Results 1 to 8 of 8
  1. #1
    Member
    Join Date
    Apr 2009
    Posts
    10
    Points
    0

    Default trojan virus that avast doesn't pick up to remove

    Good Morning,
    I am in need of your assistance please. I have a trojan virus that superantispyware picks up but can't seem to quarantine it. I have run malwarebytes also and a boot scan with avast and superantispyware says it's still here. I will paste the log files here if you can help me get rid of this virus.

    SuperAntiSpyware log:
    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 12/03/2013 at 04:37 PM

    Application Version : 4.34.1000

    Core Rules Database Version : 8206
    Trace Rules Database Version: 6017

    Scan type : Custom Scan
    Total Scan Time : 00:03:03

    Memory items scanned : 537
    Memory threats detected : 0
    Registry items scanned : 8114
    Registry threats detected : 1
    File items scanned : 0
    File threats detected : 0

    Trojan.Agent/Gen
    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#20131121
    MalwareBytes log:

    alwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2013.11.30.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    owner :: OWNER-PC [administrator]

    12/1/2013 2:11:17 AM
    mbam-log-2013-12-01 (02-11-17).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 364325
    Time elapsed: 1 hour(s), 40 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Program Files\FoxTabFLVPlayer\FLVPlayer.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
    C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.

    HijackThis log:

    ogfile of Trend Micro HijackThis v2.0.5
    Scan saved at 5:32:06 AM, on 12/4/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16520)


    Boot mode: Normal

    Running processes:
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\taskhost.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files\TOSHIBA\TECO\TEco.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Alwil Software\Avast5\avastui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\windows\system32\igfxext.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
    C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HTNHIVN\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O1 - Hosts: 74.208.105.171 gs.apple.com
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
    O4 - HKLM\..\Run: [20131121] C:\Program Files\Alwil Software\Avast5\setup\emupdate\828d879c-1346-46a4-a1a5-9a6f75e26c69.exe /check
    O4 - HKCU\..\Run: [MyTOSHIBA] "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [ccleaner] "C:\Users\owner\Desktop\virus gadgets\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [Spotify] "C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - HKCU\..\Run: [Itibiti.exe] C:\Program Files\Itibiti Soft Phone\Itibiti.exe
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://games.bigfishgames.com/en_mys...esLauncher.cab
    O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/en_big...GamePlayer.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games...ploader_v6.cab
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (file missing)
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
    O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 14491 bytes

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi debwilley,

    I have moved your thread to the Spyware Removal forum for you.


    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • The contents of the scan results may be confusing. If you see a program name that you know should not be removed, uncheck the results and please let me know about it.
    • Click the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    It appears that you have a very outdated version of Avast installed. Please click >>HERE<< to download and install the latest version to update your Avast software.

    Next:


    Please download OTL to your Desktop.
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

    In your next reply, please post the following logs:
    AdwCleaner[S0].txt
    OTL.txt
    Extras.txt


    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member
    Join Date
    Apr 2009
    Posts
    10
    Points
    0

    Default

    Thank you. My Avast updates everyday but I did a manual to assure it is up to date. Here are the other 2 logs.
    # AdwCleaner v3.014 - Report created 04/12/2013 at 10:04:08
    # Updated 01/12/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : owner - OWNER-PC
    # Running from : C:\Users\owner\Desktop\virus gadgets\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Users\owner\AppData\Local\Temp\Uninstall.exe
    File Found : C:\windows\Downloaded Program Files\popcaploader.inf
    Folder Found C:\Program Files\w3i
    Folder Found C:\ProgramData\Alawar Stargaze
    Folder Found C:\ProgramData\Ask
    Folder Found C:\ProgramData\boost_interprocess
    Folder Found C:\ProgramData\Partner
    Folder Found C:\ProgramData\w3i
    Folder Found C:\Users\owner\AppData\Local\apn
    Folder Found C:\Users\owner\AppData\Local\visi_coupon
    Folder Found C:\Users\owner\AppData\Roaming\quickclick

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\APN PIP
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\Cr_Installer
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

    OTL logfile created on: 12/4/2013 10:07:09 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Desktop\virus gadgets
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 43.60% Memory free
    5.74 Gb Paging File | 4.25 Gb Available in Paging File | 74.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288.62 Gb Total Space | 228.47 Gb Free Space | 79.16% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/12/04 10:06:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\virus gadgets\OTL.exe
    PRC - [2013/12/04 10:03:22 | 001,110,034 | ---- | M] () -- C:\Users\owner\Desktop\virus gadgets\AdwCleaner.exe
    PRC - [2013/10/29 14:56:46 | 003,567,800 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\avastui.exe
    PRC - [2013/10/21 11:42:05 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2013/10/08 15:27:14 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
    PRC - [2013/08/07 01:38:12 | 000,217,880 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
    PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/02/11 12:45:54 | 001,295,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    PRC - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/02/18 15:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2009/09/03 14:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    PRC - [2009/08/11 19:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
    PRC - [2009/08/11 19:09:38 | 001,324,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
    PRC - [2009/08/10 22:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    PRC - [2009/08/06 20:05:18 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    PRC - [2009/08/06 20:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    PRC - [2009/08/05 17:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    PRC - [2009/08/05 17:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    PRC - [2009/08/05 17:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    PRC - [2009/08/03 20:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    PRC - [2009/08/03 20:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2009/07/28 17:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
    PRC - [2009/07/28 17:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    PRC - [2009/07/13 18:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/03/18 19:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/04 10:03:22 | 001,110,034 | ---- | M] () -- C:\Users\owner\Desktop\virus gadgets\AdwCleaner.exe
    MOD - [2013/10/21 11:42:06 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
    MOD - [2013/10/10 14:32:35 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
    MOD - [2013/10/10 14:31:23 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
    MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2013/08/15 11:43:43 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
    MOD - [2013/08/15 11:42:44 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
    MOD - [2013/08/15 11:40:16 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
    MOD - [2013/08/15 11:39:42 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
    MOD - [2013/07/13 11:38:59 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
    MOD - [2012/01/26 19:27:40 | 000,052,224 | ---- | M] () -- C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2011/12/18 12:53:07 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011/01/26 13:47:02 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
    MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2009/08/03 20:17:24 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    MOD - [2009/07/29 18:35:38 | 000,014,648 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
    MOD - [2009/07/25 13:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
    MOD - [2009/07/16 18:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
    MOD - [2009/07/16 18:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    MOD - [2009/07/08 20:03:02 | 000,058,368 | ---- | M] () -- C:\Windows\System32\bdmpega.acm
    MOD - [2009/06/22 17:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
    MOD - [2009/03/12 22:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
    MOD - [2008/12/30 02:03:26 | 000,098,304 | ---- | M] () -- C:\Program Files\Free Download Manager\iefdm2.dll
    MOD - [2008/03/18 19:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\jsd.dll
    MOD - [2008/03/18 19:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\js32.dll
    MOD - [2008/01/08 17:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV - [2013/10/23 05:06:14 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
    SRV - [2013/10/21 11:42:05 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/10/09 01:21:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/07/28 16:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/05/18 17:29:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/02/24 11:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
    SRV - [2009/09/03 14:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
    SRV - [2009/08/11 19:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV - [2009/08/10 22:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
    SRV - [2009/08/06 20:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV - [2009/08/05 17:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2009/08/03 20:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV - [2009/07/28 17:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleNT.sys -- (EagleNT)
    DRV - [2013/11/08 12:30:33 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
    DRV - [2013/10/21 11:42:07 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/10/21 11:42:07 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/10/21 11:42:07 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2013/10/21 11:42:07 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/10/21 11:42:07 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/10/21 11:42:07 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/10/21 11:42:07 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2013/10/02 00:42:59 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/04/26 16:22:42 | 001,011,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
    DRV - [2009/08/05 22:04:04 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/07/30 19:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2009/07/24 18:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
    DRV - [2009/07/14 18:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/07/07 11:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2009/06/22 20:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
    DRV - [2009/06/19 22:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {DFE1E408-501E-4BB4-B501-D2303CBFCA76}
    IE - HKLM\..\SearchScopes\{DFE1E408-501E-4BB4-B501-D2303CBFCA76}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Bing
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = My Yahoo
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
    IE - HKCU\..\SearchScopes\{2F49A4F6-40B6-42A6-8D97-5CC012F23010}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=C4BB1D6A-CBA1-402B-A253-D99568E93F88&apn_sauid=2C95DF5E-46A7-47E9-906B-79053B3918BB
    IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
    IE - HKCU\..\SearchScopes\{DFE1E408-501E-4BB4-B501-D2303CBFCA76}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\30\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)


    [2011/05/03 02:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions

    ========== Chrome ==========

    CHR - homepage: true
    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: Google
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldnpebemfdkffjcmpangoiagoadaomdd\1.4.4_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2010/09/05 12:59:48 | 000,000,853 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 74.208.105.171 gs.apple.com
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [20131121] C:\Program Files\Alwil Software\Avast5\setup\emupdate\828d879c-1346-46a4-a1a5-9a6f75e26c69.exe (AVAST Software)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
    O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - HKCU..\Run: [ccleaner] C:\Users\owner\Desktop\virus gadgets\CCleaner\CCleaner.exe (Piriform Ltd)
    O4 - HKCU..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun File not found
    O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files\Itibiti Soft Phone\Itibiti.exe File not found
    O4 - HKCU..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
    O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKCU..\Run: [Spotify] "C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm File not found
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm File not found
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm File not found
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: dhs.gov ([email.tsa] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: dhs.gov ([extranet.tsa] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: dhs.gov ([pass.tsa] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: dhs.gov ([tsaolc.tsa] https in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://games.bigfishgames.com/en_mys...esLauncher.cab (SpinTop Games Launcher)
    O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} http://games.bigfishgames.com/en_big...GamePlayer.cab (Jolly Bear Games Player)
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games...ploader_v6.cab (PopCapLoader Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DD62CAC-FB49-4916-891E-456DEEFCD4B2}: DhcpNameServer = 192.168.1.1 71.242.0.12
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{3abc33e8-b42c-11e0-bf45-00266c376a5d}\Shell - "" = AutoRun
    O33 - MountPoints2\{3abc33e8-b42c-11e0-bf45-00266c376a5d}\Shell\AutoRun\command - "" = E:\DTVP_Launcher.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/04 10:03:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/12/04 05:26:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2013/12/03 13:00:28 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{74FEC9B1-07C1-432F-B9CE-7C05D8A1D27E}
    [2013/11/30 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{4A76B3A1-D240-4869-87F2-FF32BBC117FF}
    [2013/11/30 16:49:41 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{9F8DAB77-C53C-4322-AB66-F47CBFE4A1DC}
    [2013/11/30 04:41:55 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{C9FB0789-2A3D-4805-812F-8E4E1A72E9CB}
    [2013/11/29 16:41:29 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{54D75CDF-8E01-4B0C-A7FA-9F7C6A589699}
    [2013/11/29 01:22:02 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{52EC1180-0E4B-4E1C-A693-ACF0DE58BA4F}
    [2013/11/28 13:21:35 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{342A3A72-12CC-4B35-97FF-1E916A03FD88}
    [2013/11/28 12:32:08 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{20020B6D-4410-4A96-B676-37FF812014A8}
    [2013/11/27 13:20:22 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{56462CFD-D1F2-462A-8777-ABDEDA027795}
    [2013/11/26 14:05:36 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{1692F205-9F6A-4D44-92F1-0312456E5533}
    [2013/11/25 18:03:57 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{91B5C0E4-D35E-4100-97F8-2133095DBF0C}
    [2013/11/25 12:36:32 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{87B9E565-C884-4C93-8CE1-6D5BDEA03AF5}
    [2013/11/24 02:25:17 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{9467BD0A-FCEB-4B4F-8709-70414133E317}
    [2013/11/16 02:24:00 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{EF432A32-4636-443C-BF84-FB96D0AFBA9B}
    [2013/11/14 12:32:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
    [2013/11/14 12:32:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
    [2013/11/14 12:32:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
    [2013/11/14 12:32:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
    [2013/11/14 12:32:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
    [2013/11/14 12:32:17 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
    [2013/11/14 12:32:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
    [2013/11/14 12:32:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
    [2013/11/13 08:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2013/11/13 03:26:12 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\authui.dll
    [2013/11/13 03:26:11 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmartcardCredentialProvider.dll
    [2013/11/13 03:26:05 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll
    [2013/11/13 03:26:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll
    [2013/11/13 03:26:02 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshwfp.dll
    [2013/11/13 03:26:02 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FWPUCLNT.DLL
    [2013/11/12 18:06:32 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{2E3D3E01-3D0A-4D5E-B0B6-B7F0BDD71FCE}
    [2013/11/09 01:29:30 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{A7D411E1-A198-4004-9242-9E5F074E6FB2}
    [2013/11/05 05:11:37 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Rumbic Studio
    [2013/11/04 13:33:05 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Fall 2013-2014 rotation items
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/12/04 10:09:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/12/04 09:19:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2013/12/04 00:26:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/12/03 16:48:43 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/12/03 16:48:43 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/12/03 16:40:27 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/12/03 16:40:04 | 2312,097,792 | -HS- | M] () -- C:\hiberfil.sys
    [2013/12/03 13:04:10 | 000,624,412 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2013/12/03 13:04:10 | 000,106,756 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2013/11/11 05:50:18 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
    [2013/11/08 12:30:33 | 000,403,440 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswsp.sys
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/09/11 05:32:05 | 000,007,605 | ---- | C] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
    [2013/03/02 08:58:33 | 000,178,304 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
    [2013/03/02 08:58:33 | 000,049,944 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
    [2011/05/13 15:09:22 | 000,012,896 | -HS- | C] () -- C:\Users\owner\AppData\Local\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
    [2011/05/13 15:09:22 | 000,012,896 | -HS- | C] () -- C:\ProgramData\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
    [2011/02/07 03:06:55 | 000,000,264 | ---- | C] () -- C:\ProgramData\~s4qjuD53p
    [2011/02/07 03:06:55 | 000,000,144 | ---- | C] () -- C:\ProgramData\~s4qjuD53pr
    [2011/02/07 03:06:48 | 000,000,544 | ---- | C] () -- C:\ProgramData\s4qjuD53p
    [2010/10/16 21:55:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/10/11 06:51:17 | 000,000,283 | ---- | C] () -- C:\Users\owner\SciTE.session
    [2010/08/23 10:18:13 | 000,000,000 | ---- | C] () -- C:\Users\owner\jagex__preferences3.dat
    [2010/08/23 10:18:12 | 000,000,117 | ---- | C] () -- C:\Users\owner\jagex_runescape_preferences2.dat
    [2010/08/23 10:16:33 | 000,000,046 | ---- | C] () -- C:\Users\owner\jagex_runescape_preferences.dat
    [2009/12/25 14:59:29 | 000,000,892 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 362 bytes -> C:\ProgramData\TEMP:390B30B4
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:BF6C81B2
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:C7F08EA3
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:B4F0E275
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5E73E1C2
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4C8FA829
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:488F7244
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMPDF112BD
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:EDDBC69E
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F89F2593
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3086B95F
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:1234ADAE
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0BBF232A
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F5E8CAE0
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:18A6D2CC
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4C31986D
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2AE74FF9
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A5241382
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B54E4B5A
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C0BCE04B
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:762408BA
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5CE91C67
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:162E346C
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:94B46CA2
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:386B39C3
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9EE6560D
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:124B94C0
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:65AB2A58
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AECF4772
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:041C0562
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C186F20B
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3595B780
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C22674B6
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:95198126

    < End of report >

  4. #4
    Member
    Join Date
    Apr 2009
    Posts
    10
    Points
    0

    Default

    OTL logfile created on: 12/4/2013 10:07:09 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Desktop\virus gadgets
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 43.60% Memory free
    5.74 Gb Paging File | 4.25 Gb Available in Paging File | 74.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288.62 Gb Total Space | 228.47 Gb Free Space | 79.16% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/12/04 10:06:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\virus gadgets\OTL.exe
    PRC - [2013/12/04 10:03:22 | 001,110,034 | ---- | M] () -- C:\Users\owner\Desktop\virus gadgets\AdwCleaner.exe
    PRC - [2013/10/29 14:56:46 | 003,567,800 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\avastui.exe
    PRC - [2013/10/21 11:42:05 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2013/10/08 15:27:14 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
    PRC - [2013/08/07 01:38:12 | 000,217,880 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
    PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/02/11 12:45:54 | 001,295,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    PRC - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/02/18 15:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2009/09/03 14:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    PRC - [2009/08/11 19:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
    PRC - [2009/08/11 19:09:38 | 001,324,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
    PRC - [2009/08/10 22:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    PRC - [2009/08/06 20:05:18 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    PRC - [2009/08/06 20:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    PRC - [2009/08/05 17:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    PRC - [2009/08/05 17:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    PRC - [2009/08/05 17:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    PRC - [2009/08/03 20:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    PRC - [2009/08/03 20:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2009/07/28 17:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
    PRC - [2009/07/28 17:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    PRC - [2009/07/13 18:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/03/18 19:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/04 10:03:22 | 001,110,034 | ---- | M] () -- C:\Users\owner\Desktop\virus gadgets\AdwCleaner.exe
    MOD - [2013/10/21 11:42:06 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
    MOD - [2013/10/10 14:32:35 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
    MOD - [2013/10/10 14:31:23 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
    MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2013/08/15 11:43:43 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
    MOD - [2013/08/15 11:42:44 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
    MOD - [2013/08/15 11:40:16 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
    MOD - [2013/08/15 11:39:42 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
    MOD - [2013/07/13 11:38:59 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
    MOD - [2012/01/26 19:27:40 | 000,052,224 | ---- | M] () -- C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2011/12/18 12:53:07 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011/01/26 13:47:02 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
    MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2009/08/03 20:17:24 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    MOD - [2009/07/29 18:35:38 | 000,014,648 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
    MOD - [2009/07/25 13:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
    MOD - [2009/07/16 18:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
    MOD - [2009/07/16 18:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    MOD - [2009/07/08 20:03:02 | 000,058,368 | ---- | M] () -- C:\Windows\System32\bdmpega.acm
    MOD - [2009/06/22 17:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
    MOD - [2009/03/12 22:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
    MOD - [2008/12/30 02:03:26 | 000,098,304 | ---- | M] () -- C:\Program Files\Free Download Manager\iefdm2.dll
    MOD - [2008/03/18 19:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\jsd.dll
    MOD - [2008/03/18 19:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\js32.dll
    MOD - [2008/01/08 17:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV - [2013/10/23 05:06:14 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
    SRV - [2013/10/21 11:42:05 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/10/09 01:21:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/07/28 16:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/05/18 17:29:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/02/24 11:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
    SRV - [2009/09/03 14:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
    SRV - [2009/08/11 19:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV - [2009/08/10 22:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
    SRV - [2009/08/06 20:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV - [2009/08/05 17:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2009/08/03 20:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV - [2009/07/28 17:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleNT.sys -- (EagleNT)
    DRV - [2013/11/08 12:30:33 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
    DRV - [2013/10/21 11:42:07 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/10/21 11:42:07 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/10/21 11:42:07 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2013/10/21 11:42:07 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/10/21 11:42:07 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/10/21 11:42:07 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/10/21 11:42:07 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2013/10/02 00:42:59 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/04/26 16:22:42 | 001,011,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
    DRV - [2009/08/05 22:04:04 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/07/30 19:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2009/07/24 18:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
    DRV - [2009/07/14 18:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/07/07 11:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2009/06/22 20:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
    DRV - [2009/06/19 22:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {DFE1E408-501E-4BB4-B501-D2303CBFCA76}
    IE - HKLM\..\SearchScopes\{DFE1E408-501E-4BB4-B501-D2303CBFCA76}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Bing
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = My Yahoo
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
    IE - HKCU\..\SearchScopes\{2F49A4F6-40B6-42A6-8D97-5CC012F23010}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=C4BB1D6A-CBA1-402B-A253-D99568E93F88&apn_sauid=2C95DF5E-46A7-47E9-906B-79053B3918BB
    IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
    IE - HKCU\..\SearchScopes\{DFE1E408-501E-4BB4-B501-D2303CBFCA76}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\30\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)


    [2011/05/03 02:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions

    ========== Chrome ==========

    CHR - homepage: true
    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: Google
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldnpebemfdkffjcmpangoiagoadaomdd\1.4.4_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2010/09/05 12:59:48 | 000,000,853 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 74.208.105.171 gs.apple.com
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [20131121] C:\Program Files\Alwil Software\Avast5\setup\emupdate\828d879c-1346-46a4-a1a5-9a6f75e26c69.exe (AVAST Software)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
    O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - HKCU..\Run: [ccleaner] C:\Users\owner\Desktop\virus gadgets\CCleaner\CCleaner.exe (Piriform Ltd)
    O4 - HKCU..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun File not found
    O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files\Itibiti Soft Phone\Itibiti.exe File not found
    O4 - HKCU..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
    O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKCU..\Run: [Spotify] "C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm File not found
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm File not found
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm File not found
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: dhs.gov ([email.tsa] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: dhs.gov ([extranet.tsa] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: dhs.gov ([pass.tsa] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: dhs.gov ([tsaolc.tsa] https in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://games.bigfishgames.com/en_mys...esLauncher.cab (SpinTop Games Launcher)
    O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} http://games.bigfishgames.com/en_big...GamePlayer.cab (Jolly Bear Games Player)
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games...ploader_v6.cab (PopCapLoader Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DD62CAC-FB49-4916-891E-456DEEFCD4B2}: DhcpNameServer = 192.168.1.1 71.242.0.12
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{3abc33e8-b42c-11e0-bf45-00266c376a5d}\Shell - "" = AutoRun
    O33 - MountPoints2\{3abc33e8-b42c-11e0-bf45-00266c376a5d}\Shell\AutoRun\command - "" = E:\DTVP_Launcher.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/04 10:03:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/12/04 05:26:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2013/12/03 13:00:28 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{74FEC9B1-07C1-432F-B9CE-7C05D8A1D27E}
    [2013/11/30 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{4A76B3A1-D240-4869-87F2-FF32BBC117FF}
    [2013/11/30 16:49:41 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{9F8DAB77-C53C-4322-AB66-F47CBFE4A1DC}
    [2013/11/30 04:41:55 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{C9FB0789-2A3D-4805-812F-8E4E1A72E9CB}
    [2013/11/29 16:41:29 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{54D75CDF-8E01-4B0C-A7FA-9F7C6A589699}
    [2013/11/29 01:22:02 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{52EC1180-0E4B-4E1C-A693-ACF0DE58BA4F}
    [2013/11/28 13:21:35 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{342A3A72-12CC-4B35-97FF-1E916A03FD88}
    [2013/11/28 12:32:08 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{20020B6D-4410-4A96-B676-37FF812014A8}
    [2013/11/27 13:20:22 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{56462CFD-D1F2-462A-8777-ABDEDA027795}
    [2013/11/26 14:05:36 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{1692F205-9F6A-4D44-92F1-0312456E5533}
    [2013/11/25 18:03:57 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{91B5C0E4-D35E-4100-97F8-2133095DBF0C}
    [2013/11/25 12:36:32 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{87B9E565-C884-4C93-8CE1-6D5BDEA03AF5}
    [2013/11/24 02:25:17 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{9467BD0A-FCEB-4B4F-8709-70414133E317}
    [2013/11/16 02:24:00 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{EF432A32-4636-443C-BF84-FB96D0AFBA9B}
    [2013/11/14 12:32:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
    [2013/11/14 12:32:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
    [2013/11/14 12:32:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
    [2013/11/14 12:32:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
    [2013/11/14 12:32:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
    [2013/11/14 12:32:17 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
    [2013/11/14 12:32:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
    [2013/11/14 12:32:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
    [2013/11/13 08:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2013/11/13 03:26:12 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\authui.dll
    [2013/11/13 03:26:11 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmartcardCredentialProvider.dll
    [2013/11/13 03:26:05 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll
    [2013/11/13 03:26:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll
    [2013/11/13 03:26:02 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshwfp.dll
    [2013/11/13 03:26:02 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FWPUCLNT.DLL
    [2013/11/12 18:06:32 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{2E3D3E01-3D0A-4D5E-B0B6-B7F0BDD71FCE}
    [2013/11/09 01:29:30 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{A7D411E1-A198-4004-9242-9E5F074E6FB2}
    [2013/11/05 05:11:37 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Rumbic Studio
    [2013/11/04 13:33:05 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Fall 2013-2014 rotation items
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/12/04 10:09:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/12/04 09:19:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2013/12/04 00:26:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/12/03 16:48:43 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/12/03 16:48:43 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/12/03 16:40:27 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/12/03 16:40:04 | 2312,097,792 | -HS- | M] () -- C:\hiberfil.sys
    [2013/12/03 13:04:10 | 000,624,412 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2013/12/03 13:04:10 | 000,106,756 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2013/11/11 05:50:18 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
    [2013/11/08 12:30:33 | 000,403,440 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswsp.sys
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/09/11 05:32:05 | 000,007,605 | ---- | C] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
    [2013/03/02 08:58:33 | 000,178,304 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
    [2013/03/02 08:58:33 | 000,049,944 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
    [2011/05/13 15:09:22 | 000,012,896 | -HS- | C] () -- C:\Users\owner\AppData\Local\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
    [2011/05/13 15:09:22 | 000,012,896 | -HS- | C] () -- C:\ProgramData\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
    [2011/02/07 03:06:55 | 000,000,264 | ---- | C] () -- C:\ProgramData\~s4qjuD53p
    [2011/02/07 03:06:55 | 000,000,144 | ---- | C] () -- C:\ProgramData\~s4qjuD53pr
    [2011/02/07 03:06:48 | 000,000,544 | ---- | C] () -- C:\ProgramData\s4qjuD53p
    [2010/10/16 21:55:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/10/11 06:51:17 | 000,000,283 | ---- | C] () -- C:\Users\owner\SciTE.session
    [2010/08/23 10:18:13 | 000,000,000 | ---- | C] () -- C:\Users\owner\jagex__preferences3.dat
    [2010/08/23 10:18:12 | 000,000,117 | ---- | C] () -- C:\Users\owner\jagex_runescape_preferences2.dat
    [2010/08/23 10:16:33 | 000,000,046 | ---- | C] () -- C:\Users\owner\jagex_runescape_preferences.dat
    [2009/12/25 14:59:29 | 000,000,892 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 362 bytes -> C:\ProgramData\TEMP:390B30B4
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:BF6C81B2
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:C7F08EA3
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:B4F0E275
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5E73E1C2
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4C8FA829
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:488F7244
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMPDF112BD
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:EDDBC69E
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F89F2593
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3086B95F
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:1234ADAE
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0BBF232A
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F5E8CAE0
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:18A6D2CC
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4C31986D
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2AE74FF9
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A5241382
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B54E4B5A
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C0BCE04B
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:762408BA
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5CE91C67
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:162E346C
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:94B46CA2
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:386B39C3
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9EE6560D
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:124B94C0
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:65AB2A58
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AECF4772
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:041C0562
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C186F20B
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3595B780
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C22674B6
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:95198126

    < End of report >

    # AdwCleaner v3.014 - Report created 04/12/2013 at 10:04:08
    # Updated 01/12/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : owner - OWNER-PC
    # Running from : C:\Users\owner\Desktop\virus gadgets\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Users\owner\AppData\Local\Temp\Uninstall.exe
    File Found : C:\windows\Downloaded Program Files\popcaploader.inf
    Folder Found C:\Program Files\w3i
    Folder Found C:\ProgramData\Alawar Stargaze
    Folder Found C:\ProgramData\Ask
    Folder Found C:\ProgramData\boost_interprocess
    Folder Found C:\ProgramData\Partner
    Folder Found C:\ProgramData\w3i
    Folder Found C:\Users\owner\AppData\Local\apn
    Folder Found C:\Users\owner\AppData\Local\visi_coupon
    Folder Found C:\Users\owner\AppData\Roaming\quickclick

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\APN PIP
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\Cr_Installer
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\pc optimizer pro
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKCU\Software\Zugo
    Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
    Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
    Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\Software\Freeze.com
    Key Found : HKLM\Software\InstallIQ
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    Key Found : HKLM\Software\PIP
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16520


    -\\ Mozilla Firefox v

    [ File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kkslx0p8.default\prefs.js ]


    -\\ Google Chrome v31.0.1650.57

    [ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [8116 octets] - [04/12/2013 10:04:08]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8176 octets] ##########

  5. #5
    Member
    Join Date
    Apr 2009
    Posts
    10
    Points
    0

    Default To Donna with results of requested information.

    OTL logfile created on: 12/4/2013 10:07:09 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Desktop\virus gadgets
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 43.60% Memory free
    5.74 Gb Paging File | 4.25 Gb Available in Paging File | 74.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288.62 Gb Total Space | 228.47 Gb Free Space | 79.16% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/12/04 10:06:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\virus gadgets\OTL.exe
    PRC - [2013/12/04 10:03:22 | 001,110,034 | ---- | M] () -- C:\Users\owner\Desktop\virus gadgets\AdwCleaner.exe
    PRC - [2013/10/29 14:56:46 | 003,567,800 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\avastui.exe
    PRC - [2013/10/21 11:42:05 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2013/10/08 15:27:14 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
    PRC - [2013/08/07 01:38:12 | 000,217,880 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
    PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/02/11 12:45:54 | 001,295,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    PRC - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/02/18 15:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2009/09/03 14:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    PRC - [2009/08/11 19:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
    PRC - [2009/08/11 19:09:38 | 001,324,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
    PRC - [2009/08/10 22:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    PRC - [2009/08/06 20:05:18 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    PRC - [2009/08/06 20:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    PRC - [2009/08/05 17:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    PRC - [2009/08/05 17:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    PRC - [2009/08/05 17:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    PRC - [2009/08/03 20:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    PRC - [2009/08/03 20:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2009/07/28 17:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
    PRC - [2009/07/28 17:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    PRC - [2009/07/13 18:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/03/18 19:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/04 10:03:22 | 001,110,034 | ---- | M] () -- C:\Users\owner\Desktop\virus gadgets\AdwCleaner.exe
    MOD - [2013/10/21 11:42:06 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
    MOD - [2013/10/10 14:32:35 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
    MOD - [2013/10/10 14:31:23 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
    MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2013/08/15 11:43:43 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
    MOD - [2013/08/15 11:42:44 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
    MOD - [2013/08/15 11:40:16 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
    MOD - [2013/08/15 11:39:42 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
    MOD - [2013/07/13 11:38:59 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
    MOD - [2012/01/26 19:27:40 | 000,052,224 | ---- | M] () -- C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2011/12/18 12:53:07 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011/01/26 13:47:02 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
    MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2009/08/03 20:17:24 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    MOD - [2009/07/29 18:35:38 | 000,014,648 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
    MOD - [2009/07/25 13:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
    MOD - [2009/07/16 18:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
    MOD - [2009/07/16 18:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    MOD - [2009/07/08 20:03:02 | 000,058,368 | ---- | M] () -- C:\Windows\System32\bdmpega.acm
    MOD - [2009/06/22 17:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
    MOD - [2009/03/12 22:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
    MOD - [2008/12/30 02:03:26 | 000,098,304 | ---- | M] () -- C:\Program Files\Free Download Manager\iefdm2.dll
    MOD - [2008/03/18 19:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\jsd.dll
    MOD - [2008/03/18 19:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\js32.dll
    MOD - [2008/01/08 17:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV - [2013/10/23 05:06:14 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
    SRV - [2013/10/21 11:42:05 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/10/09 01:21:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/07/28 16:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/05/18 17:29:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/02/24 11:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
    SRV - [2009/09/03 14:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
    SRV - [2009/08/11 19:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV - [2009/08/10 22:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
    SRV - [2009/08/06 20:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV - [2009/08/05 17:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2009/08/03 20:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV - [2009/07/28 17:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleNT.sys -- (EagleNT)
    DRV - [2013/11/08 12:30:33 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
    DRV - [2013/10/21 11:42:07 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/10/21 11:42:07 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/10/21 11:42:07 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2013/10/21 11:42:07 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/10/21 11:42:07 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/10/21 11:42:07 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/10/21 11:42:07 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2013/10/02 00:42:59 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/04/26 16:22:42 | 001,011,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
    DRV - [2009/08/05 22:04:04 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/07/30 19:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2009/07/24 18:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
    DRV - [2009/07/14 18:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/07/07 11:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2009/06/22 20:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
    DRV - [2009/06/19 22:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {DFE1E408-501E-4BB4-B501-D2303CBFCA76}
    IE - HKLM\..\SearchScopes\{DFE1E408-501E-4BB4-B501-D2303CBFCA76}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Bing
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = My Yahoo
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
    IE - HKCU\..\SearchScopes\{2F49A4F6-40B6-42A6-8D97-5CC012F23010}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=C4BB1D6A-CBA1-402B-A253-D99568E93F88&apn_sauid=2C95DF5E-46A7-47E9-906B-79053B3918BB
    IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
    IE - HKCU\..\SearchScopes\{DFE1E408-501E-4BB4-B501-D2303CBFCA76}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\30\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)


    [2011/05/03 02:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions

    ========== Chrome ==========

    CHR - homepage: true
    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: Google
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldnpebemfdkffjcmpangoiagoadaomdd\1.4.4_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2010/09/05 12:59:48 | 000,000,853 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 74.208.105.171 gs.apple.com
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [20131121] C:\Program Files\Alwil Software\Avast5\setup\emupdate\828d879c-1346-46a4-a1a5-9a6f75e26c69.exe (AVAST Software)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
    O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - HKCU..\Run: [ccleaner] C:\Users\owner\Desktop\virus gadgets\CCleaner\CCleaner.exe (Piriform Ltd)
    O4 - HKCU..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun File not found
    O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files\Itibiti Soft Phone\Itibiti.exe File not found
    O4 - HKCU..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
    O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKCU..\Run: [Spotify] "C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm File not found
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm File not found
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm File not found
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: dhs.gov ([email.tsa] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: dhs.gov ([extranet.tsa] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: dhs.gov ([pass.tsa] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: dhs.gov ([tsaolc.tsa] https in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://games.bigfishgames.com/en_mys...esLauncher.cab (SpinTop Games Launcher)
    O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} http://games.bigfishgames.com/en_big...GamePlayer.cab (Jolly Bear Games Player)
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games...ploader_v6.cab (PopCapLoader Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DD62CAC-FB49-4916-891E-456DEEFCD4B2}: DhcpNameServer = 192.168.1.1 71.242.0.12
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{3abc33e8-b42c-11e0-bf45-00266c376a5d}\Shell - "" = AutoRun
    O33 - MountPoints2\{3abc33e8-b42c-11e0-bf45-00266c376a5d}\Shell\AutoRun\command - "" = E:\DTVP_Launcher.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/04 10:03:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/12/04 05:26:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2013/12/03 13:00:28 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{74FEC9B1-07C1-432F-B9CE-7C05D8A1D27E}
    [2013/11/30 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{4A76B3A1-D240-4869-87F2-FF32BBC117FF}
    [2013/11/30 16:49:41 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{9F8DAB77-C53C-4322-AB66-F47CBFE4A1DC}
    [2013/11/30 04:41:55 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{C9FB0789-2A3D-4805-812F-8E4E1A72E9CB}
    [2013/11/29 16:41:29 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{54D75CDF-8E01-4B0C-A7FA-9F7C6A589699}
    [2013/11/29 01:22:02 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{52EC1180-0E4B-4E1C-A693-ACF0DE58BA4F}
    [2013/11/28 13:21:35 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{342A3A72-12CC-4B35-97FF-1E916A03FD88}
    [2013/11/28 12:32:08 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{20020B6D-4410-4A96-B676-37FF812014A8}
    [2013/11/27 13:20:22 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{56462CFD-D1F2-462A-8777-ABDEDA027795}
    [2013/11/26 14:05:36 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{1692F205-9F6A-4D44-92F1-0312456E5533}
    [2013/11/25 18:03:57 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{91B5C0E4-D35E-4100-97F8-2133095DBF0C}
    [2013/11/25 12:36:32 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{87B9E565-C884-4C93-8CE1-6D5BDEA03AF5}
    [2013/11/24 02:25:17 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{9467BD0A-FCEB-4B4F-8709-70414133E317}
    [2013/11/16 02:24:00 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{EF432A32-4636-443C-BF84-FB96D0AFBA9B}
    [2013/11/14 12:32:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
    [2013/11/14 12:32:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
    [2013/11/14 12:32:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
    [2013/11/14 12:32:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
    [2013/11/14 12:32:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
    [2013/11/14 12:32:17 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
    [2013/11/14 12:32:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
    [2013/11/14 12:32:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
    [2013/11/13 08:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2013/11/13 03:26:12 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\authui.dll
    [2013/11/13 03:26:11 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmartcardCredentialProvider.dll
    [2013/11/13 03:26:05 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll
    [2013/11/13 03:26:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll
    [2013/11/13 03:26:02 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshwfp.dll
    [2013/11/13 03:26:02 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FWPUCLNT.DLL
    [2013/11/12 18:06:32 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{2E3D3E01-3D0A-4D5E-B0B6-B7F0BDD71FCE}
    [2013/11/09 01:29:30 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{A7D411E1-A198-4004-9242-9E5F074E6FB2}
    [2013/11/05 05:11:37 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Rumbic Studio
    [2013/11/04 13:33:05 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Fall 2013-2014 rotation items
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/12/04 10:09:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/12/04 09:19:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2013/12/04 00:26:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/12/03 16:48:43 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/12/03 16:48:43 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/12/03 16:40:27 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/12/03 16:40:04 | 2312,097,792 | -HS- | M] () -- C:\hiberfil.sys
    [2013/12/03 13:04:10 | 000,624,412 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2013/12/03 13:04:10 | 000,106,756 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2013/11/11 05:50:18 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
    [2013/11/08 12:30:33 | 000,403,440 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswsp.sys
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/09/11 05:32:05 | 000,007,605 | ---- | C] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
    [2013/03/02 08:58:33 | 000,178,304 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
    [2013/03/02 08:58:33 | 000,049,944 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
    [2011/05/13 15:09:22 | 000,012,896 | -HS- | C] () -- C:\Users\owner\AppData\Local\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
    [2011/05/13 15:09:22 | 000,012,896 | -HS- | C] () -- C:\ProgramData\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
    [2011/02/07 03:06:55 | 000,000,264 | ---- | C] () -- C:\ProgramData\~s4qjuD53p
    [2011/02/07 03:06:55 | 000,000,144 | ---- | C] () -- C:\ProgramData\~s4qjuD53pr
    [2011/02/07 03:06:48 | 000,000,544 | ---- | C] () -- C:\ProgramData\s4qjuD53p
    [2010/10/16 21:55:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/10/11 06:51:17 | 000,000,283 | ---- | C] () -- C:\Users\owner\SciTE.session
    [2010/08/23 10:18:13 | 000,000,000 | ---- | C] () -- C:\Users\owner\jagex__preferences3.dat
    [2010/08/23 10:18:12 | 000,000,117 | ---- | C] () -- C:\Users\owner\jagex_runescape_preferences2.dat
    [2010/08/23 10:16:33 | 000,000,046 | ---- | C] () -- C:\Users\owner\jagex_runescape_preferences.dat
    [2009/12/25 14:59:29 | 000,000,892 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 362 bytes -> C:\ProgramData\TEMP:390B30B4
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:BF6C81B2
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:C7F08EA3
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:B4F0E275
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5E73E1C2
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4C8FA829
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:488F7244
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMPDF112BD
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:EDDBC69E
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F89F2593
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3086B95F
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:1234ADAE
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0BBF232A
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F5E8CAE0
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:18A6D2CC
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4C31986D
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2AE74FF9
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A5241382
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B54E4B5A
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C0BCE04B
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:762408BA
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5CE91C67
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:162E346C
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:94B46CA2
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:386B39C3
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9EE6560D
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:124B94C0
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:65AB2A58
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AECF4772
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:041C0562
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C186F20B
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3595B780
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C22674B6
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:95198126

    < End of report >

    # AdwCleaner v3.014 - Report created 04/12/2013 at 10:04:08
    # Updated 01/12/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : owner - OWNER-PC
    # Running from : C:\Users\owner\Desktop\virus gadgets\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Users\owner\AppData\Local\Temp\Uninstall.exe
    File Found : C:\windows\Downloaded Program Files\popcaploader.inf
    Folder Found C:\Program Files\w3i
    Folder Found C:\ProgramData\Alawar Stargaze
    Folder Found C:\ProgramData\Ask
    Folder Found C:\ProgramData\boost_interprocess
    Folder Found C:\ProgramData\Partner
    Folder Found C:\ProgramData\w3i
    Folder Found C:\Users\owner\AppData\Local\apn
    Folder Found C:\Users\owner\AppData\Local\visi_coupon
    Folder Found C:\Users\owner\AppData\Roaming\quickclick

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\APN PIP
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\Cr_Installer
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\pc optimizer pro
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKCU\Software\Zugo
    Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
    Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
    Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\Software\Freeze.com
    Key Found : HKLM\Software\InstallIQ
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    Key Found : HKLM\Software\PIP
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16520


    -\\ Mozilla Firefox v

    [ File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kkslx0p8.default\prefs.js ]


    -\\ Google Chrome v31.0.1650.57

    [ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [8116 octets] - [04/12/2013 10:04:08]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8176 octets] ##########

  6. #6
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi debwilley,

    Thank you for the logs.

    Please do the following:


    Double-click AdwCleaner.exe to run the tool again.
    • Click the Scan button.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    Also, OTL should have generated an Extras.txt log. See if it on your desktop and post that in your next reply. If you can not find it, click on your Start and type Extras.txt into your Start Search field.

    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  7. #7
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi debwilley,

    Do you still require help?

    If so, please follow the instructions above and post the log requested.

    If no further help is needed, please let us know and we will close this topic for you.

    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  8. #8
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Due to lack of feedback, this topic will be closed.

    If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"