Inactive System Check on Vista

MagestiQ · Jan 21, 2012

I have a System check problem...

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Odie :: ODIE-LAPTOP [administrator]

Protection: Enabled

1/21/2012 12:20:23 PM
mbam-log-2012-01-21 (12-20-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186078
Time elapsed: 33 minute(s), 45 second(s)

Memory Processes Detected: 2
C:\ProgramData\iftoHJPGIwnKMJR.exe (Rogue.FakeHDD) -> 4252 -> Delete on reboot.
C:\ProgramData\evfA91U0AmKF44.exe (Rogue.FakeAlert) -> 4748 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|iftoHJPGIwnKMJR.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\iftoHJPGIwnKMJR.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|7I7U7W7YYVZB6JYUPHDDJXIRUACPNMN (Trojan.SpyEyes) -> Data: C:\Ex.CleanI\8948CD57A1A.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Ex.CleanI (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Files Detected: 8
C:\ProgramData\iftoHJPGIwnKMJR.exe (Rogue.FakeHDD) -> Delete on reboot.
C:\ProgramData\evfA91U0AmKF44.exe (Rogue.FakeAlert) -> Delete on reboot.
C:\$RECYCLE.BIN\S-1-5-21-1235594767-156515733-2245494932-1000\$R13N5TS.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1235594767-156515733-2245494932-1000\$RJXVQW0.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1235594767-156515733-2245494932-1000\$R30Z18R.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\Users\Odie\AppData\Local\MicrosoftNT\winserver.exe (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully.
C:\Users\Odie\Downloads\EpicPlaySetup.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Ex.CleanI\8948CD57A1A.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-21 14:17:31
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01
Running: ycow72iq.exe; Driver: C:\Users\Odie\AppData\Local\Temp\pxdirpow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\tdx \Device\Ip [9062BE58] \SystemRoot\system32\DRIVERS\tdx.sys[.idata]
Device \Driver\tdx \Device\Tcp [9062BE58] \SystemRoot\system32\DRIVERS\tdx.sys[.idata]
Device \Driver\tdx \Device\Udp [9062BE58] \SystemRoot\system32\DRIVERS\tdx.sys[.idata]
Device \Driver\tdx \Device\RawIp [9062BE58] \SystemRoot\system32\DRIVERS\tdx.sys[.idata]

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

MagestiQ · Jan 21, 2012

DDS and Attach

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_26
Run by Odie at 14:23:45 on 2012-01-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1801 [GMT -6:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Common Files\AOL\1231115655\ee\aolsoftware.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\NetZero\exec.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EasyTether] "c:\program files\mobile stream\easytether\easytthr.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN19Q1R22Q05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [HostManager] c:\program files\common files\aol\1231115655\ee\AOLSoftware.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Skytel] Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Display All Images with Full Quality - "c:\program files\netzero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\netzero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
Trusted Zone: myspace.com\home
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{21D5FA56-C953-4D5A-8C38-4C6A8A5CD3E8} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3ACDFDF8-2820-462C-91D7-FEA3C4FE6F98} : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{FF760607-1879-4406-AC47-128752A558DA} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\odie\appdata\roaming\mozilla\firefox\profiles\oxz58ce6.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-27 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-27 27784]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-27 297752]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-21 652872]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2011-11-24 4497704]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-14 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2011-11-24 113448]
R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [2011-7-3 17296]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-21 20464]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2011-11-24 13480]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-3-26 13312]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-20 9216]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-11-24 16168]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-3-9 11520]
.
=============== Created Last 30 ================
.
2012-01-21 18:18:31 -------- d-----w- c:\users\odie\appdata\roaming\Malwarebytes
2012-01-21 18:17:44 -------- d-----w- c:\programdata\Malwarebytes
2012-01-21 18:17:42 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-21 18:17:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-15 17:58:43 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2012-01-15 17:58:40 471552 ----a-w- c:\windows\system32\secproc.dll
2012-01-15 17:58:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-01-15 17:58:18 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-01-15 17:58:16 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-01-15 17:58:15 518144 ----a-w- c:\windows\system32\RMActivate.exe
2012-01-15 17:58:14 332288 ----a-w- c:\windows\system32\msdrm.dll
2012-01-15 17:58:14 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-01-15 17:58:14 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-01-15 17:32:49 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-01-15 17:32:48 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-01-15 05:39:01 -------- d--h--w- c:\users\odie\appdata\local\MicrosoftNT
2012-01-15 03:12:28 -------- d-----w- c:\windows\PCHEALTH
2012-01-15 03:08:07 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-01-15 03:07:16 -------- d--h--w- c:\users\odie\appdata\local\Microsoft Help
2012-01-11 23:44:53 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-11 23:44:53 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-11 23:44:53 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-11 23:44:52 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 23:44:52 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-11 23:44:52 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-11 01:37:45 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 01:37:45 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 01:37:44 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 01:37:42 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 01:37:42 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 01:37:40 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 01:37:40 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-01 05:07:47 -------- d--h--w- c:\users\odie\appdata\roaming\HpUpdate
2012-01-01 05:07:40 544616 ------w- c:\windows\system32\HPDiscoPM5912.dll
2012-01-01 05:03:37 -------- d-----w- c:\program files\HP
2012-01-01 05:02:57 -------- d--h--w- c:\users\odie\appdata\local\HP
.
==================== Find3M ====================
.
2012-01-15 05:42:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 14:24:43.51 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/24/2008 4:09:37 PM
System Uptime: 1/21/2012 1:57:28 PM (1 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | CPU | 800/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 150.305 GiB free.
D: is CDROM (UDF)
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Add or Remove Adobe Creative Suite 3 Design Standard
Adobe Acrobat 8 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Standard
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Amazon Links
AOL Coach Version 1.0(Build:20020823.1)
AOL Mail and AIM Gadget
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 5.5
AVG Free 8.5
Bamboo
Bluetooth Stack for Windows by Toshiba
Cabela's Big Game Hunter 2005 Adventures
Camera Assistant Software for Toshiba
Canon CanoScan LiDE 100 User Registration
Canon MP Navigator EX 2.0
Canon Utilities Solution Menu
CanoScan LiDE 100 Scanner Driver
CD/DVD Drive Acoustic Silencer
CDDRV_Installer
CyberLink PowerCinema for TOSHIBA
Definition update for Microsoft Office 2010 (KB982726)
Deluxe MM Bible
Download Updater (AOL LLC)
DVD MovieFactory for TOSHIBA
EasyTether
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Update
I.R.I.S. OCR
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 6
Java(TM) 6 Update 7
KhalInstallWrapper
Logitech SetPoint
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mozilla Firefox 4.0 (x86 en-US)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetZero Internet
NetZero Internet Access Installer
OpenOffice.org 3.0
PDF Settings
Picasa 2
PMB
QuickBooks Financial Center
QuickTime
RealPlayer Basic
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
RTC Client API v1.2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Synaptics Pointing Device Driver
TOSHIBA Application Disc Creator
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA PowerCinema Helper
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Uninstall AOL Emergency Connect Utility 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Viewpoint Media Player
WebTablet IE Plugin
WebTablet Netscape Plugin
WildTangent Games
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
1/21/2012 2:01:18 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
1/21/2012 1:59:21 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Adobe PDF with shared resource name Adobe PDF. Error 1753. The printer cannot be used by others on the network.
1/21/2012 1:59:20 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet Pro 8600 (Network) with shared resource name HP Officejet Pro 8600 (Network). Error 1753. The printer cannot be used by others on the network.
1/21/2012 1:59:07 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/21/2012 1:59:07 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/21/2012 1:59:07 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/21/2012 1:58:44 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel ArcSoft-PhotoStudio-EventLog/Debug. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
1/21/2012 1:58:40 PM, Error: EventLog [6008] - The previous system shutdown at 1:48:23 PM on 1/21/2012 was unexpected.
1/21/2012 1:07:58 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet Pro 8600 (Network) with shared resource name HP Officejet Pro 8600 (Network). Error 2114. The printer cannot be used by others on the network.
1/21/2012 1:07:58 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Adobe PDF with shared resource name Adobe PDF. Error 2114. The printer cannot be used by others on the network.
1/15/2012 8:43:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 spldr Wanarpv6
1/15/2012 8:43:31 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/15/2012 8:42:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/15/2012 8:42:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/15/2012 8:42:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/15/2012 8:42:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/15/2012 8:42:30 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
1/15/2012 8:42:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/15/2012 8:42:05 AM, Error: EventLog [6008] - The previous system shutdown at 8:40:37 AM on 1/15/2012 was unexpected.
1/14/2012 9:24:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/14/2012 9:24:59 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/14/2012 9:17:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

MagestiQ · Jan 21, 2012

I do appreciate any and all help... thanks in advance.

Bobbye · Jan 21, 2012

Welcome to TechSpot! I'll be glad to help.

But I could do a better job of helping if I knew what was happening! There are several very active rogue malware program. There are some similar symptoms, some different and the fix for each is different.

IF you have System Check malware, you might be experiencing some or all of the following:

The 'alerts' tell you the problems have lead to corrupt and missing data

It will display false error messages and security warnings.

It "hides" Icons, desktop, programs and files so that they appear to be missing and some programs can't be run.

The malware is configured to automatically start when you logon to Windows.

It can also be started if you click on any of these alerts.

Note: You may not experience all of the above, but it is important to tell me what problems you do have.
========================================
Warning about Trojan.SpyEye
There were several entries infected with this malware.

Banks are facing more trouble from SpyEye, a piece of malicious software that steals money from people's online bank accounts... it can harvest credentials for online accounts and also initiate transactions as a person is logged into their account, literally making it possible to watch their bank balance drop by the second.

In its latest versions, SpyEye has been modified with new code designed to evade advanced systems banks have put in place to try and block fraudulent transactions, said Mickey Boodai, Trusteer's CEO.

I notice you have Quick Books on the system. Most likely you do some online banking with it. I strongly advise you to carefully monitor and financial transaction that you have online. Although the entries may have been removed, there is no way to confirm that the system hasn't been compromised. You should change all of your passwords- but understand if the information has already been accessed, this won't be of much help.
-------------------------------
1. You have no System Restore points.
2. You have several outdated versions of programs on the system that are all vulnerabilities:
Adobe Reader 8.1.2
Java(TM) 6 Update 26
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Mozilla Firefox 4.0 (x86 en-US)
You should verify that AVG Free 8.5 is still being supported.
3. The Install Date is 10/24/2008. Although SP2 is on the system, there are no Windows Security updates
4. Several infected entries that were removed are still in the Recycle Bin Please empty it.
========================================
I'm going to have you run Combofix. It will help to define the most prevalent rogue. Please understand that although entries can be removed, deleted or quarantines, I cannot assure you that the system has not already been compromised
-----------------------------
Download AppRemover and save to the desktop

Double click the setup on the desktop> click Next
Select “Remove Security Application”
Let scan finish to determine security apps
A screen like below will appear:
Click on Next after choice has been made
Check the AVG program you want to uninstall
After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

Double click combofix.exe

& follow the prompts.
If prompted for Recovery Console, please allow.
Once installed, you should see a blue screen prompt that says:
- The Recovery Console was successfully installed.[/b]
- Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
- Note: No query will be made if the Recovery Console is already on the system.
.Close/disable all anti virus and anti malware programs
(If you need help with this, please see HERE)
.Close any open browsers.
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
===================================
After I review the Combofix log, I will know better whether to try and continue or to recommend that you do a reformat and reinstall instead.

MagestiQ · Jan 21, 2012

Yes... I am seeing the error messages and my desktop is vacant, as well as my start bar and menu. I have had some issues with new tabs opening on their own. Once I ran Malwarebytes... AVG reported that I had a virus known as JS/Redir.

I am currently running through the steps you requested will post logs as soon as they are finished.

MagestiQ · Jan 22, 2012

Well it has been scanning for more than 30 min... should i just kill it and try running from safe mode?

MagestiQ · Jan 22, 2012

Well I guess it is a no go for a Combofix scan tonight.... I did try to run it in safe mode and it still hangs up at the scanning process. I'm shutting it down for tonight... I'll be back tomorrow.

Bobbye · Jan 22, 2012

Please use the Edit function when you want to add a few words. I get an email for every post you make.

NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to
friday.exe BEFORE saving it to your desktop.
Do NOT run it yet.
-------------------------------------
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 3 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.

Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
A black window should pop up, press any key to close once the fix is completed.
A log file called exehelperlog.txt will be created and should open at the end of the scan)
A copy of that log will also be saved in the directory where you ran exeHelper.com
Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

Rkill instructions
Once you've gotten one of them to run

immediately double click on friday.exe to run
If normal mode still doesn't work, run BOTH tools from safe mode.

In you have done #2, please post BOTH logs, rKill and Combofix.
======================================
If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners
============================================
See below. Do this if needed: Press Windows+R key> type cmd> OK

1. If your task manager is disabled,copy and run this command

Code:

Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr

Press Enter

2. If you're desktop is blank and unable to right click on it ,run this command

Code:

Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop[/b]

Press Enter
==============================
Please print out the following instructions. It is important that the order of the scan below be followed exactly. Please read through all of the instructions before you begin.
--------------------------
The following can be run first to allow you to 'see' the programs, files,etc. But it is important that you understand that this does not remove the malware, only the attribute to hide these features. So it is important that you continue with the cleaning:
1. Download Unhide.exe and save to the desktop.

Double-click on Unhide.exe icon to run the program.
This program will remove the +H, or hidden, attribute from all the files on your hard drives.

Note: This does not remove the malware- only the attribute that hides icons and programs. It is important that you continue.
================================
2. Boot into Safe Mode with Networking

Restart your computer and start pressing the F8 key on your keyboard.
Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, using your up/down arrows to reach it and then press ENTER.

=======================================
3. To end the processes that belong to the rogue program:
Please click on RKill

At the download page, click on Download now button for iExplore.exe download link and save to the desktop
Double click on the iExplore.exe icon
Please be patient- it may take a bit.
The black Window will close when through and you can continue.

Note: If you get a message that RKilll is malware, ignore it> it's from the malware.
=======================================
Do not reboot your computer after runningRKilll as the malware programs will start again.
================================
4. This malware frequently comes with the TDSSrootkit, so do the following:

Download the file TDSSKiller.zip and save to the desktop.
(If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
Double click on TDSSKiller.exe. to run the scan
When the scan is over, the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
Select the action Quarantine to quarantine detected objects.
The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43 Save log and post in next reply.
After clicking Next, the utility applies selected actions and outputs the result.
A reboot is required after disinfection.

====================================
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
5. Update and rescan with Malwarebytes:

Select Perform Full Scan on the Scanner tab
Click on the Scan button.
When scan has finished, you will see this image:
Click on OK to close box and continue.
Click on the Show Results button.
Click on the Remove Selected button to remove all the listed malware.
At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format>Uncheckk Word Wrap before copying the log to paste in your next reply.

==============================
6. Correct Display Changes if needed:
If the desktop background is black or if the theme has been removed:
For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
=====================================
7. Some items may not show on the Start menu. To add them back:

Right click on Start> Properties
Taskbar and Start Menu Properties screen appears
choose Start Menu tab> Click on Customize
For Windows XP> Choose Advanced tab
Check the items you want back on the Start Menu
When finished> click on OK> Apply and close.

====================================
You can now reboot back into Normal Mode.

Please leave all logs in next reply.

MagestiQ · Jan 23, 2012

Well I have spent all afternoon and night trying to get combofix to scan...I have tried everything that you said.... I was unclear whether to run rkill both before exehelper and again before combofix (or just run it once).... so I tried it both ways. I also tried uninstalling combofix and downloading a fresh one with a new name. no go. There were a few times that I tried to run combofix and right away it said that I needed administrator privileges to access these commands... but then it went straight on into trying to scan (which is where it stalls everytime without fail).

New information.....

When i run rkill I get some pop ups... one that says that my recycle bin is corrupt: would I like to empty it... and the other is a window that tells me what Safe mode is, like a windows help screen. I have had the one about the recycle bin pop up when I first start up in normal mode and again when I run rkill.

Also, neither firefox or internet explorer will pull up a web page.. I checked and the option for no proxy is marked.

I don't know what is running that might be interfering with combofix...(I'm referring to antivirus/malware) We uninstalled AVG and I turned off Avast and Malwarebytes. I checked the processes that were running and the ones that I recognized were not security programs (a little easier in Safe Mode where the options are fewer).

I don't know what I am doing wrong... aggravated and sleepy... I'll be back tomorrow evening, I hope that you have some magic up your sleeves.

Also, would TDSSrootkit cause some of the problems that i'm having? I didn't continue with your instructions because I understood them to be in a certain order... should I try them and then come back to Combofix?

Thanks again.

Bobbye · Jan 23, 2012

I don't know what is running that might be interfering with combofix.

Best bet is malware!
This is the order:
NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.> if this won't work, go to #2
2. Delete Combofix file, download fresh one, but rename combofix.exe to
friday.exe BEFORE saving it to your desktop.
Do NOT run it yet.
3. D/L and run RKill
Do not reboot
4. The D/L, Save and run exe.Helper
5. Now try running the Combofix named friday.exe
6. If Combofix still won/t run, boot into Safe Mode> rerun RKill & exe.halper
7. The try Combofix again, while still in Safe Mode.
If still no scan, stop. Go on to the 7 steps I left, beginning with Unhide.

MagestiQ · Jan 25, 2012

Well I re-traced my steps... started over (once again... no scan with combofix). I continued on with your instructions... didn't get unhide to finish, and tdsskiller didn't find any threats. Malwarebytes found one threat. so I tried to run rkill , exehelper and combofix again with no success.

Malwarebytes log

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19170
Odie :: ODIE-LAPTOP [administrator]

Protection: Disabled

1/24/2012 8:54:14 PM
mbam-log-2012-01-24 (20-54-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 367971
Time elapsed: 52 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Odie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\434fb426-33eac773 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/24/2012 at 21:53:46.
Operating System: Windows Vista (TM) Home Premium

Processes terminated by Rkill or while it was running:

Rkill completed on 01/24/2012 at 21:53:54.

exeHelper by Raktor
Build 20100414
Run at 14:03:16 on 01/22/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 18:36:57 on 01/22/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 19:22:07 on 01/22/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 21:46:56 on 01/22/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 19:12:09 on 01/24/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 21:54:34 on 01/24/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Bobbye · Jan 27, 2012

The process in Mbam is in the Java cache: This is usually because there is an outdated version of Java on the system:

Make sure the only version of Java is v6u30. If needed> Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
----------------------------------------
To clear the Java Plug-in cache:

[1]. Click Start > Control Panel.
[2]. Double-click the Java icon in the control panel.

The Java Control Panel appears.

[3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.

[4] Click Delete Files.The Delete Temporary Files dialog box appears.

[5]. Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
[6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
===================================

Download OTL from one of the links below and save it to your desktop.
OTL.exe
OTL.com
OTL.scr
You just need one. Sometimes the file extension gets blocked.

Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
Double click the OTL icon to run it.
The opened console will resemble this:
Set Output at the top to Minimal Output.
Check the boxes beside LOP Check and Purity Check.

Copy the entries in the Codebox below> Paste in the Custom Scan box.

Code:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
userinit.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
Make sure all other windows are closed and to let it run uninterrupted.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Logs in next reply please: 2 from OTL.
==================================
FYI: A lot of users are diagnosing their problem as System Check. There are several rogue malware programs currently that have some of the same or similar symptoms. But the 'fixes' are different so it's important for you to tell me specifically what problems you're having.

MagestiQ · Jan 28, 2012

Well as far as symptoms go... I had the same messages pop up telling me that I had all kinds of drive problems that I read from other posts. At the time that I first posted this thread I still had access to the internet on the infected computer. Not any more... the connection just keeps saying "Identifying" and it won't actually connect to the internet. I keep getting pop ups that say "The recycle bin is corrupt. Would you like to empty its contents?" This popup only shows itself... 1. when the computer boots up 2. when i run rkill and again when i run combofix. It changed my desktop and hid some of my menu items but I've since got them back... thanks to you.

Also, I uninstalled two of the older versions of Java... tried to update which of course didn't work. I also tried to clear out the cache... but I don't think that it worked.

Here is OTL

OTL logfile created on: 1/27/2012 9:35:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Odie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 60.86% Memory free
5.94 Gb Paging File | 4.92 Gb Available in Paging File | 82.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 155.33 Gb Free Space | 67.12% Space Free | Partition Type: NTFS
Drive D: | 2.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.91 Gb Total Space | 1.89 Gb Free Space | 98.77% Space Free | Partition Type: FAT

Computer Name: ODIE-LAPTOP | User Name: Odie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Odie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Common Files\AOL\1231115655\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\NetZero\exec.exe (NetZero, Inc.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\BlackPng.dll ()
MOD - C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\Toshiba\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll ()

========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (easytether) -- C:\Windows\System32\drivers\easytthr.sys (Mobile Stream)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (pneteth) -- C:\Windows\System32\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/21 22:08:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 07:07:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/03/26 15:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Odie\AppData\Roaming\Mozilla\Extensions
[2011/09/24 16:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/06 19:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/06 19:09:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/09/24 16:51:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/21 22:08:53 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/05/02 06:44:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 11:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1231115655\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe (NetZero, Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Odie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (United Online, Inc.)
O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (United Online, Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: myspace.com ([home] http in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21D5FA56-C953-4D5A-8C38-4C6A8A5CD3E8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ACDFDF8-2820-462C-91D7-FEA3C4FE6F98}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF760607-1879-4406-AC47-128752A558DA}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Odie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Odie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3a7ede5e-3540-11df-8164-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{3a7ede5e-3540-11df-8164-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/27 21:29:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.scr
[2012/01/27 21:29:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.exe
[2012/01/27 21:29:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.com
[2012/01/24 21:55:19 | 000,000,000 | --SD | C] -- C:\Aron24187A
[2012/01/22 21:48:35 | 000,000,000 | --SD | C] -- C:\Aron7362A
[2012/01/22 19:22:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/22 19:22:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/22 19:22:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/22 19:22:50 | 000,000,000 | --SD | C] -- C:\Aron
[2012/01/22 19:22:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/22 19:19:17 | 004,388,509 | R--- | C] (Swearware) -- C:\Users\Odie\Desktop\Aron.exe
[2012/01/22 18:37:41 | 000,000,000 | --SD | C] -- C:\Friday21376F
[2012/01/22 15:01:18 | 000,000,000 | --SD | C] -- C:\Friday
[2012/01/21 22:23:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/21 22:09:41 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/21 22:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/21 22:09:40 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/21 22:09:39 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/21 22:09:39 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/01/21 22:09:38 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/01/21 22:09:37 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/01/21 22:08:49 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/21 22:08:47 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/01/21 22:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/21 22:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/21 21:37:21 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Odie\Desktop\AppRemover.exe
[2012/01/21 14:23:45 | 000,000,000 | R--D | C] -- C:\Users\Odie\Videos
[2012/01/21 14:23:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Odie\Desktop\dds.scr
[2012/01/21 12:18:31 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Roaming\Malwarebytes
[2012/01/21 12:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/21 12:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/21 12:17:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/21 12:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/21 12:16:24 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Odie\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/14 23:44:21 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/14 23:39:01 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Local\MicrosoftNT
[2012/01/14 21:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/14 21:12:28 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/01/14 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/01/14 21:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/01/14 21:07:16 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Local\Microsoft Help
[2012/01/14 21:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/01/14 21:06:39 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/12/31 23:07:47 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Roaming\HpUpdate
[2011/12/31 23:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/12/31 23:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/12/31 23:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/12/31 23:02:57 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Local\HP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/27 21:19:07 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/27 21:19:07 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/27 21:10:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 21:10:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 21:10:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/27 21:10:04 | 3082,813,440 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/27 21:10:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.scr
[2012/01/27 21:09:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.com
[2012/01/27 21:09:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.exe
[2012/01/27 21:00:26 | 001,749,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/27 20:59:33 | 376,581,004 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/24 20:07:52 | 002,039,456 | ---- | M] () -- C:\Users\Odie\Desktop\tdsskiller.zip
[2012/01/24 20:07:24 | 000,684,297 | ---- | M] () -- C:\Users\Odie\Desktop\unhide.exe
[2012/01/22 19:19:16 | 004,388,509 | R--- | M] (Swearware) -- C:\Users\Odie\Desktop\Aron.exe
[2012/01/22 13:57:00 | 000,294,400 | ---- | M] () -- C:\Users\Odie\Desktop\exeHelper.com
[2012/01/22 13:53:40 | 001,008,141 | ---- | M] () -- C:\Users\Odie\Desktop\rkill.exe
[2012/01/22 13:51:28 | 001,008,141 | ---- | M] () -- C:\Users\Odie\Desktop\rkill.scr
[2012/01/22 13:50:14 | 001,008,141 | ---- | M] () -- C:\Users\Odie\Desktop\rkill.com
[2012/01/21 22:09:41 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/21 22:09:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/21 22:06:34 | 064,207,032 | ---- | M] () -- C:\Users\Odie\Desktop\setup_av_free_cnet.exe
[2012/01/21 21:38:10 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Odie\Desktop\AppRemover.exe
[2012/01/21 14:21:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Odie\Desktop\dds.scr
[2012/01/21 13:03:16 | 000,302,592 | ---- | M] () -- C:\Users\Odie\Desktop\ycow72iq.exe
[2012/01/21 12:17:48 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 12:06:06 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Odie\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/15 08:44:35 | 000,001,356 | ---- | M] () -- C:\Users\Odie\AppData\Local\d3d9caps.dat
[2012/01/15 08:31:24 | 000,000,640 | ---- | M] () -- C:\Users\Odie\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/15 07:13:25 | 000,000,464 | ---- | M] () -- C:\ProgramData\evfA91U0AmKF44
[2012/01/15 07:11:38 | 000,000,280 | ---- | M] () -- C:\ProgramData\~evfA91U0AmKF44
[2012/01/14 23:44:25 | 000,000,176 | ---- | M] () -- C:\ProgramData\~evfA91U0AmKF44r
[2012/01/14 23:44:21 | 000,000,616 | ---- | M] () -- C:\Users\Odie\Desktop\System Check.lnk
[2012/01/14 23:14:57 | 000,001,765 | ---- | M] () -- C:\Users\Odie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
[2012/01/03 08:19:34 | 000,002,601 | ---- | M] () -- C:\Users\Odie\Desktop\Big Game Hunter 2005 Adventures.lnk
[2011/12/31 23:03:31 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/27 21:10:04 | 3082,813,440 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/24 20:09:27 | 000,684,297 | ---- | C] () -- C:\Users\Odie\Desktop\unhide.exe
[2012/01/24 20:09:21 | 002,039,456 | ---- | C] () -- C:\Users\Odie\Desktop\tdsskiller.zip
[2012/01/22 19:22:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/22 19:22:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/22 19:22:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/22 19:22:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/22 19:22:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/22 13:56:57 | 000,294,400 | ---- | C] () -- C:\Users\Odie\Desktop\exeHelper.com
[2012/01/22 13:53:21 | 001,008,141 | ---- | C] () -- C:\Users\Odie\Desktop\rkill.exe
[2012/01/22 13:51:05 | 001,008,141 | ---- | C] () -- C:\Users\Odie\Desktop\rkill.scr
[2012/01/22 13:49:48 | 001,008,141 | ---- | C] () -- C:\Users\Odie\Desktop\rkill.com
[2012/01/21 22:09:41 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/21 22:03:43 | 064,207,032 | ---- | C] () -- C:\Users\Odie\Desktop\setup_av_free_cnet.exe
[2012/01/21 14:03:46 | 000,302,592 | ---- | C] () -- C:\Users\Odie\Desktop\ycow72iq.exe
[2012/01/21 12:17:48 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/15 08:31:24 | 000,000,640 | ---- | C] () -- C:\Users\Odie\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/14 23:44:25 | 000,000,176 | ---- | C] () -- C:\ProgramData\~evfA91U0AmKF44r
[2012/01/14 23:44:24 | 000,000,280 | ---- | C] () -- C:\ProgramData\~evfA91U0AmKF44
[2012/01/14 23:44:21 | 000,000,616 | ---- | C] () -- C:\Users\Odie\Desktop\System Check.lnk
[2012/01/14 23:44:19 | 000,000,464 | ---- | C] () -- C:\ProgramData\evfA91U0AmKF44
[2011/12/31 23:16:09 | 000,001,765 | ---- | C] () -- C:\Users\Odie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
[2011/12/31 23:08:10 | 000,000,767 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/12/31 23:03:31 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/04/24 19:30:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/04/24 19:30:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/04/24 19:29:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/10/08 21:40:03 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009/12/27 18:36:49 | 000,001,356 | ---- | C] () -- C:\Users\Odie\AppData\Local\d3d9caps.dat
[2009/03/27 19:58:04 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/01/01 22:01:21 | 000,000,026 | ---- | C] () -- C:\Windows\wininit.ini
[2009/01/01 22:01:19 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/01/01 21:25:20 | 000,000,866 | ---- | C] () -- C:\Windows\aolback.exe.lnk
[2008/12/31 22:03:11 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/12/27 12:54:46 | 000,000,082 | ---- | C] () -- C:\Windows\cosmimmbible.ini
[2008/12/23 18:15:46 | 000,011,264 | ---- | C] () -- C:\Users\Odie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/23 17:31:32 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/12/23 17:31:30 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/10/24 15:55:02 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/10/24 15:55:01 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/10/24 15:55:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/10/24 15:55:01 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/10/24 15:28:54 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat
[2008/10/24 15:28:54 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat
[2008/10/24 15:28:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/10/24 15:28:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/10/24 15:28:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/10/24 15:28:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/08/14 13:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/14 13:28:30 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/14 13:28:30 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/14 13:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/14 13:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/14 13:28:30 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/14 13:28:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/14 13:02:18 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/06/12 19:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 19:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/12 19:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/12 19:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/04/24 19:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 19:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 19:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 19:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 19:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 19:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 001,749,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/01/01 11:37:39 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\Canon
[2009/01/06 21:30:59 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\OpenOffice.org
[2009/03/29 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\TOSHIBA
[2008/12/25 10:39:05 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\WildTangent
[2011/04/24 19:14:21 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\WinBatch
[2011/11/24 09:11:06 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\WTouch
[2012/01/24 20:46:06 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB2440$] -> -> Unknown point type

< End of report >

MagestiQ · Jan 28, 2012

Extras

OTL Extras logfile created on: 1/27/2012 9:35:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Odie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 60.86% Memory free
5.94 Gb Paging File | 4.92 Gb Available in Paging File | 82.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 155.33 Gb Free Space | 67.12% Space Free | Partition Type: NTFS
Drive D: | 2.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.91 Gb Total Space | 1.89 Gb Free Space | 98.77% Space Free | Partition Type: FAT

Computer Name: ODIE-LAPTOP | User Name: Odie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DEC55B-5EAB-419A-81C4-B1F4F57EA02B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A1C106A-2A91-4CA1-BF69-81A1FABE7E52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23A8C00C-4BC4-4670-9BD0-E4452AB1C7AF}" = rport=139 | protocol=6 | dir=out | app=system |
"{240C0C7B-3BC6-4048-BD55-1AA084ADEFC5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{243B0568-90D0-43E4-BBA8-02966630655C}" = lport=138 | protocol=17 | dir=in | app=system |
"{2C77EAFF-3C45-4FA4-BDF8-6B2BDFD5530C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{316015BA-EF1A-4E01-853E-CF8F3023B496}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38AF72CA-E4AB-4D0C-92D9-B5D7D3DF032F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4B855171-75C1-4709-A14C-7C0967405264}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4EA811AA-E170-4D5E-99B7-603FC42816EE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5848BE5A-EDC5-4350-B3AA-4101B5D008E1}" = rport=138 | protocol=17 | dir=out | app=system |
"{6FEFB116-9DA6-41DA-A3D1-7B38CACCBF82}" = rport=445 | protocol=6 | dir=out | app=system |
"{7AC9E285-2C4C-4CB6-8E82-684D63596702}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D87805C-7335-4B96-86CF-D4E9EE5539AA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A198A307-E099-4D98-AAF1-9A1A4E2FED3E}" = lport=137 | protocol=17 | dir=in | app=system |
"{A63BE048-FDDA-44BF-B131-F752173D94A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA8E5642-C915-4FBA-8194-50DC13F001D6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C305FB02-BC0A-4B00-9FF9-A5C2FA6689A0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C70A1B84-792C-4A37-87F2-01A3993D48E7}" = lport=445 | protocol=6 | dir=in | app=system |
"{CAD3F985-4882-488D-B618-58326BE972EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD4EC810-7F64-4B85-B1C8-4506AFA9341D}" = lport=139 | protocol=6 | dir=in | app=system |
"{D9DF645B-9C8F-45A6-8493-FA6DB626E86E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DADCE471-DD25-4060-BAC9-B5CED3F3BA6B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DB416C69-11E8-4B1D-A225-1E256D7C6763}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EDC77788-0C4E-405E-A3D3-0C8488440817}" = rport=137 | protocol=17 | dir=out | app=system |
"{F2D978B7-C1A5-4FC0-BB38-BC29DB3AD499}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F2FA51FA-E82A-4FDB-8AAC-EB0D0994AF04}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06968977-1F0D-424D-AF99-C26FE6E092DD}" = protocol=17 | dir=in | app=c:\program files\aol 9.1a\waol.exe |
"{07FB08DD-C791-440C-9509-1CFED82F0514}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1231115655\ee\aolsoftware.exe |
"{09B4A36F-378B-4103-8749-232DA98F40B4}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{0D6D2E46-B900-470A-BAF1-B09DCC2CCCD7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0F0525D5-F6DA-4CE9-B939-96DA7379003F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0FFD44DC-3BFE-4494-843B-316BBC3DA249}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{187984C9-5597-4B44-B390-F84BA80A5659}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19B80962-D2B7-4047-A5D1-352865D490EF}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{1ABA7C2E-7489-4AC0-9BB7-81A633B8AE3B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1F881A52-BA4C-4E0D-8C0A-1F071B13B905}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{21FA244D-DEA3-463B-B16B-6908AEE4F69C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{239AC826-8AE2-4608-9100-A18A797E1625}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{273E3D96-D853-4A6C-AEEB-E09F4BE2F8B5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{2FC82488-EB8F-43A9-B625-C15B73F39F7B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{37E430F4-5480-440F-B2D7-D711B3DDB7C7}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\powercinema.exe |
"{390E5DF6-A28E-4DC5-974B-53F061853FE6}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{39718945-F0DA-4F5A-BD0A-2DB2B1FB5E31}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A606857-A557-4C46-B9F0-6124D2D99A73}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4516BDE4-9613-4A5E-A87B-5CE0E7FF740E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{4B8CE37C-2507-4A5A-BBDC-FFFAE4423AC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A36650E-F694-49DE-BF33-087DB1290E73}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{77DBCF85-A650-4E00-B351-7AF364693CE6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{83FE850E-2DB7-4128-8395-B13C08791566}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{89998BE3-CD38-463F-A2CD-9675E1A3C0E8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{9AC493E6-E100-46B3-8844-79B2B4C4537B}" = protocol=6 | dir=out | app=system |
"{9CE99D9B-E384-4A2A-9AC0-406865357B24}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A380C858-FC27-4888-83E1-9E8905E8A698}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AA883BEC-6207-4813-A74C-D50DACA106EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE02C1ED-1854-4794-BC27-A24F1A8368BE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{AE87CBDF-C7A6-4D36-89B5-E9764299ED33}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\pcmservice.exe |
"{B432BE9B-F1ED-472C-B9ED-EF4D73CB85F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC52F0C5-BE71-4908-AD0B-0019FE539A1C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{D8F9D8FE-4E3D-4504-AD11-F952FD7B30E8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1231115655\ee\aolsoftware.exe |
"{DD8140EA-6FDB-4708-B073-48AF105AE509}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{DEB3B2B8-19CE-4D18-9960-914A1E2018BE}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{E2FEACAE-B8CF-40C5-BA81-6DAD2611A47B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E4E74711-AF2C-436D-B705-E6B341312173}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED1E343D-67E7-4546-862E-EABB5B94B570}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{EE93936E-BF15-47CC-A6D4-DD2610D28E80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F80701EF-A584-4F6C-B435-7987707D0C1C}" = protocol=6 | dir=in | app=c:\program files\aol 9.1a\waol.exe |
"{FC1EF4CA-3007-4821-8A01-51551717E0F2}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{FF319651-1113-41ED-8BDD-C4A71FDC5051}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{073C0C47-662A-4AEF-83A8-C599017612D6}" = HP Officejet Pro 8600 Product Improvement Study
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{10173615-D9A7-4C50-A036-38CA89221708}" = HP Officejet Pro 8600 Help
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{271EBBA7-6162-48C4-9A56-42825C63CC8F}" = Cabela's Big Game Hunter 2005 Adventures
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero Internet
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B52EA8-8A5C-4FF5-A9F2-1A0F3259C3D2}" = TOSHIBA Application Disc Creator
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9276EFE6-10FC-4B54-A68A-D5332B9A0ABA}" = HP Officejet Pro 8600 Basic Device Software
"{934F5F1F-79EE-48C7-9CAE-7A70586A0D7F}" = Adobe Setup
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3FAE73B-4474-4A1D-A343-2FE248F05265}" = EasyTether
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD14F66C-EEC8-40EA-B5D7-421F524FC333}" = Adobe Creative Suite 3 Design Standard
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C5BD220A-EFE8-48A5-B70E-9503D535******" = Adobe WAS CS3
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FB356619-7ECE-42BC-A28A-541973E29F28}" = TOSHIBA PowerCinema Helper
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_cc3de31c9bb4dd729259509c74a7512" = Add or Remove Adobe Creative Suite 3 Design Standard
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AolCoach" = AOL Coach Version 1.0(Build:20020823.1)
"avast" = avast! Free Antivirus
"Canon CanoScan LiDE 100 User Registration" = Canon CanoScan LiDE 100 User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Deluxe MM Bible" = Deluxe MM Bible
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pen Tablet Driver" = Bamboo
"Picasa2" = Picasa 2
"ProInst" = Intel PROSet Wireless
"RealPlayer 6.0" = RealPlayer Basic
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2012 11:28:09 PM | Computer Name = Odie-Laptop | Source = Office Software Protection Platform Service | ID = 1008
Description = Acquisition of Secure Processor Certificate failed. hr=0x80072EE7

Error - 1/15/2012 1:12:23 AM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 1/15/2012 9:08:39 AM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 1/15/2012 9:56:55 AM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 1/15/2012 10:00:29 AM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 1/15/2012 10:03:05 AM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 1/15/2012 10:29:15 AM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 1/15/2012 10:42:36 AM | Computer Name = Odie-Laptop | Source = EventSystem | ID = 4609
Description =

Error - 1/15/2012 10:43:31 AM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 1/15/2012 1:24:46 PM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 1/27/2012 11:23:27 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 1/27/2012 11:25:40 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/27/2012 11:25:40 PM | Computer Name = Odie-Laptop | Source = Service Control Manager | ID = 7001
Description =

< End of report >

Bobbye · Jan 29, 2012

Not to worry about Recycle bin message. I can clear the Java cache. And if there are display problems, missing icons,, desktop, programs, etc. or if Startup is missing again, don't fret. Most of this is put out by the malware. and the cosmetic problems can be fixed. We just have to go step by step.
Half of the main job of this malware is to convince you that everything has gone bad and that you need to allow their program to fix the problem. The other half is to 'hide' or change files.
============================
Okay, I have some questions:

1. OTL directions gave 3 links and the Note: You just need one. Sometimes the file extension gets blocked. All 3 versions are on the system. Did you have to download all three to get one to run?

2. You have Directories set up on the C Drive and the executable as follows:
| --SD | C] -- C:\Aron24187A
| --SD | C] -- C:\Aron7362A
| --SD | C] -- C:\Aron
C:\Users\Odie\Desktop\Aron.exe

Do you know what this is?

3. You have several outdated programs on the system. They are all vulnerabilities and you will get malware:
------------------------
Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download.

Please update Java: Java Updates . Uninstall Java v6u24, v6u25 and v6u26 in Add/Remove Programs.

Please update the Adobe Reader: Adobe Reader Update Uninstall Adobe Reader v8.5 in Add/Remove Programs.

4. Please search your system for this: C:\QooBox\ComboFix-quarantined-files.txt
OTL indicates there is a Qoobox from Combofix. If you find it, please paste in next reply.

5. There is an error as follows:
Error - 1/14/2012 11:28:09 PM | Computer Name = Odie-Laptop | Source = Office Software Protection Platform Service | ID = 1008
Description = Acquisition of Secure Processor Certificate failed. hr=0x80072EE7

And following that: There are several errors for both System and Apps with the descriptions missing:
Error - 1/15/2012 1:24:46 PM | Computer Name = Odie-Laptop | Source = WinMgmt | ID = 10
Description = ??????

It appears that the Activation on your OS failed: Please run the following:
Please run the MGA Diagnostics tool

You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
You must choose to Run this tool when prompted.
Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
Please return to this thread and Paste the results here for review.

------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.

MagestiQ · Feb 1, 2012

Well...

1. I have been transferring all the downloads to the infected PC via jump drive, so I grabbed all the OTL files at once and pulled them over together. The first OTL that I clicked ran without a glitch.

2. During my many attempts to get ComboFix to run, I began naming it "Aron.exe".

3. Uninstalled older versions of java and acrobat... installed current versions of both

4. I can't find the .txt file that you listed. There is a .txt file under C:\QooBox\Quarantine\catchme.log ... which I'm pretty sure isn't what you want... it is just four dates and times.

5. MGA tool ran successfully... log below

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-*****-*****-*****
Windows Product Key Hash: *****************/********=
Windows Product ID: 89578-OEM-7332157-00237
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {F945F678-77DA-46B3-87E3-B0DC5148DFE3}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.111025-0338
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F945F678-77DA-46B3-87E3-B0DC5148DFE3}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-1235594767-156515733-2245494932</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite A305</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>1.50</Version><SMBIOSVersion major="2" minor="4"/><Date>20080821000000.000000+000</Date></BIOS><HWID>2E313507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500237-02-1033-6001.0000-3582008
Installation ID: 017542751752733564748644738700877862718922749714282721
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL:
Partial Product Key:
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: PAAAAAEABAABAAIAAQABAAAABQABAAEAeqiKbCpJ3p0uqdRUMAYGlvTROgzy9PIuKDC2GIJsrFZMASqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC TOSINV TOSINV00
FACP TOSINV TOSINV00
HPET TOSINV TOSINV00
BOOT TOSINV TOSINV00
MCFG TOSINV TOSINV00
ASF! TOSINV TOSINV00
SLIC TOSINV TOSINV00
SSDT PmRef CpuPm

Bobbye · Feb 2, 2012

Sounds like you got a lot done!

About this: 2. During my many attempts to get ComboFix to run, I began naming it "Aron.exe". So all of the Directories are for Combofix?

Keep in mind that when you give the uninstall Command for Combofix, it's not going to look for Aron or Friday or any variation of them. I'm going to try to remove them all through OTL, but please make sure all of the 'renamed' Combofix directories are gone. If any remain, go to Local drive and do a Right click> Delete. Check Add/Remove Programs for the original Combofix download- if it's there, please uninstall from there.
========================================
Please go ahead and run the following. There is a lot of text so be sure you copy/paste all.
OTL Custom Scan Fixes

Run OTL

Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

Code:

:OTL
[2011/05/06 19:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/06 19:09:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/09/24 16:51:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: myspace.com ([home] http in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
O33 - MountPoints2\{3a7ede5e-3540-11df-8164-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{3a7ede5e-3540-11df-8164-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
[2012/01/24 21:55:19 | 000,000,000 | --SD | C] -- C:\Aron24187A
[2012/01/22 21:48:35 | 000,000,000 | --SD | C] -- C:\Aron7362A
[2012/01/22 19:22:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/22 19:22:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/22 19:22:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/22 19:22:50 | 000,000,000 | --SD | C] -- C:\Aron
[2012/01/22 19:22:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/22 19:19:17 | 004,388,509 | R--- | C] (Swearware) -- C:\Users\Odie\Desktop\Aron.exe
[2012/01/22 18:37:41 | 000,000,000 | --SD | C] -- C:\Friday21376F
[2012/01/22 15:01:18 | 000,000,000 | --SD | C] -- C:\Friday
[2012/01/15 08:31:24 | 000,000,640 | ---- | M] () -- C:\Users\Odie\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/15 07:13:25 | 000,000,464 | ---- | M] () -- C:\ProgramData\evfA91U0AmKF44
[2012/01/15 07:11:38 | 000,000,280 | ---- | M] () -- C:\ProgramData\~evfA91U0AmKF44
[2012/01/14 23:44:25 | 000,000,176 | ---- | M] () -- C:\ProgramData\~evfA91U0AmKF44r
[2012/01/14 23:44:21 | 000,000,616 | ---- | M] () -- C:\Users\Odie\Desktop\System Check.lnk
[2012/01/21 14:03:46 | 000,302,592 | ---- | C] () -- C:\Users\Odie\Desktop\ycow72iq.exe
[C:\Windows\$NtUninstallKB2440$] -> -> Unknown point type
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
helpfile [open] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
:Commands
[purity]
[emptytemp]
[emptyflash]
[emptyjava]
[resethosts]
[CreateRestorePoint]
[Reboot]

Then click the Run Fix button at the top
Let the program run uninterrupted, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

=====================================================

MagestiQ · Feb 4, 2012

So after running OTL with the custom fix that I copied from your post... I saw that the directories were still there. So I right-clicked and hit delete, and that is when it said that it was trying to recycle my C drive. I cancelled and that's when I saw the recycle bin is corrupt message again... it hadn't been coming up while I was doing anything else.

Also, the first txt log that was produced by OTL after your custom fix said over and over "unable to interpret:error" but there were a lot of other things in there as well. should i retry and post that log as well?

Here is the Log that was produced after the reboot and quickscan.

OTL logfile created on: 2/4/2012 4:38:40 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Odie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 66.05% Memory free
5.94 Gb Paging File | 5.00 Gb Available in Paging File | 84.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 151.76 Gb Free Space | 65.58% Space Free | Partition Type: NTFS
Drive D: | 2.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.91 Gb Total Space | 1.89 Gb Free Space | 98.66% Space Free | Partition Type: FAT

Computer Name: ODIE-LAPTOP | User Name: Odie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Odie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Common Files\AOL\1231115655\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\NetZero\exec.exe (NetZero, Inc.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\BlackPng.dll ()
MOD - C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\Toshiba\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll ()

========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (easytether) -- C:\Windows\System32\drivers\easytthr.sys (Mobile Stream)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (pneteth) -- C:\Windows\System32\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/21 22:08:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 07:07:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/03/26 15:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Odie\AppData\Roaming\Mozilla\Extensions
[2012/02/01 01:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/06 19:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/06 19:09:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012/02/01 01:52:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/01/21 22:08:53 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/02 06:44:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 11:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1231115655\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe (NetZero, Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Odie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (United Online, Inc.)
O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (United Online, Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: myspace.com ([home] http in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21D5FA56-C953-4D5A-8C38-4C6A8A5CD3E8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ACDFDF8-2820-462C-91D7-FEA3C4FE6F98}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF760607-1879-4406-AC47-128752A558DA}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Odie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Odie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3a7ede5e-3540-11df-8164-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{3a7ede5e-3540-11df-8164-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 16:28:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/01 02:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/02/01 01:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/31 20:59:59 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2012/01/31 20:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/01/27 22:21:52 | 000,000,000 | --SD | C] -- C:\Aron2396A
[2012/01/27 21:29:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.scr
[2012/01/27 21:29:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.exe
[2012/01/27 21:29:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.com
[2012/01/24 21:55:19 | 000,000,000 | --SD | C] -- C:\Aron24187A
[2012/01/22 21:48:35 | 000,000,000 | --SD | C] -- C:\Aron7362A
[2012/01/22 19:22:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/22 19:22:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/22 19:22:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/22 19:22:50 | 000,000,000 | --SD | C] -- C:\Aron
[2012/01/22 19:22:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/22 19:19:17 | 004,388,509 | R--- | C] (Swearware) -- C:\Users\Odie\Desktop\Aron.exe
[2012/01/22 18:37:41 | 000,000,000 | --SD | C] -- C:\Friday21376F
[2012/01/22 15:01:18 | 000,000,000 | --SD | C] -- C:\Friday
[2012/01/21 22:23:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/21 22:09:41 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/21 22:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/21 22:09:40 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/21 22:09:39 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/21 22:09:39 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/01/21 22:09:38 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/01/21 22:09:37 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/01/21 22:08:49 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/21 22:08:47 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/01/21 22:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/21 22:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/21 21:37:21 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Odie\Desktop\AppRemover.exe
[2012/01/21 14:23:45 | 000,000,000 | R--D | C] -- C:\Users\Odie\Videos
[2012/01/21 14:23:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Odie\Desktop\dds.scr
[2012/01/21 12:18:31 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Roaming\Malwarebytes
[2012/01/21 12:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/21 12:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/21 12:17:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/21 12:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/21 12:16:24 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Odie\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/14 23:44:21 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/14 23:39:01 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Local\MicrosoftNT
[2012/01/14 21:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/14 21:12:28 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/01/14 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/01/14 21:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/01/14 21:07:16 | 000,000,000 | ---D | C] -- C:\Users\Odie\AppData\Local\Microsoft Help
[2012/01/14 21:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/01/14 21:06:39 | 000,000,000 | RH-D | C] -- C:\MSOCache
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/04 16:39:22 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/04 16:39:22 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/04 16:32:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 16:32:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 16:32:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/04 16:32:10 | 3082,813,440 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/04 16:17:35 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2012/02/01 02:26:10 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/31 20:11:35 | 001,749,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/27 21:10:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.scr
[2012/01/27 21:09:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.com
[2012/01/27 21:09:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Odie\Desktop\OTL.exe
[2012/01/27 20:59:33 | 376,581,004 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/24 20:07:52 | 002,039,456 | ---- | M] () -- C:\Users\Odie\Desktop\tdsskiller.zip
[2012/01/24 20:07:24 | 000,684,297 | ---- | M] () -- C:\Users\Odie\Desktop\unhide.exe
[2012/01/22 19:19:16 | 004,388,509 | R--- | M] (Swearware) -- C:\Users\Odie\Desktop\Aron.exe
[2012/01/22 13:57:00 | 000,294,400 | ---- | M] () -- C:\Users\Odie\Desktop\exeHelper.com
[2012/01/22 13:53:40 | 001,008,141 | ---- | M] () -- C:\Users\Odie\Desktop\rkill.exe
[2012/01/22 13:51:28 | 001,008,141 | ---- | M] () -- C:\Users\Odie\Desktop\rkill.scr
[2012/01/22 13:50:14 | 001,008,141 | ---- | M] () -- C:\Users\Odie\Desktop\rkill.com
[2012/01/21 22:09:41 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/21 22:09:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/21 22:06:34 | 064,207,032 | ---- | M] () -- C:\Users\Odie\Desktop\setup_av_free_cnet.exe
[2012/01/21 21:38:10 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Odie\Desktop\AppRemover.exe
[2012/01/21 14:21:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Odie\Desktop\dds.scr
[2012/01/21 13:03:16 | 000,302,592 | ---- | M] () -- C:\Users\Odie\Desktop\ycow72iq.exe
[2012/01/21 12:17:48 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 12:06:06 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Odie\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/15 08:44:35 | 000,001,356 | ---- | M] () -- C:\Users\Odie\AppData\Local\d3d9caps.dat
[2012/01/15 08:31:24 | 000,000,640 | ---- | M] () -- C:\Users\Odie\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/15 07:13:25 | 000,000,464 | ---- | M] () -- C:\ProgramData\evfA91U0AmKF44
[2012/01/15 07:11:38 | 000,000,280 | ---- | M] () -- C:\ProgramData\~evfA91U0AmKF44
[2012/01/14 23:44:25 | 000,000,176 | ---- | M] () -- C:\ProgramData\~evfA91U0AmKF44r
[2012/01/14 23:44:21 | 000,000,616 | ---- | M] () -- C:\Users\Odie\Desktop\System Check.lnk
[2012/01/14 23:14:57 | 000,001,765 | ---- | M] () -- C:\Users\Odie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/04 16:17:35 | 000,000,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012/02/04 16:17:35 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2012/02/01 02:26:10 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/02/01 02:26:10 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/27 21:10:04 | 3082,813,440 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/24 20:09:27 | 000,684,297 | ---- | C] () -- C:\Users\Odie\Desktop\unhide.exe
[2012/01/24 20:09:21 | 002,039,456 | ---- | C] () -- C:\Users\Odie\Desktop\tdsskiller.zip
[2012/01/22 19:22:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/22 19:22:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/22 19:22:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/22 19:22:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/22 19:22:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/22 13:56:57 | 000,294,400 | ---- | C] () -- C:\Users\Odie\Desktop\exeHelper.com
[2012/01/22 13:53:21 | 001,008,141 | ---- | C] () -- C:\Users\Odie\Desktop\rkill.exe
[2012/01/22 13:51:05 | 001,008,141 | ---- | C] () -- C:\Users\Odie\Desktop\rkill.scr
[2012/01/22 13:49:48 | 001,008,141 | ---- | C] () -- C:\Users\Odie\Desktop\rkill.com
[2012/01/21 22:09:41 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/21 22:03:43 | 064,207,032 | ---- | C] () -- C:\Users\Odie\Desktop\setup_av_free_cnet.exe
[2012/01/21 14:03:46 | 000,302,592 | ---- | C] () -- C:\Users\Odie\Desktop\ycow72iq.exe
[2012/01/21 12:17:48 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/15 08:31:24 | 000,000,640 | ---- | C] () -- C:\Users\Odie\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/14 23:44:25 | 000,000,176 | ---- | C] () -- C:\ProgramData\~evfA91U0AmKF44r
[2012/01/14 23:44:24 | 000,000,280 | ---- | C] () -- C:\ProgramData\~evfA91U0AmKF44
[2012/01/14 23:44:21 | 000,000,616 | ---- | C] () -- C:\Users\Odie\Desktop\System Check.lnk
[2012/01/14 23:44:19 | 000,000,464 | ---- | C] () -- C:\ProgramData\evfA91U0AmKF44
[2011/12/31 23:03:31 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/04/24 19:30:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/04/24 19:30:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/04/24 19:29:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/10/08 21:40:03 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009/12/27 18:36:49 | 000,001,356 | ---- | C] () -- C:\Users\Odie\AppData\Local\d3d9caps.dat
[2009/03/27 19:58:04 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/01/01 22:01:21 | 000,000,026 | ---- | C] () -- C:\Windows\wininit.ini
[2009/01/01 22:01:19 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/01/01 21:25:20 | 000,000,866 | ---- | C] () -- C:\Windows\aolback.exe.lnk
[2008/12/31 22:03:11 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/12/27 12:54:46 | 000,000,082 | ---- | C] () -- C:\Windows\cosmimmbible.ini
[2008/12/23 18:15:46 | 000,011,264 | ---- | C] () -- C:\Users\Odie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/23 17:31:32 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/12/23 17:31:30 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/10/24 15:55:02 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/10/24 15:55:01 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/10/24 15:55:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/10/24 15:55:01 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/10/24 15:28:54 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat
[2008/10/24 15:28:54 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat
[2008/10/24 15:28:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/10/24 15:28:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/10/24 15:28:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/10/24 15:28:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/08/14 13:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/14 13:28:30 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/14 13:28:30 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/14 13:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/14 13:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/14 13:28:30 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/14 13:28:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/14 13:02:18 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/06/12 19:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 19:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/12 19:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/12 19:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/04/24 19:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 19:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 19:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 19:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 19:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 19:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 001,749,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/01/01 11:37:39 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\Canon
[2009/01/06 21:30:59 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\OpenOffice.org
[2009/03/29 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\TOSHIBA
[2008/12/25 10:39:05 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\WildTangent
[2011/04/24 19:14:21 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\WinBatch
[2011/11/24 09:11:06 | 000,000,000 | ---D | M] -- C:\Users\Odie\AppData\Roaming\WTouch
[2012/02/04 16:31:01 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

MagestiQ · Feb 9, 2012

Bobbye? You out there?

Bobbye · Feb 11, 2012

Yes, I'm here. I was offline Wednesday and Thursday- I thought I had sent a message to all my members with an open thread. Now I'm trying to catch up.

Please clarify this for me> you did not or could not run the OTL Fix I set up?
And you deleted some files on your own?

MagestiQ · Feb 15, 2012

Bobbye said:
Please clarify this for me> you did not or could not run the OTL Fix I set up?

I did run the OTL Fix... but I believe that I did something wrong... I copied and pasted all the text that you posted... but the log that showed up gave me the impression that it was unsuccessful.

And I tried to delete the Combofix directories but that is when it said that it was sending my C drive to the recycle bin. So I didn't actually delete anything.

Bobbye · Feb 17, 2012

Okay, try using the Combofix uninstall first:

Uninstall ComboFix and all Backups of the files it deleted

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Use Windows Explorer to access Computer> Local Drive (C)> Programs, Find the Combofix folder and o right click> Delete.. Do the right click? Delete on any other entries you see for Combofix.

There is no reason that doing this will remove the Local Drive. Remember- you have a rogue program that is giving you false Alerts and 'critical system' messages. We have to remove these bad entries.
=========================================
Please help me clarify some issues:
1. You are running the following for NetZero
C:\Program Files\NetZero\exec.exe >> this is listed twice
C:\Program Files\NetZero\exec.exe
uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
IE: Display All Images with Full Quality - "c:\program files\netzero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\netzero\qsacc\appres.dll/227"

Trusted Zone: netzero.com
Trusted Zone: netzero.net

Search term NetZero.com brings up http://www.netzero.net/
Search term NetZero.net brings up http://www.netzero.net/

2. The system is configured to use the Google Public DNS IP addresses. The Google Public DNS IP addresses (IPv4) are as follows: 8.8.8.8; 8.8.4.4. The Google Public DNS IPv6 addresses are as ..When you use Google Public DNS, you are changing your DNS "switchboard" operator from your ISP to Google Public DNS.

3. There are also processes for the following:
NETw5v32.sys Intel® Wireless WiFi Link Driver.
PdaNet Broadband Adapter Drive
Mobile stream EasyTether shares your Android smartphone connection with your PC
Wacom interactive pen

So I'm wondering just how and what you are connecting?
======================================
4. The Install Date is 10/24/2008 , but here are no system restore points, no SP for Vista updates, no security updates.

Let's check the system:
Please run the MGA Diagnostics tool

You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
You must choose to Run this tool when prompted.
Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
Please return to this thread and Paste the results here for review.

------------------------------------------
NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.

Please post results and answers in next reply.

MagestiQ · Feb 22, 2012

I ran the Combofix /unistall, and it couldn't find any Combofix files to run, so I deleted the "Aron" directory. I didn't see any directories for Combofix either.

The laptop belongs to my dad and he uses AOL and Mobile Stream Easy Tether to connect to the internet (mostly easy tether). I thought he had uninstalled PDANet.

I have a wireless router and that is how I am trying to connect to the internet currently. It is not successfully connecting to my router. (it has before... several times)

Netzero came on the laptop and he thought that he might want to give it a try sometime, he never did.

And the Wacom Interactive Pen is used with Photoshop.

I didn't configure the DNS to use the Google public DNS, unless Easy Tether did that when we installed it.

I ran the MGA Tool and it completed but it won't let me copy the results. It states that it "failed to create output files, hr=0x00706b5. Please Contact Support". It did say that the validation status was Genuine.

I don't know if you are looking for something new, but I did run the MGA Tool before and successfully posted that Log previously, I don't think that we have made any significant changes since I posted that log.

Bobbye · Feb 24, 2012

Everything I asked you about in my Reply #22 is based on entries I saw in the logs. It appears there may be a conflict about the connection:

Easytether is used to connect. But "I have a wireless router and that is how I am trying to connect to the internet currently. It is not successfully connecting to my router. (it has before... several times)"
There is a pre installed Toshiba process running that launches the Config. Free application which helps in finding and connecting to wireless networks.
C:\Program Files\Toshiba\ConfigFree

The system is configured to use the Google Public DNS IP addresses.
Net Zero is running

There are no System Restore points and no Windows Security updates although the Install Date for the OS is 10/24/2008.

From OTL:
Error - 1/14/2012 11:28:09 PM | Computer Name = Odie-Laptop | Source = Office Software Protection Platform Service | ID = 1008
Description = Acquisition of Secure Processor Certificate failed. hr=0x80072EE7
0x80072EE7 The server name or address could not be resolved.
The Windows Activation was not successful>> see http://support.microsoft.com/kb/931276

I did review the MGA DX report I had you run earlier. But I cannot identify the error of the current run: ""failed to create output files, hr=0x00706b5"

Both Combofix and OTL have been unsuccessful in that the Combofix log is missing and the OTL fix won't work.

My best advice for you is to do a reformat and reinstall> get this system cleared of all the unused processes, get it correctly validated and updated. Review all the different processes all running to do the same thing> connect- and decide which should be used and which should be removed.

I am sorry I can't be encouraging on this- the system hasn't been maintained over the years and isn't going to run properly until the conflicts are resolved.

Inactive System Check on Vista

Posts: 15 +0

Posts: 15 +0

Posts: 15 +0

Posts: 16,313 +36

Posts: 15 +0

Posts: 15 +0

Posts: 15 +0

Posts: 16,313 +36

Posts: 15 +0

Posts: 16,313 +36

Posts: 15 +0

Posts: 16,313 +36

Posts: 15 +0

Posts: 15 +0

Posts: 16,313 +36

Posts: 15 +0

Posts: 16,313 +36

Posts: 15 +0

Posts: 15 +0

Posts: 16,313 +36

Posts: 15 +0

Posts: 16,313 +36

Posts: 15 +0

Posts: 16,313 +36

Similar threads