-4933-BAD6-D33D23C79FE5}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{F301665A-12F8-4331-804A-5BCBD379668C}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [GrpConv] grpconv -o
mRunOnce-x64: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p
Hosts: 68.168.222.227 www.google-analytics.com.
Hosts: 68.168.222.227 ad-emea.doubleclick.net.
Hosts: 68.168.222.227 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Toshıba\AppData\Roaming\Mozilla\Firefox\Profiles\qtp6irs5.default\
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\system32\DRIVERS\thpdrv.sys --> C:\Windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS --> C:\Windows\system32\DRIVERS\Thpevm.SYS [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-7-11 688360]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\DRIVERS\QIOMem.sys --> C:\Windows\system32\DRIVERS\QIOMem.sys [?]
R3 t36gbus;Ericsson F3607gw for TOSHIBA Mobile Broadband Device (Win7);C:\Windows\system32\DRIVERS\t36gbus.sys --> C:\Windows\system32\DRIVERS\t36gbus.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;C:\Windows\system32\DRIVERS\WwanUsbMp64.sys --> C:\Windows\system32\DRIVERS\WwanUsbMp64.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-16 44808]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2012-2-24 103440]
S2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2010-3-10 359952]
S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2010-3-10 155456]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-16 1153368]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-8-26 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-11 935008]
S2 WMCoreService;Mobile Broadband Core Service;C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe [2009-8-17 424448]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 250056]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2010-3-10 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-22 113120]
S3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 t36gmdfl;Ericsson F3607gw for TOSHIBA Mobile Broadband Modem Filter (Win7);C:\Windows\system32\DRIVERS\t36gmdfl.sys --> C:\Windows\system32\DRIVERS\t36gmdfl.sys [?]
S3 t36gmdm;Ericsson F3607gw for TOSHIBA Mobile Broadband Modem (Win7);C:\Windows\system32\DRIVERS\t36gmdm.sys --> C:\Windows\system32\DRIVERS\t36gmdm.sys [?]
S3 t36gmgmt;Ericsson F3607gw for TOSHIBA Mobile Broadband Device Mgmt (Win7);C:\Windows\system32\DRIVERS\t36gmgmt.sys --> C:\Windows\system32\DRIVERS\t36gmgmt.sys [?]
S3 t36wgps;TOSHIBA Mobile Broadband GPS Port;C:\Windows\system32\DRIVERS\t36wgps64.sys --> C:\Windows\system32\DRIVERS\t36wgps64.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-12-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-07-17 20:29:21 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-17 14:28:26 53248 ----a-w- C:\Windows\SysWow64\Process.exe
2012-07-16 20:16:00 -------- d-----w- C:\Users\Tosh²ba\AppData\Local\Microsoft
2012-07-16 16:15:36 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-16 16:15:33 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-16 16:15:32 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-16 16:15:13 41224 ----a-w- C:\Windows\avastSS.scr
2012-07-16 16:14:50 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-16 16:14:50 -------- d-----w- C:\Program Files\AVAST Software
2012-07-16 14:53:34 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-16 14:53:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-16 13:40:50 -------- d-----w- C:\Users\Toshıba\DoctorWeb
2012-07-14 23:26:32 691 ----a-w- C:\Users\Toshıba\AppData\Roaming\GetValue.vbs
2012-07-14 23:26:32 35 ----a-w- C:\Users\Toshıba\AppData\Roaming\SetValue.bat
2012-07-14 22:49:06 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-07-14 22:44:08 6538 ----a-w- C:\Windows\SysWow64\tmp.reg
2012-07-14 22:13:12 -------- d-----w- C:\Users\Toshıba\AppData\Roaming\QuickScan
2012-07-14 21:57:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-14 21:57:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-13 14:21:44 -------- d-----w- C:\Program Files (x86)\IObit
2012-07-12 07:56:15 -------- d-----w- C:\Users\Toshıba\AppData\Roaming\Malwarebytes
2012-07-12 07:55:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-11 10:45:37 148664 ----a-w- C:\Windows\SysWow64\WRusr.dll
2012-07-11 10:45:37 101808 ----a-w- C:\Windows\System32\WRusr.dll
2012-07-11 10:45:35 113168 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2012-07-11 10:45:23 -------- d-----w- C:\Program Files\Webroot
2012-07-11 10:45:09 -------- d-----w- C:\ProgramData\WRData
2012-07-11 06:37:06 -------- d-----w- C:\Users\Toshıba\AppData\Roaming\AVG2012
2012-07-11 06:33:04 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-11 06:32:58 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-11 06:30:03 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-07-11 06:29:28 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-11 06:26:18 -------- d-----w- C:\$AVG
2012-07-11 06:26:17 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-11 06:26:17 -------- d-----w- C:\ProgramData\AVG2012
2012-07-11 06:22:48 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-11 06:02:49 -------- d-----w- C:\ProgramData\Common Files
2012-07-11 06:02:48 -------- d-----w- C:\ProgramData\MFAData
2012-07-11 05:56:41 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-11 05:56:41 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-25 10:52:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-25 10:51:30 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-25 10:51:00 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-25 10:51:00 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 16:33:22 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-22 16:33:16 573920 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-22 16:33:15 68576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-06-22 16:33:15 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-22 16:33:15 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-07-16 17:10:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-16 17:10:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:20 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
.
============= FINISH: 22:46:07,54 ===============

#9 Robot Artist Ingenue

Robot Artist Ingenue
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 18 July 2012 - 02:54 PM

ps- the A/V didn't give me any trouble so I didn't turn them off....reading your instructions again, I realize it might not have been the best choice. I'll quickly do this again, in case the stuff interferes with your work process. Please excuse my inexperience.

#10 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 PM

Posted 18 July 2012 - 02:54 PM

Now we just have to be a little patient and wait for my mentor/supervisor.

Edited by KarstenHansen, 18 July 2012 - 02:55 PM.


#11 Robot Artist Ingenue

Robot Artist Ingenue
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 18 July 2012 - 03:21 PM

Thank you very much, Karsten.

I've ran the program again, after attempting to shut down the A/V.
(Interesting phenomenon -- A/V I've specifically shut down - webroot, Avast!, McAfee appears to be enabled on the log...)

I'll paste the log below, in case it might be helpful.

Thank you again for your patience.

---------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Toshıba at 23:10:24 on 2012-07-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1254.90.1055.18.2937.2157 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\explorer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\DllHost.exe
C:\Users\Toshıba\Desktop\dds.scr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
StartupFolder: C:\Users\TOSHBA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\ArcSoft\MediaConverter 3\Monitor.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
uPolicies-explorer: NoFile = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoEncryptOnMove = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
mPolicies-explorer: NoFile = 0 (0x0)
mPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoDFSTab = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoEncryptOnMove = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
dPolicies-explorer: NoFile = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoEncryptOnMove = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Free YouTube Download - C:\Users\Toshıba\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Microsoft Excel'e &Ver - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{0A9DC337-1B13-4275-94DC-8C84C83CBC98} : DhcpNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464} : DhcpNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464}\149627F63707F6478245865684F6573756341666560294374796E6975692 : DhcpNameServer = 195.175.39.39 195.175.39.39
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464}\4545E454450275966496 : DhcpNameServer = 192.168.24.10
TCP: Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464}\A5978554C4 : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{11222041-111B-46E3-BD29-EFB2449479B1}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
{326E768D-4182-46FD-9C16-1449A49795F4}
{593DDEC6-7468-4cdd-90E1-42DADAA222E9}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9519AF7E-638D-4933-BAD6-D33D23C79FE5}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{F301665A-12F8-4331-804A-5BCBD379668C}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [GrpConv] grpconv -o
mRunOnce-x64: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p
Hosts: 68.168.222.227 www.google-analytics.com.
Hosts: 68.168.222.227 ad-emea.doubleclick.net.
Hosts: 68.168.222.227 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Toshıba\AppData\Roaming\Mozilla\Firefox\Profiles\qtp6irs5.default\
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\system32\DRIVERS\thpdrv.sys --> C:\Windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS --> C:\Windows\system32\DRIVERS\Thpevm.SYS [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\DRIVERS\QIOMem.sys --> C:\Windows\system32\DRIVERS\QIOMem.sys [?]
R3 t36gbus;Ericsson F3607gw for TOSHIBA Mobile Broadband Device (Win7);C:\Windows\system32\DRIVERS\t36gbus.sys --> C:\Windows\system32\DRIVERS\t36gbus.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;C:\Windows\system32\DRIVERS\WwanUsbMp64.sys --> C:\Windows\system32\DRIVERS\WwanUsbMp64.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-16 44808]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2012-2-24 103440]
S2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2010-3-10 359952]
S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2010-3-10 155456]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-16 1153368]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-8-26 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-11 935008]
S2 WMCoreService;Mobile Broadband Core Service;C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe [2009-8-17 424448]
S2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-7-11 688360]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 250056]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2010-3-10 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-22 113120]
S3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 t36gmdfl;Ericsson F3607gw for TOSHIBA Mobile Broadband Modem Filter (Win7);C:\Windows\system32\DRIVERS\t36gmdfl.sys --> C:\Windows\system32\DRIVERS\t36gmdfl.sys [?]
S3 t36gmdm;Ericsson F3607gw for TOSHIBA Mobile Broadband Modem (Win7);C:\Windows\system32\DRIVERS\t36gmdm.sys --> C:\Windows\system32\DRIVERS\t36gmdm.sys [?]
S3 t36gmgmt;Ericsson F3607gw for TOSHIBA Mobile Broadband Device Mgmt (Win7);C:\Windows\system32\DRIVERS\t36gmgmt.sys --> C:\Windows\system32\DRIVERS\t36gmgmt.sys [?]
S3 t36wgps;TOSHIBA Mobile Broadband GPS Port;C:\Windows\system32\DRIVERS\t36wgps64.sys --> C:\Windows\system32\DRIVERS\t36wgps64.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-12-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-07-17 20:29:21 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-17 14:28:26 53248 ----a-w- C:\Windows\SysWow64\Process.exe
2012-07-16 20:16:00 -------- d-----w- C:\Users\Tosh²ba\AppData\Local\Microsoft
2012-07-16 16:15:36 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-16 16:15:33 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-16 16:15:32 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-16 16:15:13 41224 ----a-w- C:\Windows\avastSS.scr
2012-07-16 16:14:50 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-16 16:14:50 -------- d-----w- C:\Program Files\AVAST Software
2012-07-16 14:53:34 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-16 14:53:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-16 13:40:50 -------- d-----w- C:\Users\Toshıba\DoctorWeb
2012-07-14 23:26:32 691 ----a-w- C:\Users\Toshıba\AppData\Roaming\GetValue.vbs
2012-07-14 23:26:32 35 ----a-w- C:\Users\Toshıba\AppData\Roaming\SetValue.bat
2012-07-14 22:49:06 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-07-14 22:44:08 6538 ----a-w- C:\Windows\SysWow64\tmp.reg
2012-07-14 22:13:12 -------- d-----w- C:\Users\Toshıba\AppData\Roaming\QuickScan
2012-07-14 21:57:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-14 21:57:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-13 14:21:44 -------- d-----w- C:\Program Files (x86)\IObit
2012-07-12 07:56:15 -------- d-----w- C:\Users\Toshıba\AppData\Roaming\Malwarebytes
2012-07-12 07:55:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-11 10:45:37 148664 ----a-w- C:\Windows\SysWow64\WRusr.dll
2012-07-11 10:45:37 101808 ----a-w- C:\Windows\System32\WRusr.dll
2012-07-11 10:45:35 113168 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2012-07-11 10:45:23 -------- d-----w- C:\Program Files\Webroot
2012-07-11 10:45:09 -------- d-----w- C:\ProgramData\WRData
2012-07-11 06:37:06 -------- d-----w- C:\Users\Toshıba\AppData\Roaming\AVG2012
2012-07-11 06:33:04 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-11 06:32:58 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-11 06:30:03 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-07-11 06:29:28 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-11 06:26:18 -------- d-----w- C:\$AVG
2012-07-11 06:26:17 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-11 06:26:17 -------- d-----w- C:\ProgramData\AVG2012
2012-07-11 06:22:48 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-11 06:02:49 -------- d-----w- C:\ProgramData\Common Files
2012-07-11 06:02:48 -------- d-----w- C:\ProgramData\MFAData
2012-07-11 05:56:41 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-11 05:56:41 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-25 10:52:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-25 10:51:30 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-25 10:51:00 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-25 10:51:00 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 16:33:22 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-22 16:33:16 573920 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-22 16:33:15 68576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-06-22 16:33:15 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-22 16:33:15 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-07-16 17:10:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-16 17:10:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:20 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
.
============= FINISH: 23:10:48,09 ===============

#12 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 PM

Posted 18 July 2012 - 03:21 PM

Hi Robot Artist Ingenue :)
As you like me have a x64 I would like us to get another view with another log tool, called OTL which makes a slightly larger log than DDS. Please do the following:
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup:
  • OTL logs posted
Best Regards,
Karsten

#13 Robot Artist Ingenue

Robot Artist Ingenue
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 18 July 2012 - 03:46 PM

Thanks a heap, Karsten. OTL scan in progress on the infected computer. (...internet is off, A/V are as off as I can manage..)

#14 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 PM

Posted 18 July 2012 - 03:47 PM

Sounds great, good work.

#15 Robot Artist Ingenue

Robot Artist Ingenue
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 18 July 2012 - 03:58 PM

Thank you for the encouragement!
Please find the OTL Logs below.
(quick note - I've noticed that there are some Turkish lines in the logs - my system is in Turkish. Can I help you with those or are they standard warnings in any/every languages?)

Tak!

------------------------
OTL.txt
------------------------

OTL logfile created on: 18.07.2012 23:37:32 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Toshıba\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy

2,87 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 70,75% Memory free
5,73 Gb Paging File | 5,02 Gb Available in Paging File | 87,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,01 Gb Total Space | 90,88 Gb Free Space | 60,99% Space Free | Partition Type: NTFS
Drive D: | 148,69 Gb Total Space | 109,66 Gb Free Space | 73,75% Space Free | Partition Type: NTFS

Computer Name: TOSHıBA-TOSH | User Name: Toshıba | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.18 23:35:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Toshıba\Desktop\OTL.exe
PRC - [2012.07.18 01:35:27 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.16 20:10:57 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012.07.03 19:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2009.10.29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee.com\agent\mcagent.exe
PRC - [2009.10.29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
PRC - [2009.10.27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.18 01:35:26 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.07.16 20:10:55 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.07.11 13:45:23 | 000,688,360 | ---- | M] (Webroot) [Auto | Stopped] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV:64bit: - [2012.07.03 19:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.11.04 17:47:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009.10.28 12:50:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009.08.27 14:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009.08.05 15:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009.08.04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009.08.03 19:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009.07.28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009.07.14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.08 10:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2012.07.18 01:35:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.16 20:11:01 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.11 09:33:14 | 000,935,008 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012.01.13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.11.04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
SRV - [2009.10.29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009.10.27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009.10.02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009.08.26 01:30:38 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009.08.17 19:15:38 | 000,424,448 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2009.08.17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.08.10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.07.30 06:20:36 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.07.14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009.07.08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy)
SRV - [2009.07.07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.11 13:45:35 | 000,113,168 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:64bit: - [2012.07.03 19:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.07.03 19:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.07.03 19:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.07.03 19:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.07.03 19:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.07.03 19:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.03.01 09:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.03.11 09:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 09:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.11.04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009.11.04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009.11.04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009.11.04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009.08.27 09:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.08.13 09:18:46 | 000,439,808 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV:64bit: - [2009.08.10 12:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.08.05 15:45:28 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009.08.05 13:56:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009.07.30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.29 21:00:46 | 000,249,384 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2009.07.28 21:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009.07.27 16:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.07.24 12:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 23:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009.07.10 16:53:22 | 000,096,296 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t36wgps64.sys -- (t36wgps)
DRV:64bit: - [2009.07.10 07:45:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009.07.07 22:39:08 | 000,211,432 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009.06.29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009.06.29 11:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009.06.26 13:51:58 | 000,432,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t36gmdm.sys -- (t36gmdm) Ericsson F3607gw for TOSHIBA Mobile Broadband Modem (Win7)
DRV:64bit: - [2009.06.26 13:51:58 | 000,376,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t36gmgmt.sys -- (t36gmgmt) Ericsson F3607gw for TOSHIBA Mobile Broadband Device Mgmt (Win7)
DRV:64bit: - [2009.06.26 13:51:56 | 000,329,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36gbus.sys -- (t36gbus) Ericsson F3607gw for TOSHIBA Mobile Broadband Device (Win7)
DRV:64bit: - [2009.06.26 13:51:56 | 000,019,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t36gmdfl.sys -- (t36gmdfl) Ericsson F3607gw for TOSHIBA Mobile Broadband Modem Filter (Win7)
DRV:64bit: - [2009.06.23 02:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.19 11:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009.06.19 10:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009.06.17 13:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009.06.15 14:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.29 19:54:14 | 000,269,360 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.09 14:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-445141224-98557509-1930230248-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-445141224-98557509-1930230248-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-445141224-98557509-1930230248-1000\..\SearchScopes\{859FCA7A-7DA5-41C0-9F7C-E3940B1DD037}: "URL" = http://rover.ebay.com/rover/1/710-71511-9400-6/4?satitle={searchTerms}
IE - HKU\S-1-5-21-445141224-98557509-1930230248-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={54889C66-C7C1-42E5-80BC-6F3DD527E58C}&mid=5912599afd2447d0a02bd3c97108ebf3-21c98104b4bb41a29691a3e7329dae4a7f3741a5&lang=en&ds=AVG&pr=fr&d=2012-07-11 09:33:20&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-445141224-98557509-1930230248-1000\..\SearchScopes\{D61B4B8F-FDA4-420E-AB24-1F11D0366F87}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-445141224-98557509-1930230248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2011.03.04 23:31:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox [2011.03.04 23:56:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.18 12:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.18 12:53:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.27 19:18:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.11 09:28:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.11 09:33:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.16 19:15:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 01:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.08 16:03:23 | 000,000,000 | ---D | M]

[2011.09.19 11:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshıba\AppData\Roaming\mozilla\Extensions
[2011.09.19 11:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshıba\AppData\Roaming\mozilla\Extensions\celtx@celtx.com
[2012.07.15 02:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshıba\AppData\Roaming\mozilla\Firefox\Profiles\qtp6irs5.default\extensions
[2011.11.28 22:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.03.10 00:54:16 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.09.19 11:24:04 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2011.09.19 11:24:04 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2011.09.19 11:24:04 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2011.09.19 11:24:04 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2011.09.19 11:24:04 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2011.09.19 11:24:03 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2011.09.19 11:24:03 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2012.07.18 01:35:27 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.01.01 23:49:05 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.11 09:32:56 | 000,003,748 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.22 19:33:11 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.22 19:33:11 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012.07.11 00:55:44 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 68.168.222.227 www.google-analytics.com.
O1 - Hosts: 68.168.222.227 ad-emea.doubleclick.net.
O1 - Hosts: 68.168.222.227 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL ()
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL (ArcSoft, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll ()
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll (ArcSoft Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [ConexantAudioPatch] C:\Program Files\ConexantAudioPatch\AudioReset.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Windows\TosVolRegulator_x64.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-445141224-98557509-1930230248-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKLM..\RunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe ()
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\NECS 2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Toshıba\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Toshıba\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.175.39.40 195.175.39.39
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A9DC337-1B13-4275-94DC-8C84C83CBC98}: DhcpNameServer = 195.175.39.40 195.175.39.39
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D471257F-19B3-499D-91CD-35AEE657C464}: DhcpNameServer = 195.175.39.40 195.175.39.39
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.18 23:35:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Toshıba\Desktop\OTL.exe
[2012.07.18 01:43:32 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Toshıba\Desktop\goster.exe
[2012.07.17 23:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.17 17:28:26 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2012.07.17 17:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.07.16 19:15:38 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.07.16 19:15:38 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.07.16 19:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.07.16 19:15:36 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.07.16 19:15:35 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.07.16 19:15:33 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.07.16 19:15:32 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.07.16 19:15:32 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.07.16 19:15:13 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.16 19:15:11 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.07.16 19:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.07.16 19:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.07.16 17:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.07.16 17:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.07.16 16:40:50 | 000,000,000 | ---D | C] -- C:\Users\Toshıba\DoctorWeb
[2012.07.16 13:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.07.15 01:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.07.15 01:43:51 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2012.07.15 01:43:51 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2012.07.15 01:43:51 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2012.07.15 01:43:51 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2012.07.15 01:43:51 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2012.07.15 01:43:51 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2012.07.15 01:43:51 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2012.07.15 01:43:51 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2012.07.15 01:43:51 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2012.07.15 01:43:51 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2012.07.15 01:13:12 | 000,000,000 | ---D | C] -- C:\Users\Toshıba\AppData\Roaming\QuickScan
[2012.07.15 00:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.15 00:57:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.15 00:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.13 17:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012.07.12 10:56:15 | 000,000,000 | ---D | C] -- C:\Users\Toshıba\AppData\Roaming\Malwarebytes
[2012.07.12 10:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.11 15:17:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.07.11 13:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
[2012.07.11 13:45:37 | 000,148,664 | ---- | C] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2012.07.11 13:45:37 | 000,101,808 | ---- | C] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2012.07.11 13:45:35 | 000,113,168 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2012.07.11 13:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2012.07.11 13:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData
[2012.07.11 09:37:06 | 000,000,000 | ---D | C] -- C:\Users\Toshıba\AppData\Roaming\AVG2012
[2012.07.11 09:36:06 | 000,000,000 | ---D | C] -- C:\Users\Toshıba\AppData\Local\AVG Secure Search
[2012.07.11 09:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012.07.11 09:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012.07.11 09:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.07.11 09:29:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012.07.11 09:26:18 | 000,000,000 | ---D | C] -- C:\$AVG
[2012.07.11 09:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.07.11 09:26:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012.07.11 09:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012.07.11 09:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2012.07.11 09:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.07.01 11:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.06.25 13:52:01 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.25 13:52:01 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.25 13:52:00 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.25 13:51:30 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.25 13:51:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.25 13:51:30 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.25 13:51:00 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.25 13:51:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.22 19:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.22 19:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.18 23:35:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Toshıba\Desktop\OTL.exe
[2012.07.18 23:30:05 | 001,457,094 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.18 23:30:05 | 000,618,316 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2012.07.18 23:30:05 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.18 23:30:05 | 000,121,686 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2012.07.18 23:30:05 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.18 22:35:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.18 22:35:24 | 2309,709,824 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.18 22:00:05 | 000,025,924 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2012.07.18 01:43:32 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Toshıba\Desktop\goster.exe
[2012.07.18 01:35:32 | 000,002,047 | ---- | M] () -- C:\Users\Toshıba\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.07.17 17:50:00 | 000,302,592 | ---- | M] () -- C:\Users\Toshıba\Desktop\tr23ns4s.exe
[2012.07.17 17:29:38 | 000,006,538 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2012.07.17 17:15:28 | 000,000,814 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 17:11:19 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.07.17 17:01:55 | 101,577,521 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.07.17 16:28:20 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 16:28:18 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 21:23:40 | 000,828,470 | ---- | M] () -- C:\Users\Toshıba\AppData\Local\census.cache
[2012.07.16 21:23:31 | 000,115,038 | ---- | M] () -- C:\Users\Toshıba\AppData\Local\ars.cache
[2012.07.16 20:10:56 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.16 20:10:56 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.16 19:15:38 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.07.16 19:15:33 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012.07.16 19:15:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.07.16 15:28:28 | 000,000,036 | ---- | M] () -- C:\Users\Toshıba\AppData\Local\housecall.guid.cache
[2012.07.16 01:54:24 | 000,000,691 | ---- | M] () -- C:\Users\Toshıba\AppData\Roaming\GetValue.vbs
[2012.07.16 01:54:24 | 000,000,035 | ---- | M] () -- C:\Users\Toshıba\AppData\Roaming\SetValue.bat
[2012.07.13 19:41:10 | 000,147,245 | ---- | M] () -- C:\Users\Toshıba\Documents\OPERA-bookmarks-html-temuz12.htm
[2012.07.13 19:40:39 | 000,170,268 | ---- | M] () -- C:\Users\Toshıba\Documents\OPERA-bookmarks-temmuz-2012.adr
[2012.07.13 19:36:59 | 000,100,630 | ---- | M] () -- C:\Users\Toshıba\Documents\FIREFOX-livemarks-and-bookmarks
[2012.07.13 19:34:35 | 000,327,131 | ---- | M] () -- C:\Users\Toshıba\Documents\FIREFOX-bookmarks.html
[2012.07.13 19:33:36 | 000,163,968 | ---- | M] () -- C:\Users\Toshıba\Documents\FIREFOX-bookmarks-2012-07-13
[2012.07.11 15:16:59 | 490,429,631 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.11 13:45:37 | 000,148,664 | ---- | M] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2012.07.11 13:45:37 | 000,101,808 | ---- | M] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2012.07.11 13:45:35 | 000,113,168 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2012.07.11 09:29:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.07.11 09:29:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.07.11 00:55:44 | 000,001,401 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.07 16:08:43 | 000,001,517 | ---- | M] () -- C:\Users\Toshıba\.recently-used.xbel
[2012.07.05 19:43:39 | 000,077,821 | ---- | M] () -- C:\Users\Toshıba\Documents\the-Rumpus-DYLAN_NICE-cinematic-Oyku.pdf
[2012.07.05 01:14:07 | 000,555,446 | ---- | M] () -- C:\Users\Toshıba\Desktop\6-Mayis-edit.fdx
[2012.07.03 19:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.07.03 19:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.07.03 19:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.07.03 19:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.07.03 19:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.07.03 19:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.07.03 19:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.03 19:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.07.03 19:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 12:20:39 | 000,367,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.29 11:42:34 | 000,043,216 | ---- | M] () -- C:\Users\Toshıba\Documents\SİBEL-KDV-05.pdf
[2012.06.29 11:42:16 | 000,043,441 | ---- | M] () -- C:\Users\Toshıba\Documents\sibel-ssk-05.pdf
[2012.06.29 11:42:03 | 000,049,214 | ---- | M] () -- C:\Users\Toshıba\Documents\sibel-hiz-lis.05.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.17 17:49:58 | 000,302,592 | ---- | C] () -- C:\Users\Toshıba\Desktop\tr23ns4s.exe
[2012.07.17 17:11:19 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.07.17 17:01:55 | 101,577,521 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.07.16 20:11:13 | 000,000,814 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.16 19:15:38 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.07.16 19:15:33 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012.07.16 19:15:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.07.16 15:43:54 | 000,828,470 | ---- | C] () -- C:\Users\Toshıba\AppData\Local\census.cache
[2012.07.16 15:43:37 | 000,115,038 | ---- | C] () -- C:\Users\Toshıba\AppData\Local\ars.cache
[2012.07.16 15:28:28 | 000,000,036 | ---- | C] () -- C:\Users\Toshıba\AppData\Local\housecall.guid.cache
[2012.07.15 02:26:32 | 000,000,691 | ---- | C] () -- C:\Users\Toshıba\AppData\Roaming\GetValue.vbs
[2012.07.15 02:26:32 | 000,000,035 | ---- | C] () -- C:\Users\Toshıba\AppData\Roaming\SetValue.bat
[2012.07.15 01:44:08 | 000,006,538 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2012.07.15 01:43:51 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2012.07.15 01:43:51 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2012.07.15 01:43:51 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2012.07.13 19:41:10 | 000,147,245 | ---- | C] () -- C:\Users\Toshıba\Documents\OPERA-bookmarks-html-temuz12.htm
[2012.07.13 19:40:39 | 000,170,268 | ---- | C] () -- C:\Users\Toshıba\Documents\OPERA-bookmarks-temmuz-2012.adr
[2012.07.13 19:36:58 | 000,100,630 | ---- | C] () -- C:\Users\Toshıba\Documents\FIREFOX-livemarks-and-bookmarks
[2012.07.13 19:34:34 | 000,327,131 | ---- | C] () -- C:\Users\Toshıba\Documents\FIREFOX-bookmarks.html
[2012.07.13 19:33:34 | 000,163,968 | ---- | C] () -- C:\Users\Toshıba\Documents\FIREFOX-bookmarks-2012-07-13
[2012.07.11 15:16:59 | 490,429,631 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.11 09:29:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.07.11 09:29:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.07.07 16:08:43 | 000,001,517 | ---- | C] () -- C:\Users\Toshıba\.recently-used.xbel
[2012.07.05 19:43:39 | 000,077,821 | ---- | C] () -- C:\Users\Toshıba\Documents\the-Rumpus-DYLAN_NICE-cinematic-Oyku.pdf
[2012.06.29 11:42:34 | 000,043,216 | ---- | C] () -- C:\Users\Toshıba\Documents\SİBEL-KDV-05.pdf
[2012.06.29 11:42:15 | 000,043,441 | ---- | C] () -- C:\Users\Toshıba\Documents\sibel-ssk-05.pdf
[2012.06.29 11:42:01 | 000,049,214 | ---- | C] () -- C:\Users\Toshıba\Documents\sibel-hiz-lis.05.pdf
[2012.01.26 20:33:22 | 000,004,608 | ---- | C] () -- C:\Users\Toshıba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.13 15:21:44 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.06.13 15:21:38 | 000,304,640 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.03.19 15:57:31 | 000,000,061 | ---- | C] () -- C:\Users\Toshıba\AppData\Roaming\default.pls
[2010.05.30 23:18:53 | 000,001,024 | ---- | C] () -- C:\Users\Toshıba\.rnd

< End of report >

------------------------


------------------------
EXTRAS.txt
-------------------------

OTL Extras logfile created on: 18.07.2012 23:37:32 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Toshıba\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy

2,87 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 70,75% Memory free
5,73 Gb Paging File | 5,02 Gb Available in Paging File | 87,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,01 Gb Total Space | 90,88 Gb Free Space | 60,99% Space Free | Partition Type: NTFS
Drive D: | 148,69 Gb Total Space | 109,66 Gb Free Space | 73,75% Space Free | Partition Type: NTFS

Computer Name: TOSHıBA-TOSH | User Name: Toshıba | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = internetshortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-20\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiSpywareDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{52D77949-B292-4462-A64E-1102A0F8E923}" = lport=2869 | protocol=6 | dir=in | app=system |
"{94BD1643-BFF3-46FA-9BFC-8E4588F9E86C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2BD3AD96-4060-455C-8B65-42EF63CB1318}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{3E52209E-6C46-4AC5-8BF6-4E5A66C5C6EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{412240DB-A91B-4C18-965A-B58CC1B11B38}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{53DCAE37-1C21-40DF-80FA-F108E804C16C}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{5FA85CB6-0F5A-48FF-8D2A-A822C71875D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{63E20FEE-0871-4FE7-A429-BCA02F11360A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{64FA97C5-CA5F-4E17-8857-10FDC022A026}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{65B7A3A9-85E9-43CA-A45E-1FC517EF0F74}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{73E2DFBE-BBE9-46B8-854D-DD2BB2C57D28}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{754EB180-76F6-45C3-848A-8AD477DCDCF6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{901DF600-7377-42E7-9715-833FD208ED0C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9415F80F-7CDF-49C8-A0C6-B92E8E10FB01}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A5C7538E-96FB-4749-9515-94607FEE9D84}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{B004790D-4A28-4D5E-8DFC-99EDCB005AA7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{B5CBE4F4-964A-4035-96DB-0C8B5D4AF7E7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B7790FB2-FBAB-4435-9AC5-16A5A45893DA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{C4758D68-0AD4-4045-9701-38F7060A1D32}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D05E0221-0ECD-4121-8A2E-4CC84B22DA82}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{EEFD199C-0806-4D68-95BE-2F11B621FB00}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F03FF8ED-E0CA-4B94-9FF1-58B91A4A4C7F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F55A9121-7787-42B9-8F8F-D70D6AB514D0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F947CFE0-A336-4973-9C49-2470FF7E73DC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4BD299B4-0A29-3706-B6B1-02DC71D47E26}" = Microsoft .NET Framework 4 Client Profile TRK Language Pack
"{5B67ABCE-A18A-4334-B728-A15665CB173E}" = Ericsson F3607gw for TOSHIBA Mobile Broadband Device
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6B9CE44B-52D0-4B2F-BDFA-56FF4977A790}" = AVG 2012
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84BC87D4-0480-4E10-B15D-1E7886D55180}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-041F-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Turkish) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA Sabit Disk Sürücüsü/Elektro Manyetik Sürücüsü Uyarısı
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"AVG" = AVG 2012
"CNXT_AUDIO" = Conexant HD Audio
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile TRK Language Pack" = Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{00811113-FA7B-4781-A146-0FD74D617624}" = Windows Live Call
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1BD77AAE-6901-4532-9629-766475C609D8}" = Windows Live Temel Parçalar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Karşıya Yükleme Aracı
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype™ Launcher
"{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}" = ArcSoft MediaImpression 2
"{30EDE085-7423-41A3-9FE9-4956AA61985D}" = Windows Live Writer
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{363188E4-1A27-4DE6-BA48-823D2E205385}" = ArcSoft Scan-n-Stitch Deluxe
"{37530151-56A6-4CE4-9F9F-CE1F5A1356C6}" = ArcSoft Panorama Maker 4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{685B9AFA-1A5B-48FF-A02E-AA6C0029B2FF}" = Microsoft Works
"{6A631D31-1FD6-46B5-9337-3485C3CBB002}" = TOSHIBA Wireless Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{82FAC25D-D0E1-4D60-9268-F3DD958BF052}" = ArcSoft RAW Thumbnail Viewer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F7BC615-A7E3-4309-B60E-BC8BF3DEAE83}" = Windows Live Mail
"{90120000-0016-041F-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Turkish) 2007
"{90120000-0016-041F-0000-0000000FF1CE}_HOMESTUDENTR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041F-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Turkish) 2007
"{90120000-0018-041F-0000-0000000FF1CE}_HOMESTUDENTR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041F-0000-0000000FF1CE}" = Microsoft Office Word MUI (Turkish) 2007
"{90120000-001B-041F-0000-0000000FF1CE}_HOMESTUDENTR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2007
"{90120000-001F-041F-0000-0000000FF1CE}_HOMESTUDENTR_{6A61C934-56F9-4AC6-A43B-30E3F9D886F5}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-041F-1000-0000000FF1CE}_HOMESTUDENTR_{8EFDC918-E9A4-43CF-8AE2-95AE63E01DFE}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-041F-0000-0000000FF1CE}" = Microsoft Office Proofing (Turkish) 2007
"{90120000-006E-041F-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Turkish) 2007
"{90120000-006E-041F-0000-0000000FF1CE}_HOMESTUDENTR_{8EFDC918-E9A4-43CF-8AE2-95AE63E01DFE}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-041F-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Turkish) 2007
"{90120000-00A1-041F-0000-0000000FF1CE}_HOMESTUDENTR_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.co.uk
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1055-7B44-A91000000001}" = Adobe Reader 9.1 - Turkish
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C1103EAA-CD9B-466F-B6D3-8CA337845F5E}" = Windows Live Fotoğraf Galerisi
"{C8B44566-839A-459C-A73D-49764CE216CC}" = ArcSoft Video Downloader
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}" = LightScribe System Software 1.17.90.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA Sabit Disk Sürücüsü/Elektro Manyetik Sürücüsü Uyarısı
"{DA966F45-F8A1-41F5-B186-36E184409432}" = Windows Live Messenger
"{DAE273DB-B035-42B7-AEE1-2B767971B3EB}" = Windows Live Sync
"{DD06A10E-CD67-4F4E-8CB5-83D5EA911055}" = Nero 8 Essentials
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}" = ArcSoft Photo Book Screen Saver
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{EE27AA87-8593-4B8A-A595-29E289C5520F}" = ArcSoft MediaConverter 3
"{F03EC055-F34E-4F6B-A684-8A370E11A304}" = ArcSoft Print Creations
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F8BFDEB8-9D2A-40CF-9E2C-FCA68FFAD959}" = Windows Live Oturum Açma Yardımcısı
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Celtx (2.9.1)" = Celtx (2.9.1)
"DivX Setup.divx.com" = DivX Setup
"DVDx 4.0" = DVDx 4.0
"ESET Online Scanner" = ESET Online Scanner v3
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Free YouTube Download_is1" = Free YouTube Download version 3.0.0.602
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA Sabit Disk Sürücüsü/Elektro Manyetik Sürücüsü Uyarısı
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"Opera 11.61.1250" = Opera 11.61
"Scrivener 101" = Scrivener
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Temel Parçalar
"WRUNINST" = Webroot SecureAnywhere

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-445141224-98557509-1930230248-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"multiWeather" = multiWeather

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15.07.2012 18:58:38 | Computer Name = Toshıba-TOSH | Source = Application Error | ID = 1000
Description = Hatalı uygulama adı: NMIndexStoreSvr.exe, sürüm: 3.3.8.0, zaman damgası:
0x4860cce5 Hatalı modül adı: unknown, sürüm: 0.0.0.0, zaman damgası: 0x00000000 Özel
durum kodu: 0xc0000005 Hata uzaklığı 0x00000100 Hatalı işlem kimliği: 0xcf0 Uygulama
başlangıç zamanı: 0x01cd62dd4552013e Hatalı uygulama yolu: C:\Program Files (x86)\Common
Files\Nero\Lib\NMIndexStoreSvr.exe Hatalı modül yolu: unknown Rapor kimliği: 9ca13df2-ced0-11e1-94fe-028037ec0200

Error - 15.07.2012 19:01:40 | Computer Name = Toshıba-TOSH | Source = McLogEvent | ID = 5051
Description = C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe işlemindeki bir iş parçacığının
isteği tamamlaması 90000 ms'den uzun sürdü. İşlem sonlandırılacak. İş parçacığı kimliği
: 1788 (0x6fc) İş parçacığı adresi : 0x0000000076DCFC0A İş parçacığı iletisi : Build
VSCORE.14.0.0.435 / 5301.4018 Object being scanned = \Device\HarddiskVolume2\Program
Files (x86)\Common Files\Nero\Lib\NeroVMRModules.dll by C:\Windows\SysWOW64\WerFault.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 16.07.2012 12:14:50 | Computer Name = Toshıba-TOSH | Source = System Restore | ID = 8193
Description =

Error - 16.07.2012 13:33:48 | Computer Name = Toshıba-TOSH | Source = McLogEvent | ID = 5051
Description = C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe işlemindeki bir iş parçacığının
isteği tamamlaması 90000 ms'den uzun sürdü. İşlem sonlandırılacak. İş parçacığı kimliği
: 2600 (0xa28) İş parçacığı adresi : 0x000000007768F72A İş parçacığı iletisi : Build
VSCORE.14.0.0.435 / 5301.4018 Object being scanned = \Device\HarddiskVolume2\ProgramData\AVG2012\Chjw\aa4f589a4f57791\avgcchmf.dat

by C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 17.07.2012 09:15:37 | Computer Name = Toshıba-TOSH | Source = McLogEvent | ID = 5051
Description = C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe işlemindeki bir iş parçacığının
isteği tamamlaması 90000 ms'den uzun sürdü. İşlem sonlandırılacak. İş parçacığı kimliği
: 3476 (0xd94) İş parçacığı adresi : 0x000000007759F6FA İş parçacığı iletisi : Build
VSCORE.14.0.0.435 / 5301.4018 Object being scanned = \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll

by C:\Program Files\AVAST Software\Avast\AvastSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 17.07.2012 09:16:18 | Computer Name = Toshıba-TOSH | Source = SDWinSec.exe | ID = 0
Description =

Error - 17.07.2012 10:15:27 | Computer Name = Toshıba-TOSH | Source = MsiInstaller | ID = 1013
Description =

Error - 17.07.2012 10:17:35 | Computer Name = Toshıba-TOSH | Source = McLogEvent | ID = 5051
Description = C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe işlemindeki bir iş parçacığının
isteği tamamlaması 90000 ms'den uzun sürdü. İşlem sonlandırılacak. İş parçacığı kimliği
: 1904 (0x770) İş parçacığı adresi : 0x000000007759F72A İş parçacığı iletisi : Build
VSCORE.14.0.0.435 / 5301.4018 Object being scanned = \Device\HarddiskVolume2\ProgramData\AVG2012\Chjw\2402f85602f82e84\avgcchff.dat

by \??\C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 17.07.2012 18:39:52 | Computer Name = Toshıba-TOSH | Source = SideBySide | ID = 16842832
Description = "D:\indirilmis_dosyalar\etsmartinstaller_enu.exe" için etkinleştirme
bağlamı oluşturulamadı."" bildirim veya ilke dosyası . satırında hata. Uygulama
için gereken bir bileşen sürümü zaten etkin olan başka bir bileşen sürümüyle çakışıyor.
Çakışan
bileşenler:. Bileşen 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Bileşen
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 17.07.2012 18:58:07 | Computer Name = Toshıba-TOSH | Source = McLogEvent | ID = 5051
Description = C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe işlemindeki bir iş parçacığının
isteği tamamlaması 90000 ms'den uzun sürdü. İşlem sonlandırılacak. İş parçacığı kimliği
: 2548 (0x9f4) İş parçacığı adresi : 0x0000000076DAF72A İş parçacığı iletisi : Build
VSCORE.14.0.0.435 / 5301.4018 Object being scanned = \Device\HarddiskVolume2\ProgramData\AVG2012\Chjw\aa4f589a4f57791\avgcchmf.dat

by C:\PROGRA~2\AVG\AVG2012\avgrsa.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 18.07.2012 16:04:17 | Computer Name = Toshıba-TOSH | Source = SideBySide | ID = 16842832
Description = "D:\indirilmis_dosyalar\etsmartinstaller_enu.exe" için etkinleştirme
bağlamı oluşturulamadı."" bildirim veya ilke dosyası . satırında hata. Uygulama
için gereken bir bileşen sürümü zaten etkin olan başka bir bileşen sürümüyle çakışıyor.
Çakışan
bileşenler:. Bileşen 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Bileşen
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

[ System Events ]
Error - 18.07.2012 16:37:07 | Computer Name = Toshıba-TOSH | Source = Service Control Manager | ID = 7001
Description = Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu
hizmetine bağımlıdır: %%1068

Error - 18.07.2012 16:43:19 | Computer Name = Toshıba-TOSH | Source = Service Control Manager | ID = 7001
Description = Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu
hizmetine bağımlıdır: %%1068

Error - 18.07.2012 16:43:19 | Computer Name = Toshıba-TOSH | Source = Service Control Manager | ID = 7001
Description = Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu
hizmetine bağımlıdır: %%1068

Error - 18.07.2012 16:43:19 | Computer Name = Toshıba-TOSH | Source = Service Control Manager | ID = 7001
Description = Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu
hizmetine bağımlıdır: %%1068

Error - 18.07.2012 16:47:53 | Computer Name = Toshıba-TOSH | Source = Service Control Manager | ID = 7001
Description = Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu
hizmetine bağımlıdır: %%1068

Error - 18.07.2012 16:47:53 | Computer Name = Toshıba-TOSH | Source = Service Control Manager | ID = 7001
Description = Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu
hizmetine bağımlıdır: %%1068

Error - 18.07.2012 16:47:53 | Computer Name = Toshıba-TOSH | Source = Service Control Manager | ID = 7001
Description = Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu
hizmetine bağımlıdır: %%1068

Error - 18.07.2012 16:48:07 | Computer Name = Toshıba-TOSH | Source = Service Control Manager | ID = 7001
Description = Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu
hizmetine bağımlıdır: %%1068

Error - 18.07.2012 16:48:07 | Computer Name = Toshıba-TOSH | Source = Service Control Manager | ID = 7001
Description = Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu
hizmetine bağımlıdır: %%1068

Error - 18.07.2012 16:48:07 | Computer Name = Toshıba-TOSH | Source = Service Control Manager | ID = 7001
Description = Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu
hizmetine bağımlıdır: %%1068


< End of report >


-----------------------------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users