System Check on Vista

Inactive
By MagestiQ
Jan 21, 2012
  1. I have a System check problem...


    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.21.02

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19170
    Odie :: ODIE-LAPTOP [administrator]

    Protection: Enabled

    1/21/2012 12:20:23 PM
    mbam-log-2012-01-21 (12-20-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 186078
    Time elapsed: 33 minute(s), 45 second(s)

    Memory Processes Detected: 2
    C:\ProgramData\iftoHJPGIwnKMJR.exe (Rogue.FakeHDD) -> 4252 -> Delete on reboot.
    C:\ProgramData\evfA91U0AmKF44.exe (Rogue.FakeAlert) -> 4748 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|iftoHJPGIwnKMJR.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\iftoHJPGIwnKMJR.exe -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|7I7U7W7YYVZB6JYUPHDDJXIRUACPNMN (Trojan.SpyEyes) -> Data: C:\Ex.CleanI\8948CD57A1A.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 1
    C:\Ex.CleanI (Trojan.SpyEyes) -> Quarantined and deleted successfully.

    Files Detected: 8
    C:\ProgramData\iftoHJPGIwnKMJR.exe (Rogue.FakeHDD) -> Delete on reboot.
    C:\ProgramData\evfA91U0AmKF44.exe (Rogue.FakeAlert) -> Delete on reboot.
    C:\$RECYCLE.BIN\S-1-5-21-1235594767-156515733-2245494932-1000\$R13N5TS.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
    C:\$RECYCLE.BIN\S-1-5-21-1235594767-156515733-2245494932-1000\$RJXVQW0.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
    C:\$RECYCLE.BIN\S-1-5-21-1235594767-156515733-2245494932-1000\$R30Z18R.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
    C:\Users\Odie\AppData\Local\MicrosoftNT\winserver.exe (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully.
    C:\Users\Odie\Downloads\EpicPlaySetup.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
    C:\Ex.CleanI\8948CD57A1A.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

    (end)



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-21 14:17:31
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01
    Running: ycow72iq.exe; Driver: C:\Users\Odie\AppData\Local\Temp\pxdirpow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Driver\tdx \Device\Ip [9062BE58] \SystemRoot\system32\DRIVERS\tdx.sys[.idata]
    Device \Driver\tdx \Device\Tcp [9062BE58] \SystemRoot\system32\DRIVERS\tdx.sys[.idata]
    Device \Driver\tdx \Device\Udp [9062BE58] \SystemRoot\system32\DRIVERS\tdx.sys[.idata]
    Device \Driver\tdx \Device\RawIp [9062BE58] \SystemRoot\system32\DRIVERS\tdx.sys[.idata]

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
  2. MagestiQ

    MagestiQ Newcomer, in training Topic Starter

    DDS and Attach

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_26
    Run by Odie at 14:23:45 on 2012-01-21
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1801 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
    SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\WTouch\WTouchService.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Pen_Tablet.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\WTouch\WTouchUser.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WTablet\Pen_TabletUser.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
    C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
    C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
    C:\Program Files\Real\RealPlayer\realplay.exe
    C:\Program Files\Common Files\AOL\1231115655\ee\aolsoftware.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\NetZero\exec.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    C:\Program Files\NetZero\exec.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
    mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
    BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
    TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
    uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [EasyTether] "c:\program files\mobile stream\easytether\easytthr.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN19Q1R22Q05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [cfFncEnabler.exe] cfFncEnabler.exe
    mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
    mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
    mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
    mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    mRun: [HostManager] c:\program files\common files\aol\1231115655\ee\AOLSoftware.exe
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [<NO NAME>]
    mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Skytel] Skytel.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Display All Images with Full Quality - "c:\program files\netzero\qsacc\appres.dll/228"
    IE: Display Image with Full Quality - "c:\program files\netzero\qsacc\appres.dll/227"
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: mswsock.dll
    Trusted Zone: myspace.com\home
    Trusted Zone: netzero.com
    Trusted Zone: netzero.net
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{21D5FA56-C953-4D5A-8C38-4C6A8A5CD3E8} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{3ACDFDF8-2820-462C-91D7-FEA3C4FE6F98} : DhcpNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{FF760607-1879-4406-AC47-128752A558DA} : DhcpNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: avgrsstx.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\odie\appdata\roaming\mozilla\firefox\profiles\oxz58ce6.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\tabletplugins\npwacom.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-27 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-27 27784]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-27 297752]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-21 652872]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2011-11-24 4497704]
    R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-14 46392]
    R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
    R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2011-11-24 113448]
    R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [2011-7-3 17296]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 7168]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-21 20464]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
    R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
    R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2011-11-24 13480]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-3-26 13312]
    S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-20 9216]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-11-24 16168]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-3-9 11520]
    .
    =============== Created Last 30 ================
    .
    2012-01-21 18:18:31 -------- d-----w- c:\users\odie\appdata\roaming\Malwarebytes
    2012-01-21 18:17:44 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-21 18:17:42 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-21 18:17:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-15 17:58:43 471552 ----a-w- c:\windows\system32\secproc_isv.dll
    2012-01-15 17:58:40 471552 ----a-w- c:\windows\system32\secproc.dll
    2012-01-15 17:58:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2012-01-15 17:58:18 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2012-01-15 17:58:16 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2012-01-15 17:58:15 518144 ----a-w- c:\windows\system32\RMActivate.exe
    2012-01-15 17:58:14 332288 ----a-w- c:\windows\system32\msdrm.dll
    2012-01-15 17:58:14 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2012-01-15 17:58:14 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
    2012-01-15 17:32:49 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
    2012-01-15 17:32:48 310784 ----a-w- c:\windows\system32\unregmp2.exe
    2012-01-15 05:39:01 -------- d--h--w- c:\users\odie\appdata\local\MicrosoftNT
    2012-01-15 03:12:28 -------- d-----w- c:\windows\PCHEALTH
    2012-01-15 03:08:07 -------- d-----w- c:\program files\Microsoft Analysis Services
    2012-01-15 03:07:16 -------- d--h--w- c:\users\odie\appdata\local\Microsoft Help
    2012-01-11 23:44:53 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-11 23:44:53 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-01-11 23:44:53 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-11 23:44:52 9728 ----a-w- c:\windows\system32\lsass.exe
    2012-01-11 23:44:52 72704 ----a-w- c:\windows\system32\secur32.dll
    2012-01-11 23:44:52 377344 ----a-w- c:\windows\system32\winhttp.dll
    2012-01-11 01:37:45 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-01-11 01:37:45 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-01-11 01:37:44 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 01:37:42 66560 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 01:37:42 376320 ----a-w- c:\windows\system32\winsrv.dll
    2012-01-11 01:37:40 497152 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-11 01:37:40 1314816 ----a-w- c:\windows\system32\quartz.dll
    2012-01-01 05:07:47 -------- d--h--w- c:\users\odie\appdata\roaming\HpUpdate
    2012-01-01 05:07:40 544616 ------w- c:\windows\system32\HPDiscoPM5912.dll
    2012-01-01 05:03:37 -------- d-----w- c:\program files\HP
    2012-01-01 05:02:57 -------- d--h--w- c:\users\odie\appdata\local\HP
    .
    ==================== Find3M ====================
    .
    2012-01-15 05:42:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
    .
    ============= FINISH: 14:24:43.51 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/24/2008 4:09:37 PM
    System Uptime: 1/21/2012 1:57:28 PM (1 hours ago)
    .
    Motherboard: Intel Corp. | | Base Board Product Name
    Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | CPU | 800/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 231 GiB total, 150.305 GiB free.
    D: is CDROM (UDF)
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Add or Remove Adobe Creative Suite 3 Design Standard
    Adobe Acrobat 8 Professional
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Creative Suite 3 Design Standard
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 8.1.2
    Adobe Setup
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    Amazon Links
    AOL Coach Version 1.0(Build:20020823.1)
    AOL Mail and AIM Gadget
    AOL Toolbar
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Software Update
    ArcSoft PhotoStudio 5.5
    AVG Free 8.5
    Bamboo
    Bluetooth Stack for Windows by Toshiba
    Cabela's Big Game Hunter 2005 Adventures
    Camera Assistant Software for Toshiba
    Canon CanoScan LiDE 100 User Registration
    Canon MP Navigator EX 2.0
    Canon Utilities Solution Menu
    CanoScan LiDE 100 Scanner Driver
    CD/DVD Drive Acoustic Silencer
    CDDRV_Installer
    CyberLink PowerCinema for TOSHIBA
    Definition update for Microsoft Office 2010 (KB982726)
    Deluxe MM Bible
    Download Updater (AOL LLC)
    DVD MovieFactory for TOSHIBA
    EasyTether
    Google Toolbar for Internet Explorer
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Officejet Pro 8600 Basic Device Software
    HP Officejet Pro 8600 Help
    HP Officejet Pro 8600 Product Improvement Study
    HP Update
    I.R.I.S. OCR
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless WiFi Software
    Intel® Matrix Storage Manager
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) 6 Update 6
    Java(TM) 6 Update 7
    KhalInstallWrapper
    Logitech SetPoint
    Malwarebytes Anti-Malware version 1.60.0.1800
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2010
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft XML Parser
    Mozilla Firefox 4.0 (x86 en-US)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetZero Internet
    NetZero Internet Access Installer
    OpenOffice.org 3.0
    PDF Settings
    Picasa 2
    PMB
    QuickBooks Financial Center
    QuickTime
    RealPlayer Basic
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek High Definition Audio Driver
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
    RTC Client API v1.2
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Synaptics Pointing Device Driver
    TOSHIBA Application Disc Creator
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Desktop Links
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA PowerCinema Helper
    Toshiba Registration
    TOSHIBA SD Memory Utilities
    TOSHIBA Service Station
    TOSHIBA Software Modem
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    Uninstall AOL Emergency Connect Utility 1.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Viewpoint Media Player
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    WildTangent Games
    Windows Media Encoder 9 Series
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/21/2012 2:01:18 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
    1/21/2012 1:59:21 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Adobe PDF with shared resource name Adobe PDF. Error 1753. The printer cannot be used by others on the network.
    1/21/2012 1:59:20 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet Pro 8600 (Network) with shared resource name HP Officejet Pro 8600 (Network). Error 1753. The printer cannot be used by others on the network.
    1/21/2012 1:59:07 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    1/21/2012 1:59:07 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    1/21/2012 1:59:07 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    1/21/2012 1:58:44 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel ArcSoft-PhotoStudio-EventLog/Debug. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
    1/21/2012 1:58:40 PM, Error: EventLog [6008] - The previous system shutdown at 1:48:23 PM on 1/21/2012 was unexpected.
    1/21/2012 1:07:58 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet Pro 8600 (Network) with shared resource name HP Officejet Pro 8600 (Network). Error 2114. The printer cannot be used by others on the network.
    1/21/2012 1:07:58 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Adobe PDF with shared resource name Adobe PDF. Error 2114. The printer cannot be used by others on the network.
    1/15/2012 8:43:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 spldr Wanarpv6
    1/15/2012 8:43:31 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    1/15/2012 8:42:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/15/2012 8:42:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/15/2012 8:42:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    1/15/2012 8:42:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/15/2012 8:42:30 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    1/15/2012 8:42:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/15/2012 8:42:05 AM, Error: EventLog [6008] - The previous system shutdown at 8:40:37 AM on 1/15/2012 was unexpected.
    1/14/2012 9:24:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    1/14/2012 9:24:59 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/14/2012 9:17:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================
  3. MagestiQ

    MagestiQ Newcomer, in training Topic Starter

    I do appreciate any and all help... thanks in advance.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot! I'll be glad to help.

    But I could do a better job of helping if I knew what was happening! There are several very active rogue malware program. There are some similar symptoms, some different and the fix for each is different.

    IF you have System Check malware, you might be experiencing some or all of the following:
    Note: You may not experience all of the above, but it is important to tell me what problems you do have.
    ========================================
    Warning about Trojan.SpyEye
    There were several entries infected with this malware.
    I notice you have Quick Books on the system. Most likely you do some online banking with it. I strongly advise you to carefully monitor and financial transaction that you have online. Although the entries may have been removed, there is no way to confirm that the system hasn't been compromised. You should change all of your passwords- but understand if the information has already been accessed, this won't be of much help.
    -------------------------------
    1. You have no System Restore points.
    2. You have several outdated versions of programs on the system that are all vulnerabilities:
    Adobe Reader 8.1.2
    Java(TM) 6 Update 26
    Java(TM) 6 Update 6
    Java(TM) 6 Update 7
    Mozilla Firefox 4.0 (x86 en-US)
    You should verify that AVG Free 8.5 is still being supported.
    3. The Install Date is 10/24/2008. Although SP2 is on the system, there are no Windows Security updates
    4. Several infected entries that were removed are still in the Recycle Bin Please empty it.
    ========================================
    I'm going to have you run Combofix. It will help to define the most prevalent rogue. Please understand that although entries can be removed, deleted or quarantines, I cannot assure you that the system has not already been compromised
    -----------------------------
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===================================
    After I review the Combofix log, I will know better whether to try and continue or to recommend that you do a reformat and reinstall instead.
  5. MagestiQ

    MagestiQ Newcomer, in training Topic Starter

    Yes... I am seeing the error messages and my desktop is vacant, as well as my start bar and menu. I have had some issues with new tabs opening on their own. Once I ran Malwarebytes... AVG reported that I had a virus known as JS/Redir.

    I am currently running through the steps you requested will post logs as soon as they are finished.
  6. MagestiQ

    MagestiQ Newcomer, in training Topic Starter

    Well it has been scanning for more than 30 min... should i just kill it and try running from safe mode?
  7. MagestiQ

    MagestiQ Newcomer, in training Topic Starter

    Well I guess it is a no go for a Combofix scan tonight.... I did try to run it in safe mode and it still hangs up at the scanning process. I'm shutting it down for tonight... I'll be back tomorrow.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please use the Edit function when you want to add a few words. I get an email for every post you make.

    NOTE: If, for some reason, Combofix refuses to run, try one of the following:
    1. Run Combofix from Safe Mode.
    2. Delete Combofix file, download fresh one, but rename combofix.exe to
    friday.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    -------------------------------------
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 3 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following>>>>.

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

    Rkill instructions
    Once you've gotten one of them to run
    • immediately double click on friday.exe to run
    • If normal mode still doesn't work, run BOTH tools from safe mode.

    In you have done #2, please post BOTH logs, rKill and Combofix.
    ======================================
    If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners
    ============================================
    See below. Do this if needed: Press Windows+R key> type cmd> OK

    1. If your task manager is disabled,copy and run this command
    Code:
    Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr
    Press Enter

    2. If you're desktop is blank and unable to right click on it ,run this command
    Code:
    Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop[/b]
    Press Enter
    ==============================
    Please print out the following instructions. It is important that the order of the scan below be followed exactly. Please read through all of the instructions before you begin.
    --------------------------
    The following can be run first to allow you to 'see' the programs, files,etc. But it is important that you understand that this does not remove the malware, only the attribute to hide these features. So it is important that you continue with the cleaning:
    1. Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    Note: This does not remove the malware- only the attribute that hides icons and programs. It is important that you continue.
    ================================
    2. Boot into Safe Mode with Networking
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, using your up/down arrows to reach it and then press ENTER.
    =======================================
    3. To end the processes that belong to the rogue program:
    Please click on RKill
    • At the download page, click on Download now button for iExplore.exe download link and save to the desktop
    • Double click on the iExplore.exe icon
    • Please be patient- it may take a bit.
    • The black Window will close when through and you can continue.
    Note: If you get a message that RKilll is malware, ignore it> it's from the malware.
    =======================================
    Do not reboot your computer after runningRKilll as the malware programs will start again.
    ================================
    4. This malware frequently comes with the TDSSrootkit, so do the following:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43 Save log and post in next reply.
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    ====================================
    If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
    ====================================
    5. Update and rescan with Malwarebytes:
    • Select Perform Full Scan on the Scanner tab
    • Click on the Scan button.
    • When scan has finished, you will see this image:
      [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format>Uncheckk Word Wrap before copying the log to paste in your next reply.
    ==============================
    6. Correct Display Changes if needed:
    If the desktop background is black or if the theme has been removed:
    For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
    For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
    =====================================
    7. Some items may not show on the Start menu. To add them back:
    • Right click on Start> Properties
    • Taskbar and Start Menu Properties screen appears
    • choose Start Menu tab> Click on Customize
    • For Windows XP> Choose Advanced tab
    • Check the items you want back on the Start Menu
    • When finished> click on OK> Apply and close.
    ====================================
    You can now reboot back into Normal Mode.

    Please leave all logs in next reply.
  9. MagestiQ

    MagestiQ Newcomer, in training Topic Starter

    Well I have spent all afternoon and night trying to get combofix to scan...I have tried everything that you said.... I was unclear whether to run rkill both before exehelper and again before combofix (or just run it once).... so I tried it both ways. I also tried uninstalling combofix and downloading a fresh one with a new name. no go. There were a few times that I tried to run combofix and right away it said that I needed administrator privileges to access these commands... but then it went straight on into trying to scan (which is where it stalls everytime without fail).

    New information.....

    When i run rkill I get some pop ups... one that says that my recycle bin is corrupt: would I like to empty it... and the other is a window that tells me what Safe mode is, like a windows help screen. I have had the one about the recycle bin pop up when I first start up in normal mode and again when I run rkill.

    Also, neither firefox or internet explorer will pull up a web page.. I checked and the option for no proxy is marked.

    I don't know what is running that might be interfering with combofix...(I'm referring to antivirus/malware) We uninstalled AVG and I turned off Avast and Malwarebytes. I checked the processes that were running and the ones that I recognized were not security programs (a little easier in Safe Mode where the options are fewer).

    I don't know what I am doing wrong... aggravated and sleepy... I'll be back tomorrow evening, I hope that you have some magic up your sleeves.

    Also, would TDSSrootkit cause some of the problems that i'm having? I didn't continue with your instructions because I understood them to be in a certain order... should I try them and then come back to Combofix?

    Thanks again.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Best bet is malware!
    This is the order:
    NOTE: If, for some reason, Combofix refuses to run, try one of the following:
    1. Run Combofix from Safe Mode.> if this won't work, go to #2
    2. Delete Combofix file, download fresh one, but rename combofix.exe to
    friday.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    3. D/L and run RKill
    Do not reboot
    4. The D/L, Save and run exe.Helper
    5. Now try running the Combofix named friday.exe
    6. If Combofix still won/t run, boot into Safe Mode> rerun RKill & exe.halper
    7. The try Combofix again, while still in Safe Mode.
    If still no scan, stop. Go on to the 7 steps I left, beginning with Unhide.
  11. MagestiQ

    MagestiQ Newcomer, in training Topic Starter

    Well I re-traced my steps... started over (once again... no scan with combofix). I continued on with your instructions... didn't get unhide to finish, and tdsskiller didn't find any threats. Malwarebytes found one threat. so I tried to run rkill , exehelper and combofix again with no success.

    Malwarebytes log

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.21.02

    Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.19170
    Odie :: ODIE-LAPTOP [administrator]

    Protection: Disabled

    1/24/2012 8:54:14 PM
    mbam-log-2012-01-24 (20-54-14).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 367971
    Time elapsed: 52 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Odie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\434fb426-33eac773 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

    (end)




    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 01/24/2012 at 21:53:46.
    Operating System: Windows Vista (TM) Home Premium


    Processes terminated by Rkill or while it was running:



    Rkill completed on 01/24/2012 at 21:53:54.




    exeHelper by Raktor
    Build 20100414
    Run at 14:03:16 on 01/22/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    exeHelper by Raktor
    Build 20100414
    Run at 18:36:57 on 01/22/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    exeHelper by Raktor
    Build 20100414
    Run at 19:22:07 on 01/22/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    exeHelper by Raktor
    Build 20100414
    Run at 21:46:56 on 01/22/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    exeHelper by Raktor
    Build 20100414
    Run at 19:12:09 on 01/24/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    exeHelper by Raktor
    Build 20100414
    Run at 21:54:34 on 01/24/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    The process in Mbam is in the Java cache: This is usually because there is an outdated version of Java on the system:

    Make sure the only version of Java is v6u30. If needed> Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
    ----------------------------------------
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ===================================
    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

    Logs in next reply please: 2 from OTL.
    ==================================
    FYI: A lot of users are diagnosing their problem as System Check. There are several rogue malware programs currently that have some of the same or similar symptoms. But the 'fixes' are different so it's important for you to tell me specifically what problems you're having.
  13. MagestiQ

    MagestiQ Newcomer, in training Topic Starter

    Well as far as symptoms go... I had the same messages pop up telling me that I had all kinds of drive problems that I read from other posts. At the time that I first posted this thread I still had access to the internet on the infected computer. Not any more... the connection just keeps saying "Identifying" and it won't actually connect to the internet. I keep getting pop ups that say "The recycle bin is corrupt. Would you like to empty its contents?" This popup only shows itself... 1. when the computer boots up 2. when i run rkill and again when i run combofix. It changed my desktop and hid some of my menu items but I've since got them back... thanks to you.

    Also, I uninstalled two of the older versions of Java... tried to update which of course didn't work. I also tried to clear out the cache... but I don't think that it worked.

    Here is OTL


    OTL logfile created on: 1/27/2012 9:35:37 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Odie\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 60.86% Memory free
    5.94 Gb Paging File | 4.92 Gb Available in Paging File | 82.85% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 231.42 Gb Total Space | 155.33 Gb Free Space | 67.12% Space Free | Partition Type: NTFS
    Drive D: | 2.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 1.91 Gb Total Space | 1.89 Gb Free Space | 98.77% Space Free | Partition Type: FAT

    Computer Name: ODIE-LAPTOP | User Name: Odie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Odie\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    PRC - C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
    PRC - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
    PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
    PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
    PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
    PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
    PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
    PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
    PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files\Common Files\AOL\1231115655\ee\aolsoftware.exe (AOL LLC)
    PRC - C:\Program Files\NetZero\exec.exe (NetZero, Inc.)
    PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
    PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
    PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
    PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
    PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)
    PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
    MOD - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll ()
    MOD - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll ()
    MOD - C:\Program Files\Toshiba\FlashCards\BlackPng.dll ()
    MOD - C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll ()
    MOD - C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll ()
    MOD - C:\Program Files\Toshiba\TBS\NotifyTBS.dll ()
    MOD - C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll ()
    MOD - C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
    SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
    SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
    SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
    SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
    SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
    SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
    SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
    SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
    SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
    SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
    SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
    SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (easytether) -- C:\Windows\System32\drivers\easytthr.sys (Mobile Stream)
    DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
    DRV - (pneteth) -- C:\Windows\System32\drivers\pneteth.sys (June Fabrics Technology Inc.)
    DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
    DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)
    DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
    DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
    DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
    DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
    DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
    DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
    DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
    DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
    DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
    DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
    DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
    DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
    DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
    DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
    DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
    DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
    DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
    DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/21 22:08:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 07:07:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/03/26 15:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Odie\AppData\Roaming\Mozilla\Extensions
    [2011/09/24 16:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/05/06 19:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/05/06 19:09:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    [2011/09/24 16:51:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2012/01/21 22:08:53 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2011/05/02 06:44:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/03/18 11:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    Hosts file not found
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1231115655\ee\aolsoftware.exe (AOL LLC)
    O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKCU..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
    O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    O4 - HKCU..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe (NetZero, Inc.)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - Startup: C:\Users\Odie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (United Online, Inc.)
    O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (United Online, Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKCU\..Trusted Domains: myspace.com ([home] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21D5FA56-C953-4D5A-8C38-4C6A8A5CD3E8}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ACDFDF8-2820-462C-91D7-FEA3C4FE6F98}: DhcpNameServer = 8.8.8.8 8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF760607-1879-4406-AC47-128752A558DA}: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Odie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Odie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{3a7ede5e-3540-11df-8164-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{3a7ede5e-3540-11df-8164-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/27 21:29:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.scr
    [2012/01/27 21:29:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.exe
    [2012/01/27 21:29:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.com
    [2012/01/24 21:55:19 | 000,000,000 | --SD | C] -- C:\Aron24187A
    [2012/01/22 21:48:35 | 000,000,000 | --SD | C] -- C:\Aron7362A
    [2012/01/22 19:22:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/22 19:22:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/22 19:22:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/22 19:22:50 | 000,000,000 | --SD | C] -- C:\Aron
    [2012/01/22 19:22:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/22 19:19:17 | 004,388,509 | R--- | C] (Swearware) -- C:\Users\Odie\Desktop\Aron.exe
    [2012/01/22 18:37:41 | 000,000,000 | --SD | C] -- C:\Friday21376F
    [2012/01/22 15:01:18 | 000,000,000 | --SD | C] -- C:\Friday
    [2012/01/21 22:23:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/21 22:09:41 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/01/21 22:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/01/21 22:09:40 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/01/21 22:09:39 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/01/21 22:09:39 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2012/01/21 22:09:38 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/01/21 22:09:37 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/01/21 22:08:49 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/01/21 22:08:47 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/01/21 22:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/01/21 22:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/01/21 21:37:21 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Odie\Desktop\AppRemover.exe
    [2012/01/21 14:23:45 | 000,000,000 | R--D | C] -- C:\Users\Odie\Videos
    [2012/01/21 14:23:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Odie\Desktop\dds.scr
    [2012/01/21 12:18:31 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Roaming\Malwarebytes
    [2012/01/21 12:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/21 12:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/21 12:17:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/01/21 12:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/01/21 12:16:24 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Odie\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/14 23:44:21 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2012/01/14 23:39:01 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Local\MicrosoftNT
    [2012/01/14 21:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2012/01/14 21:12:28 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2012/01/14 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2012/01/14 21:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
    [2012/01/14 21:07:16 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Local\Microsoft Help
    [2012/01/14 21:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2012/01/14 21:06:39 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2011/12/31 23:07:47 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Roaming\HpUpdate
    [2011/12/31 23:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    [2011/12/31 23:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2011/12/31 23:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2011/12/31 23:02:57 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Local\HP
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/27 21:19:07 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/01/27 21:19:07 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/01/27 21:10:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/27 21:10:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/27 21:10:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/27 21:10:04 | 3082,813,440 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/27 21:10:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.scr
    [2012/01/27 21:09:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.com
    [2012/01/27 21:09:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.exe
    [2012/01/27 21:00:26 | 001,749,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/01/27 20:59:33 | 376,581,004 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/01/24 20:07:52 | 002,039,456 | ---- | M] () -- C:\Users\Odie\Desktop\tdsskiller.zip
    [2012/01/24 20:07:24 | 000,684,297 | ---- | M] () -- C:\Users\Odie\Desktop\unhide.exe
    [2012/01/22 19:19:16 | 004,388,509 | R--- | M] (Swearware) -- C:\Users\Odie\Desktop\Aron.exe
    [2012/01/22 13:57:00 | 000,294,400 | ---- | M] () -- C:\Users\Odie\Desktop\exeHelper.com
    [2012/01/22 13:53:40 | 001,008,141 | ---- | M] () -- C:\Users\Odie\Desktop\rkill.exe
    [2012/01/22 13:51:28 | 001,008,141 | ---- | M] () -- C:\Users\Odie\Desktop\rkill.scr
    [2012/01/22 13:50:14 | 001,008,141 | ---- | M] () -- C:\Users\Odie\Desktop\rkill.com
    [2012/01/21 22:09:41 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/01/21 22:09:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/01/21 22:06:34 | 064,207,032 | ---- | M] () -- C:\Users\Odie\Desktop\setup_av_free_cnet.exe
    [2012/01/21 21:38:10 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Odie\Desktop\AppRemover.exe
    [2012/01/21 14:21:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Odie\Desktop\dds.scr
    [2012/01/21 13:03:16 | 000,302,592 | ---- | M] () -- C:\Users\Odie\Desktop\ycow72iq.exe
    [2012/01/21 12:17:48 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/21 12:06:06 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Odie\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/15 08:44:35 | 000,001,356 | ---- | M] () -- C:\Users\Odie\AppData\Local\d3d9caps.dat
    [2012/01/15 08:31:24 | 000,000,640 | ---- | M] () -- C:\Users\Odie\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/15 07:13:25 | 000,000,464 | ---- | M] () -- C:\ProgramData\evfA91U0AmKF44
    [2012/01/15 07:11:38 | 000,000,280 | ---- | M] () -- C:\ProgramData\~evfA91U0AmKF44
    [2012/01/14 23:44:25 | 000,000,176 | ---- | M] () -- C:\ProgramData\~evfA91U0AmKF44r
    [2012/01/14 23:44:21 | 000,000,616 | ---- | M] () -- C:\Users\Odie\Desktop\System Check.lnk
    [2012/01/14 23:14:57 | 000,001,765 | ---- | M] () -- C:\Users\Odie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
    [2012/01/03 08:19:34 | 000,002,601 | ---- | M] () -- C:\Users\Odie\Desktop\Big Game Hunter 2005 Adventures.lnk
    [2011/12/31 23:03:31 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/27 21:10:04 | 3082,813,440 | -HS- | C] () -- C:\hiberfil.sys
    [2012/01/24 20:09:27 | 000,684,297 | ---- | C] () -- C:\Users\Odie\Desktop\unhide.exe
    [2012/01/24 20:09:21 | 002,039,456 | ---- | C] () -- C:\Users\Odie\Desktop\tdsskiller.zip
    [2012/01/22 19:22:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/22 19:22:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/22 19:22:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/22 19:22:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/22 19:22:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/22 13:56:57 | 000,294,400 | ---- | C] () -- C:\Users\Odie\Desktop\exeHelper.com
    [2012/01/22 13:53:21 | 001,008,141 | ---- | C] () -- C:\Users\Odie\Desktop\rkill.exe
    [2012/01/22 13:51:05 | 001,008,141 | ---- | C] () -- C:\Users\Odie\Desktop\rkill.scr
    [2012/01/22 13:49:48 | 001,008,141 | ---- | C] () -- C:\Users\Odie\Desktop\rkill.com
    [2012/01/21 22:09:41 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/01/21 22:03:43 | 064,207,032 | ---- | C] () -- C:\Users\Odie\Desktop\setup_av_free_cnet.exe
    [2012/01/21 14:03:46 | 000,302,592 | ---- | C] () -- C:\Users\Odie\Desktop\ycow72iq.exe
    [2012/01/21 12:17:48 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/15 08:31:24 | 000,000,640 | ---- | C] () -- C:\Users\Odie\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/14 23:44:25 | 000,000,176 | ---- | C] () -- C:\ProgramData\~evfA91U0AmKF44r
    [2012/01/14 23:44:24 | 000,000,280 | ---- | C] () -- C:\ProgramData\~evfA91U0AmKF44
    [2012/01/14 23:44:21 | 000,000,616 | ---- | C] () -- C:\Users\Odie\Desktop\System Check.lnk
    [2012/01/14 23:44:19 | 000,000,464 | ---- | C] () -- C:\ProgramData\evfA91U0AmKF44
    [2011/12/31 23:16:09 | 000,001,765 | ---- | C] () -- C:\Users\Odie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
    [2011/12/31 23:08:10 | 000,000,767 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2011/12/31 23:03:31 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2011/04/24 19:30:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/04/24 19:30:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/04/24 19:29:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2010/10/08 21:40:03 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2009/12/27 18:36:49 | 000,001,356 | ---- | C] () -- C:\Users\Odie\AppData\Local\d3d9caps.dat
    [2009/03/27 19:58:04 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
    [2009/01/01 22:01:21 | 000,000,026 | ---- | C] () -- C:\Windows\wininit.ini
    [2009/01/01 22:01:19 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
    [2009/01/01 21:25:20 | 000,000,866 | ---- | C] () -- C:\Windows\aolback.exe.lnk
    [2008/12/31 22:03:11 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
    [2008/12/27 12:54:46 | 000,000,082 | ---- | C] () -- C:\Windows\cosmimmbible.ini
    [2008/12/23 18:15:46 | 000,011,264 | ---- | C] () -- C:\Users\Odie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/23 17:31:32 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
    [2008/12/23 17:31:30 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
    [2008/10/24 15:55:02 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
    [2008/10/24 15:55:01 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
    [2008/10/24 15:55:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
    [2008/10/24 15:55:01 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
    [2008/10/24 15:28:54 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat
    [2008/10/24 15:28:54 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat
    [2008/10/24 15:28:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
    [2008/10/24 15:28:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2008/10/24 15:28:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
    [2008/10/24 15:28:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
    [2008/08/14 13:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2008/08/14 13:28:30 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2008/08/14 13:28:30 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2008/08/14 13:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2008/08/14 13:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2008/08/14 13:28:30 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2008/08/14 13:28:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2008/08/14 13:02:18 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
    [2008/06/12 19:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
    [2008/06/12 19:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2008/06/12 19:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2008/06/12 19:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
    [2008/04/24 19:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
    [2008/04/24 19:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
    [2008/04/24 19:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
    [2008/04/24 19:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
    [2008/04/24 19:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
    [2008/04/24 19:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
    [2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
    [2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 06:47:37 | 001,749,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 04:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 04:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

    ========== LOP Check ==========

    [2010/01/01 11:37:39 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\Canon
    [2009/01/06 21:30:59 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\OpenOffice.org
    [2009/03/29 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\TOSHIBA
    [2008/12/25 10:39:05 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\WildTangent
    [2011/04/24 19:14:21 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\WinBatch
    [2011/11/24 09:11:06 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\WTouch
    [2012/01/24 20:46:06 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: EXPLORER.EXE >
    [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < %systemroot%\*. /mp /s >

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\$NtUninstallKB2440$] -> -> Unknown point type

    < End of report >
  14. MagestiQ

    MagestiQ Newcomer, in training Topic Starter

    Extras


    OTL Extras logfile created on: 1/27/2012 9:35:37 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Odie\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 60.86% Memory free
    5.94 Gb Paging File | 4.92 Gb Available in Paging File | 82.85% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 231.42 Gb Total Space | 155.33 Gb Free Space | 67.12% Space Free | Partition Type: NTFS
    Drive D: | 2.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 1.91 Gb Total Space | 1.89 Gb Free Space | 98.77% Space Free | Partition Type: FAT

    Computer Name: ODIE-LAPTOP | User Name: Odie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00DEC55B-5EAB-419A-81C4-B1F4F57EA02B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1A1C106A-2A91-4CA1-BF69-81A1FABE7E52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{23A8C00C-4BC4-4670-9BD0-E4452AB1C7AF}" = rport=139 | protocol=6 | dir=out | app=system |
    "{240C0C7B-3BC6-4048-BD55-1AA084ADEFC5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{243B0568-90D0-43E4-BBA8-02966630655C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{2C77EAFF-3C45-4FA4-BDF8-6B2BDFD5530C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{316015BA-EF1A-4E01-853E-CF8F3023B496}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{38AF72CA-E4AB-4D0C-92D9-B5D7D3DF032F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{4B855171-75C1-4709-A14C-7C0967405264}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4EA811AA-E170-4D5E-99B7-603FC42816EE}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{5848BE5A-EDC5-4350-B3AA-4101B5D008E1}" = rport=138 | protocol=17 | dir=out | app=system |
    "{6FEFB116-9DA6-41DA-A3D1-7B38CACCBF82}" = rport=445 | protocol=6 | dir=out | app=system |
    "{7AC9E285-2C4C-4CB6-8E82-684D63596702}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8D87805C-7335-4B96-86CF-D4E9EE5539AA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{A198A307-E099-4D98-AAF1-9A1A4E2FED3E}" = lport=137 | protocol=17 | dir=in | app=system |
    "{A63BE048-FDDA-44BF-B131-F752173D94A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AA8E5642-C915-4FBA-8194-50DC13F001D6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C305FB02-BC0A-4B00-9FF9-A5C2FA6689A0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{C70A1B84-792C-4A37-87F2-01A3993D48E7}" = lport=445 | protocol=6 | dir=in | app=system |
    "{CAD3F985-4882-488D-B618-58326BE972EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CD4EC810-7F64-4B85-B1C8-4506AFA9341D}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D9DF645B-9C8F-45A6-8493-FA6DB626E86E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DADCE471-DD25-4060-BAC9-B5CED3F3BA6B}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{DB416C69-11E8-4B1D-A225-1E256D7C6763}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{EDC77788-0C4E-405E-A3D3-0C8488440817}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F2D978B7-C1A5-4FC0-BB38-BC29DB3AD499}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{F2FA51FA-E82A-4FDB-8AAC-EB0D0994AF04}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06968977-1F0D-424D-AF99-C26FE6E092DD}" = protocol=17 | dir=in | app=c:\program files\aol 9.1a\waol.exe |
    "{07FB08DD-C791-440C-9509-1CFED82F0514}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1231115655\ee\aolsoftware.exe |
    "{09B4A36F-378B-4103-8749-232DA98F40B4}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
    "{0D6D2E46-B900-470A-BAF1-B09DCC2CCCD7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{0F0525D5-F6DA-4CE9-B939-96DA7379003F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0FFD44DC-3BFE-4494-843B-316BBC3DA249}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |
    "{187984C9-5597-4B44-B390-F84BA80A5659}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{19B80962-D2B7-4047-A5D1-352865D490EF}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
    "{1ABA7C2E-7489-4AC0-9BB7-81A633B8AE3B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{1F881A52-BA4C-4E0D-8C0A-1F071B13B905}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{21FA244D-DEA3-463B-B16B-6908AEE4F69C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{239AC826-8AE2-4608-9100-A18A797E1625}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{273E3D96-D853-4A6C-AEEB-E09F4BE2F8B5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{2FC82488-EB8F-43A9-B625-C15B73F39F7B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{37E430F4-5480-440F-B2D7-D711B3DDB7C7}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\powercinema.exe |
    "{390E5DF6-A28E-4DC5-974B-53F061853FE6}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |
    "{39718945-F0DA-4F5A-BD0A-2DB2B1FB5E31}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3A606857-A557-4C46-B9F0-6124D2D99A73}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{4516BDE4-9613-4A5E-A87B-5CE0E7FF740E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{4B8CE37C-2507-4A5A-BBDC-FFFAE4423AC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5A36650E-F694-49DE-BF33-087DB1290E73}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{77DBCF85-A650-4E00-B351-7AF364693CE6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{83FE850E-2DB7-4128-8395-B13C08791566}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "{89998BE3-CD38-463F-A2CD-9675E1A3C0E8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "{9AC493E6-E100-46B3-8844-79B2B4C4537B}" = protocol=6 | dir=out | app=system |
    "{9CE99D9B-E384-4A2A-9AC0-406865357B24}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A380C858-FC27-4888-83E1-9E8905E8A698}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{AA883BEC-6207-4813-A74C-D50DACA106EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{AE02C1ED-1854-4794-BC27-A24F1A8368BE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{AE87CBDF-C7A6-4D36-89B5-E9764299ED33}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\pcmservice.exe |
    "{B432BE9B-F1ED-472C-B9ED-EF4D73CB85F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BC52F0C5-BE71-4908-AD0B-0019FE539A1C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{D8F9D8FE-4E3D-4504-AD11-F952FD7B30E8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1231115655\ee\aolsoftware.exe |
    "{DD8140EA-6FDB-4708-B073-48AF105AE509}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{DEB3B2B8-19CE-4D18-9960-914A1E2018BE}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
    "{E2FEACAE-B8CF-40C5-BA81-6DAD2611A47B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{E4E74711-AF2C-436D-B705-E6B341312173}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{ED1E343D-67E7-4546-862E-EABB5B94B570}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
    "{EE93936E-BF15-47CC-A6D4-DD2610D28E80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F80701EF-A584-4F6C-B435-7987707D0C1C}" = protocol=6 | dir=in | app=c:\program files\aol 9.1a\waol.exe |
    "{FC1EF4CA-3007-4821-8A01-51551717E0F2}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{FF319651-1113-41ED-8BDD-C4A71FDC5051}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{073C0C47-662A-4AEF-83A8-C599017612D6}" = HP Officejet Pro 8600 Product Improvement Study
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
    "{10173615-D9A7-4C50-A036-38CA89221708}" = HP Officejet Pro 8600 Help
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
    "{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
    "{271EBBA7-6162-48C4-9A56-42825C63CC8F}" = Cabela's Big Game Hunter 2005 Adventures
    "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero Internet
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73B52EA8-8A5C-4FF5-A9F2-1A0F3259C3D2}" = TOSHIBA Application Disc Creator
    "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
    "{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{9276EFE6-10FC-4B54-A68A-D5332B9A0ABA}" = HP Officejet Pro 8600 Basic Device Software
    "{934F5F1F-79EE-48C7-9CAE-7A70586A0D7F}" = Adobe Setup
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3FAE73B-4474-4A1D-A343-2FE248F05265}" = EasyTether
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{AD14F66C-EEC8-40EA-B5D7-421F524FC333}" = Adobe Creative Suite 3 Design Standard
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
    "{C5BD220A-EFE8-48A5-B70E-9503D535******" = Adobe WAS CS3
    "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
    "{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "{FB356619-7ECE-42BC-A28A-541973E29F28}" = TOSHIBA PowerCinema Helper
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_cc3de31c9bb4dd729259509c74a7512" = Add or Remove Adobe Creative Suite 3 Design Standard
    "AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
    "AOL Toolbar" = AOL Toolbar
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "AolCoach" = AOL Coach Version 1.0(Build:20020823.1)
    "avast" = avast! Free Antivirus
    "Canon CanoScan LiDE 100 User Registration" = Canon CanoScan LiDE 100 User Registration
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "Deluxe MM Bible" = Deluxe MM Bible
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
    "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "Pen Tablet Driver" = Bamboo
    "Picasa2" = Picasa 2
    "ProInst" = Intel PROSet Wireless
    "RealPlayer 6.0" = RealPlayer Basic
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
    "WildTangent toshiba Master Uninstall" = WildTangent Games
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/14/2012 11:28:09 PM | Computer Name = Odie-Laptop | Source = Office Software Protection Platform Service | ID = 1008
    Description = Acquisition of Secure Processor Certificate failed. hr=0x80072EE7

    Error - 1/15/2012 1:12:23 AM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 1/15/2012 9:08:39 AM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 1/15/2012 9:56:55 AM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 1/15/2012 10:00:29 AM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 1/15/2012 10:03:05 AM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 1/15/2012 10:29:15 AM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 1/15/2012 10:42:36 AM | Computer Name = Odie-Laptop | Source = EventSystem | ID = 4609
    Description =

    Error - 1/15/2012 10:43:31 AM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 1/15/2012 1:24:46 PM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7001
    Description =

    Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7001
    Description =

    Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7001
    Description =

    Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7001
    Description =

    Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7001
    Description =

    Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7001
    Description =

    Error - 1/27/2012 11:25:40 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/27/2012 11:25:40 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7001
    Description =


    < End of report >
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Not to worry about Recycle bin message. I can clear the Java cache. And if there are display problems, missing icons,, desktop, programs, etc. or if Startup is missing again, don't fret. Most of this is put out by the malware. and the cosmetic problems can be fixed. We just have to go step by step.
    Half of the main job of this malware is to convince you that everything has gone bad and that you need to allow their program to fix the problem. The other half is to 'hide' or change files.
    ============================
    Okay, I have some questions:

    1. OTL directions gave 3 links and the Note: You just need one. Sometimes the file extension gets blocked. All 3 versions are on the system. Did you have to download all three to get one to run?

    2. You have Directories set up on the C Drive and the executable as follows:
    | --SD | C] -- C:\Aron24187A
    | --SD | C] -- C:\Aron7362A
    | --SD | C] -- C:\Aron
    C:\Users\Odie\Desktop\Aron.exe

    Do you know what this is?

    3. You have several outdated programs on the system. They are all vulnerabilities and you will get malware:
    ------------------------
    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download.

    Please update Java: Java Updates . Uninstall Java v6u24, v6u25 and v6u26 in Add/Remove Programs.

    Please update the Adobe Reader: Adobe Reader Update Uninstall Adobe Reader v8.5 in Add/Remove Programs.

    4. Please search your system for this: C:\QooBox\ComboFix-quarantined-files.txt
    OTL indicates there is a Qoobox from Combofix. If you find it, please paste in next reply.

    5. There is an error as follows:
    Error - 1/14/2012 11:28:09 PM | Computer Name = Odie-Laptop | Source = Office Software Protection Platform Service | ID = 1008
    Description = Acquisition of Secure Processor Certificate failed. hr=0x80072EE7

    And following that: There are several errors for both System and Apps with the descriptions missing:
    Error - 1/15/2012 1:24:46 PM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
    Description = ??????

    It appears that the Activation on your OS failed: Please run the following:
    Please run the MGA Diagnostics tool
    • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
    • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
    • You must choose to Run this tool when prompted.
    • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
    • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
    • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
    • Please return to this thread and Paste the results here for review.
    ------------------------------------------
    This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

    1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
    2. Does it read "OEM Software" or "OEM Product" in black lettering?
    3. Or, does it have the computer manufacturer's name in black lettering?
    4. DO NOT post the Product Key.

    NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
  16. MagestiQ

    MagestiQ Newcomer, in training Topic Starter

    Well...

    1. I have been transferring all the downloads to the infected PC via jump drive, so I grabbed all the OTL files at once and pulled them over together. The first OTL that I clicked ran without a glitch.

    2. During my many attempts to get ComboFix to run, I began naming it "Aron.exe".

    3. Uninstalled older versions of java and acrobat... installed current versions of both

    4. I can't find the .txt file that you listed. There is a .txt file under C:\QooBox\Quarantine\catchme.log ... which I'm pretty sure isn't what you want... it is just four dates and times.

    5. MGA tool ran successfully... log below


    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-*****-*****-*****
    Windows Product Key Hash: *****************/********=
    Windows Product ID: 89578-OEM-7332157-00237
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {F945F678-77DA-46B3-87E3-B0DC5148DFE3}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.111025-0338
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{F945F678-77DA-46B3-87E3-B0DC5148DFE3}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-1235594767-156515733-2245494932</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite A305</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>1.50</Version><SMBIOSVersion major="2" minor="4"/><Date>20080821000000.000000+000</Date></BIOS><HWID>2E313507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005
    Name: Windows(TM) Vista, HomePremium edition
    Description: Windows Operating System - Vista, OEM_SLP channel
    Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 89578-00146-321-500237-02-1033-6001.0000-3582008
    Installation ID: 017542751752733564748644738700877862718922749714282721
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
    Product Key Certificate URL:
    Partial Product Key:
    License Status: Licensed

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: PAAAAAEABAABAAIAAQABAAAABQABAAEAeqiKbCpJ3p0uqdRUMAYGlvTROgzy9PIuKDC2GIJsrFZMASqF

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC TOSINV TOSINV00
    FACP TOSINV TOSINV00
    HPET TOSINV TOSINV00
    BOOT TOSINV TOSINV00
    MCFG TOSINV TOSINV00
    ASF! TOSINV TOSINV00
    SLIC TOSINV TOSINV00
    SSDT PmRef CpuPm
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Sounds like you got a lot done!

    About this: 2. During my many attempts to get ComboFix to run, I began naming it "Aron.exe". So all of the Directories are for Combofix?

    Keep in mind that when you give the uninstall Command for Combofix, it's not going to look for Aron or Friday or any variation of them. I'm going to try to remove them all through OTL, but please make sure all of the 'renamed' Combofix directories are gone. If any remain, go to Local drive and do a Right click> Delete. Check Add/Remove Programs for the original Combofix download- if it's there, please uninstall from there.
    ========================================
    Please go ahead and run the following. There is a lot of text so be sure you copy/paste all.
    OTL Custom Scan Fixes
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
      Code:
      :OTL
      [2011/05/06 19:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
      [2011/05/06 19:09:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
      [2011/09/24 16:51:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-
      O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
      O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
      O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
      O15 - HKCU\..Trusted Domains: myspace.com ([home] http in Trusted sites)
      O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
      O33 - MountPoints2\{3a7ede5e-3540-11df-8164-00038a000015}\Shell - "" = AutoRun
      O33 - MountPoints2\{3a7ede5e-3540-11df-8164-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
      [2012/01/24 21:55:19 | 000,000,000 | --SD | C] -- C:\Aron24187A
      [2012/01/22 21:48:35 | 000,000,000 | --SD | C] -- C:\Aron7362A
      [2012/01/22 19:22:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
      [2012/01/22 19:22:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
      [2012/01/22 19:22:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
      [2012/01/22 19:22:50 | 000,000,000 | --SD | C] -- C:\Aron
      [2012/01/22 19:22:48 | 000,000,000 | ---D | C] -- C:\Qoobox
      [2012/01/22 19:19:17 | 004,388,509 | R--- | C] (Swearware) -- C:\Users\Odie\Desktop\Aron.exe
      [2012/01/22 18:37:41 | 000,000,000 | --SD | C] -- C:\Friday21376F
      [2012/01/22 15:01:18 | 000,000,000 | --SD | C] -- C:\Friday
      [2012/01/15 08:31:24 | 000,000,640 | ---- | M] () -- C:\Users\Odie\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
      [2012/01/15 07:13:25 | 000,000,464 | ---- | M] () -- C:\ProgramData\evfA91U0AmKF44
      [2012/01/15 07:11:38 | 000,000,280 | ---- | M] () -- C:\ProgramData\~evfA91U0AmKF44
      [2012/01/14 23:44:25 | 000,000,176 | ---- | M] () -- C:\ProgramData\~evfA91U0AmKF44r
      [2012/01/14 23:44:21 | 000,000,616 | ---- | M] () -- C:\Users\Odie\Desktop\System Check.lnk
      [2012/01/21 14:03:46 | 000,302,592 | ---- | C] () -- C:\Users\Odie\Desktop\ycow72iq.exe
      [C:\Windows\$NtUninstallKB2440$] -> -> Unknown point type
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      helpfile [open] -- Reg Error: Key error.
      regfile [merge] -- Reg Error: Key error.
      txtfile [edit] -- Reg Error: Key error.
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [emptyjava]
      [resethosts]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    =====================================================
  18. MagestiQ

    MagestiQ Newcomer, in training Topic Starter

    So after running OTL with the custom fix that I copied from your post... I saw that the directories were still there. So I right-clicked and hit delete, and that is when it said that it was trying to recycle my C drive. I cancelled and that's when I saw the recycle bin is corrupt message again... it hadn't been coming up while I was doing anything else.

    Also, the first txt log that was produced by OTL after your custom fix said over and over "unable to interpret:error" but there were a lot of other things in there as well. should i retry and post that log as well?



    Here is the Log that was produced after the reboot and quickscan.



    OTL logfile created on: 2/4/2012 4:38:40 PM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Odie\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 66.05% Memory free
    5.94 Gb Paging File | 5.00 Gb Available in Paging File | 84.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 231.42 Gb Total Space | 151.76 Gb Free Space | 65.58% Space Free | Partition Type: NTFS
    Drive D: | 2.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 1.91 Gb Total Space | 1.89 Gb Free Space | 98.66% Space Free | Partition Type: FAT

    Computer Name: ODIE-LAPTOP | User Name: Odie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Odie\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    PRC - C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
    PRC - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
    PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
    PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
    PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
    PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
    PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
    PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files\Common Files\AOL\1231115655\ee\aolsoftware.exe (AOL LLC)
    PRC - C:\Program Files\NetZero\exec.exe (NetZero, Inc.)
    PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
    PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
    PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
    PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
    PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)
    PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
    MOD - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll ()
    MOD - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll ()
    MOD - C:\Program Files\Toshiba\FlashCards\BlackPng.dll ()
    MOD - C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll ()
    MOD - C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll ()
    MOD - C:\Program Files\Toshiba\TBS\NotifyTBS.dll ()
    MOD - C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll ()
    MOD - C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
    SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
    SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
    SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
    SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
    SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
    SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
    SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
    SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
    SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
    SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
    SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
    SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (easytether) -- C:\Windows\System32\drivers\easytthr.sys (Mobile Stream)
    DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
    DRV - (pneteth) -- C:\Windows\System32\drivers\pneteth.sys (June Fabrics Technology Inc.)
    DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
    DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)
    DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
    DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
    DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
    DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
    DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
    DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
    DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
    DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
    DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
    DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
    DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
    DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
    DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
    DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
    DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
    DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
    DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
    DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/21 22:08:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 07:07:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/03/26 15:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Odie\AppData\Roaming\Mozilla\Extensions
    [2012/02/01 01:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/05/06 19:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/05/06 19:09:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    [2012/02/01 01:52:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    [2012/01/21 22:08:53 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/05/02 06:44:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/03/18 11:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    Hosts file not found
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1231115655\ee\aolsoftware.exe (AOL LLC)
    O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKCU..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
    O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    O4 - HKCU..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe (NetZero, Inc.)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - Startup: C:\Users\Odie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (United Online, Inc.)
    O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (United Online, Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKCU\..Trusted Domains: myspace.com ([home] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21D5FA56-C953-4D5A-8C38-4C6A8A5CD3E8}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ACDFDF8-2820-462C-91D7-FEA3C4FE6F98}: DhcpNameServer = 8.8.8.8 8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF760607-1879-4406-AC47-128752A558DA}: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Odie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Odie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{3a7ede5e-3540-11df-8164-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{3a7ede5e-3540-11df-8164-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/04 16:28:54 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/02/01 02:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2012/02/01 01:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/01/31 20:59:59 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
    [2012/01/31 20:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
    [2012/01/27 22:21:52 | 000,000,000 | --SD | C] -- C:\Aron2396A
    [2012/01/27 21:29:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.scr
    [2012/01/27 21:29:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.exe
    [2012/01/27 21:29:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.com
    [2012/01/24 21:55:19 | 000,000,000 | --SD | C] -- C:\Aron24187A
    [2012/01/22 21:48:35 | 000,000,000 | --SD | C] -- C:\Aron7362A
    [2012/01/22 19:22:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/22 19:22:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/22 19:22:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/22 19:22:50 | 000,000,000 | --SD | C] -- C:\Aron
    [2012/01/22 19:22:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/22 19:19:17 | 004,388,509 | R--- | C] (Swearware) -- C:\Users\Odie\Desktop\Aron.exe
    [2012/01/22 18:37:41 | 000,000,000 | --SD | C] -- C:\Friday21376F
    [2012/01/22 15:01:18 | 000,000,000 | --SD | C] -- C:\Friday
    [2012/01/21 22:23:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/21 22:09:41 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/01/21 22:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/01/21 22:09:40 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/01/21 22:09:39 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/01/21 22:09:39 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2012/01/21 22:09:38 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/01/21 22:09:37 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/01/21 22:08:49 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/01/21 22:08:47 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/01/21 22:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/01/21 22:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/01/21 21:37:21 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Odie\Desktop\AppRemover.exe
    [2012/01/21 14:23:45 | 000,000,000 | R--D | C] -- C:\Users\Odie\Videos
    [2012/01/21 14:23:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Odie\Desktop\dds.scr
    [2012/01/21 12:18:31 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Roaming\Malwarebytes
    [2012/01/21 12:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/21 12:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/21 12:17:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/01/21 12:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/01/21 12:16:24 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Odie\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/14 23:44:21 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2012/01/14 23:39:01 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Local\MicrosoftNT
    [2012/01/14 21:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2012/01/14 21:12:28 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2012/01/14 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2012/01/14 21:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
    [2012/01/14 21:07:16 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Local\Microsoft Help
    [2012/01/14 21:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2012/01/14 21:06:39 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/04 16:39:22 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/02/04 16:39:22 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/02/04 16:32:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/04 16:32:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/04 16:32:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/04 16:32:10 | 3082,813,440 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/04 16:17:35 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
    [2012/02/01 02:26:10 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/01/31 20:11:35 | 001,749,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/01/27 21:10:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.scr
    [2012/01/27 21:09:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.com
    [2012/01/27 21:09:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.exe
    [2012/01/27 20:59:33 | 376,581,004 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/01/24 20:07:52 | 002,039,456 | ---- | M] () -- C:\Users\Odie\Desktop\tdsskiller.zip
    [2012/01/24 20:07:24 | 000,684,297 | ---- | M] () -- C:\Users\Odie\Desktop\unhide.exe
    [2012/01/22 19:19:16 | 004,388,509 | R--- | M] (Swearware) -- C:\Users\Odie\Desktop\Aron.exe
    [2012/01/22 13:57:00 | 000,294,400 | ---- | M] () -- C:\Users\Odie\Desktop\exeHelper.com
    [2012/01/22 13:53:40 | 001,008,141 | ---- | M] () -- C:\Users\Odie\Desktop\rkill.exe
    [2012/01/22 13:51:28 | 001,008,141 | ---- | M] () -- C:\Users\Odie\Desktop\rkill.scr
    [2012/01/22 13:50:14 | 001,008,141 | ---- | M] () -- C:\Users\Odie\Desktop\rkill.com
    [2012/01/21 22:09:41 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/01/21 22:09:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/01/21 22:06:34 | 064,207,032 | ---- | M] () -- C:\Users\Odie\Desktop\setup_av_free_cnet.exe
    [2012/01/21 21:38:10 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Odie\Desktop\AppRemover.exe
    [2012/01/21 14:21:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Odie\Desktop\dds.scr
    [2012/01/21 13:03:16 | 000,302,592 | ---- | M] () -- C:\Users\Odie\Desktop\ycow72iq.exe
    [2012/01/21 12:17:48 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/21 12:06:06 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Odie\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/15 08:44:35 | 000,001,356 | ---- | M] () -- C:\Users\Odie\AppData\Local\d3d9caps.dat
    [2012/01/15 08:31:24 | 000,000,640 | ---- | M] () -- C:\Users\Odie\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/15 07:13:25 | 000,000,464 | ---- | M] () -- C:\ProgramData\evfA91U0AmKF44
    [2012/01/15 07:11:38 | 000,000,280 | ---- | M] () -- C:\ProgramData\~evfA91U0AmKF44
    [2012/01/14 23:44:25 | 000,000,176 | ---- | M] () -- C:\ProgramData\~evfA91U0AmKF44r
    [2012/01/14 23:44:21 | 000,000,616 | ---- | M] () -- C:\Users\Odie\Desktop\System Check.lnk
    [2012/01/14 23:14:57 | 000,001,765 | ---- | M] () -- C:\Users\Odie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/04 16:17:35 | 000,000,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
    [2012/02/04 16:17:35 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
    [2012/02/01 02:26:10 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/02/01 02:26:10 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2012/01/27 21:10:04 | 3082,813,440 | -HS- | C] () -- C:\hiberfil.sys
    [2012/01/24 20:09:27 | 000,684,297 | ---- | C] () -- C:\Users\Odie\Desktop\unhide.exe
    [2012/01/24 20:09:21 | 002,039,456 | ---- | C] () -- C:\Users\Odie\Desktop\tdsskiller.zip
    [2012/01/22 19:22:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/22 19:22:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/22 19:22:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/22 19:22:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/22 19:22:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/22 13:56:57 | 000,294,400 | ---- | C] () -- C:\Users\Odie\Desktop\exeHelper.com
    [2012/01/22 13:53:21 | 001,008,141 | ---- | C] () -- C:\Users\Odie\Desktop\rkill.exe
    [2012/01/22 13:51:05 | 001,008,141 | ---- | C] () -- C:\Users\Odie\Desktop\rkill.scr
    [2012/01/22 13:49:48 | 001,008,141 | ---- | C] () -- C:\Users\Odie\Desktop\rkill.com
    [2012/01/21 22:09:41 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/01/21 22:03:43 | 064,207,032 | ---- | C] () -- C:\Users\Odie\Desktop\setup_av_free_cnet.exe
    [2012/01/21 14:03:46 | 000,302,592 | ---- | C] () -- C:\Users\Odie\Desktop\ycow72iq.exe
    [2012/01/21 12:17:48 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/15 08:31:24 | 000,000,640 | ---- | C] () -- C:\Users\Odie\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/14 23:44:25 | 000,000,176 | ---- | C] () -- C:\ProgramData\~evfA91U0AmKF44r
    [2012/01/14 23:44:24 | 000,000,280 | ---- | C] () -- C:\ProgramData\~evfA91U0AmKF44
    [2012/01/14 23:44:21 | 000,000,616 | ---- | C] () -- C:\Users\Odie\Desktop\System Check.lnk
    [2012/01/14 23:44:19 | 000,000,464 | ---- | C] () -- C:\ProgramData\evfA91U0AmKF44
    [2011/12/31 23:03:31 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2011/04/24 19:30:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/04/24 19:30:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/04/24 19:29:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2010/10/08 21:40:03 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2009/12/27 18:36:49 | 000,001,356 | ---- | C] () -- C:\Users\Odie\AppData\Local\d3d9caps.dat
    [2009/03/27 19:58:04 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
    [2009/01/01 22:01:21 | 000,000,026 | ---- | C] () -- C:\Windows\wininit.ini
    [2009/01/01 22:01:19 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
    [2009/01/01 21:25:20 | 000,000,866 | ---- | C] () -- C:\Windows\aolback.exe.lnk
    [2008/12/31 22:03:11 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
    [2008/12/27 12:54:46 | 000,000,082 | ---- | C] () -- C:\Windows\cosmimmbible.ini
    [2008/12/23 18:15:46 | 000,011,264 | ---- | C] () -- C:\Users\Odie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/23 17:31:32 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
    [2008/12/23 17:31:30 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
    [2008/10/24 15:55:02 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
    [2008/10/24 15:55:01 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
    [2008/10/24 15:55:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
    [2008/10/24 15:55:01 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
    [2008/10/24 15:28:54 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat
    [2008/10/24 15:28:54 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat
    [2008/10/24 15:28:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
    [2008/10/24 15:28:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2008/10/24 15:28:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
    [2008/10/24 15:28:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
    [2008/08/14 13:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2008/08/14 13:28:30 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2008/08/14 13:28:30 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2008/08/14 13:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2008/08/14 13:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2008/08/14 13:28:30 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2008/08/14 13:28:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2008/08/14 13:02:18 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
    [2008/06/12 19:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
    [2008/06/12 19:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2008/06/12 19:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2008/06/12 19:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
    [2008/04/24 19:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
    [2008/04/24 19:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
    [2008/04/24 19:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
    [2008/04/24 19:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
    [2008/04/24 19:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
    [2008/04/24 19:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
    [2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
    [2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 06:47:37 | 001,749,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 04:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 04:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

    ========== LOP Check ==========

    [2010/01/01 11:37:39 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\Canon
    [2009/01/06 21:30:59 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\OpenOffice.org
    [2009/03/29 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\TOSHIBA
    [2008/12/25 10:39:05 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\WildTangent
    [2011/04/24 19:14:21 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\WinBatch
    [2011/11/24 09:11:06 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\WTouch
    [2012/02/04 16:31:01 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
  19. MagestiQ

    MagestiQ Newcomer, in training Topic Starter

    Bobbye? You out there?
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Yes, I'm here. I was offline Wednesday and Thursday- I thought I had sent a message to all my members with an open thread. Now I'm trying to catch up.

    Please clarify this for me> you did not or could not run the OTL Fix I set up?
    And you deleted some files on your own?
  21. MagestiQ

    MagestiQ Newcomer, in training Topic Starter

    I did run the OTL Fix... but I believe that I did something wrong... I copied and pasted all the text that you posted... but the log that showed up gave me the impression that it was unsuccessful.

    And I tried to delete the Combofix directories but that is when it said that it was sending my C drive to the recycle bin. So I didn't actually delete anything.
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, try using the Combofix uninstall first:

    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]

    Use Windows Explorer to access Computer> Local Drive (C)> Programs, Find the Combofix folder and o right click> Delete.. Do the right click? Delete on any other entries you see for Combofix.

    There is no reason that doing this will remove the Local Drive. Remember- you have a rogue program that is giving you false Alerts and 'critical system' messages. We have to remove these bad entries.
    =========================================
    Please help me clarify some issues:
    1. You are running the following for NetZero
    C:\Program Files\NetZero\exec.exe >> this is listed twice
    C:\Program Files\NetZero\exec.exe
    uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
    IE: Display All Images with Full Quality - "c:\program files\netzero\qsacc\appres.dll/228"
    IE: Display Image with Full Quality - "c:\program files\netzero\qsacc\appres.dll/227"

    Trusted Zone: netzero.com
    Trusted Zone: netzero.net

    Search term NetZero.com brings up http://www.netzero.net/
    Search term NetZero.net brings up http://www.netzero.net/

    2. The system is configured to use the Google Public DNS IP addresses. The Google Public DNS IP addresses (IPv4) are as follows: 8.8.8.8; 8.8.4.4. The Google Public DNS IPv6 addresses are as ..When you use Google Public DNS, you are changing your DNS "switchboard" operator from your ISP to Google Public DNS.

    3. There are also processes for the following:
    NETw5v32.sys Intel® Wireless WiFi Link Driver.
    PdaNet Broadband Adapter Drive
    Mobile stream EasyTether shares your Android smartphone connection with your PC
    Wacom interactive pen

    So I'm wondering just how and what you are connecting?
    ======================================
    4. The Install Date is 10/24/2008 , but here are no system restore points, no SP for Vista updates, no security updates.

    Let's check the system:
    Please run the MGA Diagnostics tool
    • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
    • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
    • You must choose to Run this tool when prompted.
    • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
    • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
    • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
    • Please return to this thread and Paste the results here for review.
    ------------------------------------------
    NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.

    Please post results and answers in next reply.
  23. MagestiQ

    MagestiQ Newcomer, in training Topic Starter

    I ran the Combofix /unistall, and it couldn't find any Combofix files to run, so I deleted the "Aron" directory. I didn't see any directories for Combofix either.

    The laptop belongs to my dad and he uses AOL and Mobile Stream Easy Tether to connect to the internet (mostly easy tether). I thought he had uninstalled PDANet.

    I have a wireless router and that is how I am trying to connect to the internet currently. It is not successfully connecting to my router. (it has before... several times)

    Netzero came on the laptop and he thought that he might want to give it a try sometime, he never did.

    And the Wacom Interactive Pen is used with Photoshop.

    I didn't configure the DNS to use the Google public DNS, unless Easy Tether did that when we installed it.

    I ran the MGA Tool and it completed but it won't let me copy the results. It states that it "failed to create output files, hr=0x00706b5. Please Contact Support". It did say that the validation status was Genuine.

    I don't know if you are looking for something new, but I did run the MGA Tool before and successfully posted that Log previously, I don't think that we have made any significant changes since I posted that log.
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Everything I asked you about in my Reply #22 is based on entries I saw in the logs. It appears there may be a conflict about the connection:

    Easytether is used to connect. But "I have a wireless router and that is how I am trying to connect to the internet currently. It is not successfully connecting to my router. (it has before... several times)"
    There is a pre installed Toshiba process running that launches the Config. Free application which helps in finding and connecting to wireless networks.
    C:\Program Files\Toshiba\ConfigFree

    The system is configured to use the Google Public DNS IP addresses.
    Net Zero is running

    There are no System Restore points and no Windows Security updates although the Install Date for the OS is 10/24/2008.

    From OTL:
    Error - 1/14/2012 11:28:09 PM | Computer Name = Odie-Laptop | Source = Office Software Protection Platform Service | ID = 1008
    Description = Acquisition of Secure Processor Certificate failed. hr=0x80072EE7
    0x80072EE7 The server name or address could not be resolved.
    The Windows Activation was not successful>> see http://support.microsoft.com/kb/931276

    I did review the MGA DX report I had you run earlier. But I cannot identify the error of the current run: ""failed to create output files, hr=0x00706b5"

    Both Combofix and OTL have been unsuccessful in that the Combofix log is missing and the OTL fix won't work.

    My best advice for you is to do a reformat and reinstall> get this system cleared of all the unused processes, get it correctly validated and updated. Review all the different processes all running to do the same thing> connect- and decide which should be used and which should be removed.

    I am sorry I can't be encouraging on this- the system hasn't been maintained over the years and isn't going to run properly until the conflicts are resolved.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.