Solved Warning You're In Danger, Need help nothing is working

S

sandbdogs

Posts: 17   +0
I have read many different threads and forums on how to remove this problem. I do not access to the task manager and when I download programs to remove the problem from another computer it will not work.

I believe my neighbor let her son download something and got this virus/malware/hijack problem. Can someone please help?
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

when I download programs to remove the problem from another computer it will not work.
Click to expand...
More details, please.
What did you try to download and what happens?
 
Warning You're In Danger

I dowloaded Malwarebytes' Anti-Malware and Spyware-Doc. When I tranfer them to the desktop of the infected computer and try to run the programs, I get Application canot be executed. The file mbam-setup-1.50.1.1100.exe is infected. Please activate your antivirus software.

Microsoft Security Essentials is main anit-virus on computer, when it is opened it says: This operation has been cancelled due to ristrictions in effect on this computer. Please contact your system administrator.

I hope this was enough information!
 
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
Broni said:
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
Click to expand...

Since I cannot connect to the internet on the infected computer I wanted to make sure I am doing this correctly.
I will download OTLEP from usable computer and burn it to a cd then follow the steps to boot from cd on infected computer?
 
I booted from CD but could not run the program. Instead I was able to run Malwarebytes and it found several virus so I think I am OK for now!!!
 
Logs

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5499

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/10/2011 9:16:17 PM
mbam-log-2011-01-10 (21-16-17).txt

Scan type: Quick scan
Objects scanned: 146300
Time elapsed: 11 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-10 21:27:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHX2250BT rev.0040000C
Running: el49gtpl.exe; Driver: C:\Users\fiskfam4\AppData\Local\Temp\pwliakoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



DDS (Ver_10-12-12.02) - NTFSx86
Run by fiskfam4 at 21:35:26.22 on Mon 01/10/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.947 [GMT -6:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k netsvcs

DDS (Ver_10-12-12.02) - NTFSx86
Run by fiskfam4 at 21:35:26.22 on Mon 01/10/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.947 [GMT -6:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\fiskfam4\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:25490
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\fast browser search\ie\tbhelper.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: XBTBPos00 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: Fast Browser Search: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: att.com\www
Trusted Zone: bellsouth.com\myaccount
Trusted Zone: facebook.com\www
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.disneyphotopass.com/software/ImageUploader4.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
IFEO: image file execution options - svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-1-10 217032]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2011-1-10 112592]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-8 1153368]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c99c68f4f83717;Google Update Service (gupdate1c99c68f4f83717);c:\program files\google\update\GoogleUpdate.exe [2009-3-3 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-30 21504]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2011-1-10 366840]
S3 sdcoreservice;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2011-1-10 1142224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-10 22:06:04 767952 ----a-w- c:\windows\BDTSupport.dll
2011-01-10 22:06:03 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-01-10 22:06:01 165840 ----a-w- c:\windows\PCTBDRes.dll
2011-01-10 22:06:01 1652688 ----a-w- c:\windows\PCTBDCore.dll
2011-01-10 22:01:16 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-01-10 22:01:16 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-01-10 22:01:08 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-01-10 22:01:08 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-01-10 22:00:52 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-01-10 22:00:11 -------- d-----w- c:\users\fiskfam4\appdata\roaming\PC Tools
2011-01-10 22:00:11 -------- d-----w- c:\program files\Spyware Doctor
2011-01-10 22:00:11 -------- d-----w- c:\program files\common files\PC Tools
2011-01-10 22:00:11 -------- d-----w- c:\progra~2\PC Tools
2011-01-10 19:25:27 -------- d-----w- c:\users\fiskfam4\appdata\roaming\Malwarebytes
2011-01-10 19:25:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-10 19:25:21 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-10 19:25:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-10 19:25:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-10 19:12:04 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{627064df-5db4-4079-9d2b-4db1cab66489}\mpengine.dll
2011-01-09 22:49:11 -------- d-----w- c:\users\fiskfam4\DoctorWeb
2011-01-09 08:36:58 -------- d-----w- c:\progra~2\cDeIa01803
2011-01-07 21:01:09 -------- d-sh--w- C:\found.001
2011-01-05 01:25:51 -------- d-----w- c:\program files\MyOwnSuperheroEI
2010-12-28 03:05:08 -------- d-----w- c:\program files\Biography Software
2010-12-26 01:57:10 7168 ----a-w- c:\windows\system32\STDOad86.rra
2010-12-26 01:57:10 4224 ----a-w- c:\windows\system32\STORad86.rra
2010-12-26 01:57:10 326656 ----a-w- c:\windows\system32\msvcac2f.rra
2010-12-26 01:57:10 17920 ----a-w- c:\windows\system32\STDOad77.rra
2010-12-26 01:57:10 177856 ----a-w- c:\windows\system32\TYPEad96.rra
2010-12-26 01:57:09 995383 ----a-w- c:\windows\system32\Mfc4aba3.rra
2010-12-26 01:57:09 933888 ----a-w- c:\windows\system32\MFC4ab45.rra
2010-12-26 01:57:09 266293 ----a-w- c:\windows\system32\MSVCac00.rra
2010-12-26 01:57:04 31184 ----a-w- c:\windows\system32\COMP9620.rra
2010-12-26 01:45:28 7168 ----a-w- c:\windows\system32\STDOf7df.rra
2010-12-26 01:45:28 4224 ----a-w- c:\windows\system32\STORf7ee.rra
2010-12-26 01:45:28 17920 ----a-w- c:\windows\system32\STDOf7de.rra
2010-12-26 01:45:28 177856 ----a-w- c:\windows\system32\TYPEf7ee.rra
2010-12-26 01:45:27 995383 ----a-w- c:\windows\system32\Mfc4f4f1.rra
2010-12-26 01:45:27 933888 ----a-w- c:\windows\system32\MFC4f4a3.rra
2010-12-26 01:45:27 326656 ----a-w- c:\windows\system32\msvcf58d.rra
2010-12-26 01:45:27 266293 ----a-w- c:\windows\system32\MSVCf55f.rra
2010-12-26 01:45:22 31184 ----a-w- c:\windows\system32\COMPe1cf.rra
2010-12-26 01:29:56 7168 ----a-w- c:\windows\system32\STDObe78.rra
2010-12-26 01:29:56 4224 ----a-w- c:\windows\system32\STORbe86.rra
2010-12-26 01:29:56 326656 ----a-w- c:\windows\system32\msvcbd6d.rra
2010-12-26 01:29:56 266293 ----a-w- c:\windows\system32\MSVCbd3f.rra
2010-12-26 01:29:56 17920 ----a-w- c:\windows\system32\STDObe77.rra
2010-12-26 01:29:56 177856 ----a-w- c:\windows\system32\TYPEbe86.rra
2010-12-26 01:29:55 995383 ----a-w- c:\windows\system32\Mfc4bce1.rra
2010-12-26 01:29:55 933888 ----a-w- c:\windows\system32\MFC4bc93.rra
2010-12-26 01:29:50 31184 ----a-w- c:\windows\system32\COMPa971.rra
2010-12-26 01:18:53 7168 ----a-w- c:\windows\system32\STDOa1c4.rra
2010-12-26 01:18:53 4224 ----a-w- c:\windows\system32\STORa1e2.rra
2010-12-26 01:18:53 326656 ----a-w- c:\windows\system32\msvc9fa1.rra
2010-12-26 01:18:53 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL
2010-12-26 01:18:53 17920 ----a-w- c:\windows\system32\STDOa1c3.rra
2010-12-26 01:18:53 177856 ----a-w- c:\windows\system32\TYPEa1e2.rra
2010-12-26 01:18:53 -------- d-----w- c:\program files\common files\Click2Learn
2010-12-26 01:18:52 995383 ----a-w- c:\windows\system32\Mfc49ddc.rra
2010-12-26 01:18:52 933888 ----a-w- c:\windows\system32\MFC49d11.rra
2010-12-26 01:18:52 266293 ----a-w- c:\windows\system32\MSVC9f33.rra
2010-12-26 01:18:44 31184 ----a-w- c:\windows\system32\COMP7e2c.rra
2010-12-15 01:53:25 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

==================== Find3M ====================

2010-12-25 01:58:41 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 21:36:10.40 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/18/2007 12:00:01 PM
System Uptime: 1/10/2011 9:02:37 PM (0 hours ago)

Motherboard: TOSHIBA | | IALAA
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-56 | Socket M2/S1G1 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 231 GiB total, 136.97 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP524: 12/24/2010 7:59:53 PM - Windows Update
RP525: 12/25/2010 9:23:10 AM - Scheduled Checkpoint
RP526: 12/25/2010 8:48:11 PM - Windows Update
RP527: 12/26/2010 11:24:38 PM - Windows Update
RP528: 12/27/2010 3:18:59 PM - Scheduled Checkpoint
RP529: 12/28/2010 1:27:32 AM - Windows Update
RP530: 12/29/2010 1:37:09 AM - Windows Update
RP531: 12/30/2010 6:10:44 PM - Windows Update
RP532: 1/1/2011 2:06:53 AM - Windows Update
RP533: 1/3/2011 1:29:21 AM - Windows Update
RP534: 1/4/2011 9:02:19 AM - Windows Update
RP535: 1/5/2011 3:58:52 PM - Windows Update
RP536: 1/5/2011 4:05:40 PM - Windows Update
RP538: 1/6/2011 8:34:19 PM - Windows Update
RP539: 1/6/2011 8:41:25 PM - Windows Update
RP540: 1/7/2011 3:14:11 PM - Windows Update
RP541: 1/7/2011 9:26:26 PM - Windows Update
RP542: 1/8/2011 10:30:52 AM - Windows Update
RP543: 1/8/2011 11:20:54 PM - Windows Update
RP544: 1/9/2011 12:53:13 PM - Windows Update
RP545: 1/9/2011 3:55:13 PM - Windows Update
RP546: 1/10/2011 10:21:09 AM - Windows Update
RP547: 1/10/2011 10:29:03 AM - Windows Update
RP548: 1/10/2011 1:30:02 PM - Windows Update
RP549: 1/10/2011 8:43:29 PM - Windows Update

==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
AIM Toolbar
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
ATI Uninstaller
AudibleManager
Bluetooth Stack for Windows by Toshiba
Bonjour
Browser Defender 2.0.6.15
CA eTrust PestPatrol
Camera Assistant Software for Toshiba
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD/DVD Drive Acoustic Silencer
Corel Paint Shop Pro Photo X2
Creative System Information
Creative ZEN
Desktop Dialer
Download Updater (AOL LLC)
DVD MovieFactory for TOSHIBA
Fast Browser Search (My Web Tattoo)
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iPhone Configuration Utility
iTunes
Java(TM) SE Runtime Environment 6
Malwarebytes' Anti-Malware
Master Your CDC 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft XML Parser
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville (remove only)
Napster
Napster Burn Engine
OGA Notifier 2.0.0048.0
oggcodecs 0.71.0946
PDG Gold 4.0
PDG Gold for NCOs - 2009
Picasa 3
PureEdge Viewer 6.5
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Simple 1-2-3 Traditional Memories
Skins
Skype web features
Skype™ 4.1
Spybot - Search & Destroy
Spyware Doctor 7.0
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA Music
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2466076)
Utility Common Driver
Vongo
WildTangent Games
Windows Media Encoder 9 Series
Yahoo! Music Jukebox
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

1/9/2011 9:53:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
1/9/2011 9:53:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2011 9:53:16 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2011 9:53:16 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2011 9:53:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2011 9:53:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2011 9:53:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2011 9:53:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2011 9:53:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2011 9:53:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2011 9:53:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2011 9:53:16 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2011 9:53:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2011 9:53:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2011 9:53:16 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2011 9:53:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/9/2011 9:52:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/9/2011 9:52:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/9/2011 9:52:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/9/2011 9:52:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/9/2011 9:52:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/9/2011 7:33:14 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.8 for the Network Card with network address 001B9E3779A4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/9/2011 4:59:39 PM, Error: EventLog [6008] - The previous system shutdown at 4:56:34 PM on 1/9/2011 was unexpected.
1/9/2011 2:01:28 AM, Error: EventLog [6008] - The previous system shutdown at 2:00:17 AM on 1/9/2011 was unexpected.
1/9/2011 1:30:29 PM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).
1/9/2011 1:30:14 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/9/2011 1:04:53 PM, Error: EventLog [6008] - The previous system shutdown at 1:02:54 PM on 1/9/2011 was unexpected.
1/8/2011 11:04:10 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer ENDERSGAME that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D8A7D033-2430-43F6-91A9-49DA7A1. The master browser is stopping or an election is being forced.
1/8/2011 10:27:04 AM, Error: EventLog [6008] - The previous system shutdown at 9:37:55 PM on 1/7/2011 was unexpected.
1/7/2011 9:35:08 PM, Error: EventLog [6008] - The previous system shutdown at 9:31:00 PM on 1/7/2011 was unexpected.
1/7/2011 6:07:56 PM, Error: EventLog [6008] - The previous system shutdown at 4:01:37 PM on 1/7/2011 was unexpected.
1/7/2011 3:10:20 PM, Error: EventLog [6008] - The previous system shutdown at 8:42:57 PM on 1/6/2011 was unexpected.
1/6/2011 8:30:08 PM, Error: EventLog [6008] - The previous system shutdown at 9:57:08 PM on 1/5/2011 was unexpected.
1/5/2011 7:57:56 PM, Error: EventLog [6008] - The previous system shutdown at 7:46:35 PM on 1/5/2011 was unexpected.
1/5/2011 3:54:48 PM, Error: EventLog [6008] - The previous system shutdown at 9:39:17 PM on 1/4/2011 was unexpected.
1/3/2011 7:55:42 PM, Error: EventLog [6008] - The previous system shutdown at 11:56:01 AM on 1/3/2011 was unexpected.
1/3/2011 1:18:13 AM, Error: EventLog [6008] - The previous system shutdown at 2:30:21 AM on 1/2/2011 was unexpected.
1/10/2011 9:28:17 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.13 for the Network Card with network address 001B9E3779A4 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
1/10/2011 9:23:42 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.15 for the Network Card with network address 001B9E3779A4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/10/2011 9:16:53 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001B9E3779A4. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
1/10/2011 9:04:06 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/10/2011 8:49:46 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/10/2011 4:19:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.3606.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
1/10/2011 10:21:38 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001B9E3779A4. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
1/10/2011 1:22:24 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

==== End Of File ===========================
 
You did it CORRECTLY :)....lol

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite A215
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 144):
0x81E4F000 \SystemRoot\system32\ntkrnlpa.exe
0x81E1C000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040E000 \SystemRoot\system32\PSHED.dll
0x8041F000 \SystemRoot\system32\BOOTVID.dll
0x80427000 \SystemRoot\system32\CLFS.SYS
0x80468000 \SystemRoot\system32\CI.dll
0x80548000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060A000 \SystemRoot\system32\drivers\acpi.sys
0x80650000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80659000 \SystemRoot\system32\drivers\msisadrv.sys
0x80661000 \SystemRoot\system32\drivers\pci.sys
0x80688000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x80692000 \SystemRoot\System32\drivers\partmgr.sys
0x806A1000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x806A4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806AE000 \SystemRoot\system32\drivers\volmgr.sys
0x806BD000 \SystemRoot\System32\drivers\volmgrx.sys
0x80707000 \SystemRoot\system32\drivers\pciide.sys
0x8070E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8071C000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x80749000 \SystemRoot\System32\drivers\mountmgr.sys
0x80759000 \SystemRoot\system32\drivers\atapi.sys
0x80761000 \SystemRoot\system32\drivers\ataport.SYS
0x8077F000 \SystemRoot\system32\drivers\fltmgr.sys
0x807B1000 \SystemRoot\system32\drivers\fileinfo.sys
0x807C1000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x87603000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87674000 \SystemRoot\system32\drivers\ndis.sys
0x8777F000 \SystemRoot\system32\drivers\msrpc.sys
0x877AA000 \SystemRoot\system32\drivers\NETIO.SYS
0x87806000 \SystemRoot\System32\drivers\tcpip.sys
0x878F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A0D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B1D000 \SystemRoot\system32\drivers\volsnap.sys
0x87B56000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x87B5B000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x87BA6000 \SystemRoot\System32\Drivers\spldr.sys
0x87BAE000 \SystemRoot\System32\Drivers\mup.sys
0x87BBD000 \SystemRoot\System32\drivers\ecache.sys
0x87BE4000 \SystemRoot\system32\drivers\disk.sys
0x8790B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BF5000 \SystemRoot\system32\drivers\crcdisk.sys
0x8793F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8794A000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87953000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8B403000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8BAD8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BB79000 \SystemRoot\System32\drivers\watchdog.sys
0x8BB85000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8BE01000 \SystemRoot\system32\DRIVERS\athr.sys
0x8BFCE000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8BB99000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8BFD8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8BFE7000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8BBD7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BFEB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x87963000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x877E5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8BFF1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x807CA000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8BFFC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8BBEF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BBFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x879F0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x805D1000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C20D000 \SystemRoot\system32\drivers\tifm21.sys
0x8C25A000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8C274000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C2A3000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C2E4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C2EF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C306000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C311000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C334000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C343000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C357000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C36C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C37C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C37E000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C3A8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C3B2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C3BF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x805DF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CA07000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8CB23000 \SystemRoot\system32\drivers\modem.sys
0x8CC09000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8CDB8000 \SystemRoot\system32\drivers\portcls.sys
0x8CB30000 \SystemRoot\system32\drivers\drmk.sys
0x8CB55000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8CDE5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8CDEE000 \SystemRoot\System32\Drivers\Null.SYS
0x8CDF5000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CB78000 \SystemRoot\System32\drivers\vga.sys
0x8CB84000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CC00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CBA5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CBAD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CBB8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CBC6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CBCF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CBE5000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CE01000 \SystemRoot\system32\drivers\afd.sys
0x8CE49000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CE7B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CE91000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CE9F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CEB2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CEEE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CEF8000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CF0F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CF26000 \SystemRoot\system32\DRIVERS\UVCFTR_S.SYS
0x8CF2F000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8CF50000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8CF66000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CF73000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8CF7E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x96400000 \SystemRoot\System32\win32k.sys
0x8CF86000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CF90000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96620000 \SystemRoot\System32\TSDDD.dll
0x96640000 \SystemRoot\System32\cdd.dll
0x8CF9F000 \SystemRoot\system32\drivers\luafv.sys
0x99E08000 \SystemRoot\system32\drivers\spsys.sys
0x99EB8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x99EC8000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x99EF2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x99EFC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x99F0F000 \SystemRoot\system32\drivers\HTTP.sys
0x99F7C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x99F99000 \SystemRoot\system32\DRIVERS\bowser.sys
0x99FB2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x99FC7000 \SystemRoot\system32\drivers\mrxdav.sys
0x8CFC2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9CA0D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9CA46000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9CA5E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9CA86000 \SystemRoot\System32\DRIVERS\srv.sys
0x9CAEC000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9CAF5000 \SystemRoot\system32\drivers\peauth.sys
0x9CBD3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9CBDD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x77440000 \Windows\System32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
432 C:\Windows\System32\smss.exe
572 csrss.exe
624 C:\Windows\System32\wininit.exe
636 csrss.exe
668 C:\Windows\System32\services.exe
680 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
748 C:\Windows\System32\winlogon.exe
880 C:\Windows\System32\svchost.exe
924 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
972 C:\Windows\System32\svchost.exe
1012 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1200 C:\Windows\System32\Ati2evxx.exe
1212 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\audiodg.exe
1424 C:\Windows\System32\svchost.exe
1444 C:\Windows\System32\SLsvc.exe
1492 C:\Windows\System32\svchost.exe
1616 C:\Windows\System32\svchost.exe
1676 C:\Windows\System32\Ati2evxx.exe
2028 C:\Windows\explorer.exe
2040 C:\Windows\System32\dwm.exe
256 C:\Windows\System32\taskeng.exe
552 C:\Windows\System32\spoolsv.exe
640 C:\Windows\System32\taskeng.exe
660 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\agrsmsvc.exe
1808 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1108 C:\Program Files\Bonjour\mDNSResponder.exe
1152 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
2360 C:\Toshiba\IVP\ISM\pinger.exe
2380 svchost.exe
2392 C:\Windows\System32\svchost.exe
2556 C:\Windows\System32\PSIService.exe
2644 C:\Windows\System32\svchost.exe
2700 C:\Program Files\Microsoft Security Essentials\msseces.exe
2756 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
2776 C:\Windows\ehome\ehtray.exe
2824 C:\Toshiba\IVP\swupdate\swupdtmr.exe
2848 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
2892 C:\Windows\ehome\ehmsas.exe
2920 C:\Windows\System32\TODDSrv.exe
2940 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2992 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
3024 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
3040 C:\Windows\System32\svchost.exe
3076 C:\Windows\System32\SearchIndexer.exe
3112 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2324 C:\Program Files\Windows Media Player\wmpnscfg.exe
2540 C:\Program Files\Windows Media Player\wmpnetwk.exe
2488 C:\Windows\System32\SearchProtocolHost.exe
1804 C:\Windows\System32\svchost.exe
1064 C:\Program Files\Internet Explorer\iexplore.exe
2628 C:\Program Files\Internet Explorer\iexplore.exe
2216 C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
300 C:\Windows\System32\wuauclt.exe
2600 C:\Windows\System32\SearchFilterHost.exe
1836 C:\Users\fiskfam4\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHX2250BT, Rev: 0040000C

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

ComboFix 11-01-10.08 - fiskfam4 01/11/2011 11:37:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.1148 [GMT -6:00]
Running from: c:\users\fiskfam4\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\FbsSearchProtectionUnInstall.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\options.html
c:\program files\Fast Browser Search\IE\searchbutton1.gif
c:\program files\Fast Browser Search\IE\searchbutton2.gif
c:\program files\Fast Browser Search\IE\tbHElper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\Unreg.dll
c:\program files\Fast Browser Search\IE\version.txt
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\fiskfam4\AppData\Roaming\Internet Security Suite
c:\users\fiskfam4\AppData\Roaming\Internet Security Suite\Instructions.ini
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\cb.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\cid.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\FS.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\FW.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\gid.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\gid.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\grid.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\grid.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\pal.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\runddl.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\runddl.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\snl2w.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\snl2w.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\std.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\std.tmp
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\fiskfam4\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
c:\windows\system32\drivers\etc\host_new
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-11 03:36 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C33E335-7C19-46E8-961A-71803099A833}\mpengine.dll
2011-01-10 22:00 . 2011-01-11 17:04 -------- d-----w- c:\program files\Common Files\PC Tools
2011-01-10 19:25 . 2011-01-10 19:25 -------- d-----w- c:\users\fiskfam4\AppData\Roaming\Malwarebytes
2011-01-10 19:25 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-10 19:25 . 2011-01-10 19:25 -------- d-----w- c:\programdata\Malwarebytes
2011-01-10 19:25 . 2011-01-10 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-10 19:25 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-09 22:49 . 2011-01-10 00:05 -------- d-----w- c:\users\fiskfam4\DoctorWeb
2011-01-09 08:36 . 2011-01-10 19:34 -------- d-----w- c:\programdata\cDeIa01803
2011-01-07 21:01 . 2011-01-07 21:01 -------- d-----w- C:\found.001
2011-01-05 01:25 . 2011-01-05 01:25 -------- d-----w- c:\program files\MyOwnSuperheroEI
2010-12-28 03:05 . 2010-12-28 03:05 -------- d-----w- c:\program files\Biography Software
2010-12-26 01:57 . 2003-04-21 05:54 326656 ----a-w- c:\windows\system32\msvcac2f.rra
2010-12-26 01:57 . 2003-03-29 05:27 7168 ----a-w- c:\windows\system32\STDOad86.rra
2010-12-26 01:57 . 2003-03-29 05:27 17920 ----a-w- c:\windows\system32\STDOad77.rra
2010-12-26 01:57 . 1998-09-01 14:17 4224 ----a-w- c:\windows\system32\STORad86.rra
2010-12-26 01:57 . 1998-05-12 00:01 177856 ----a-w- c:\windows\system32\TYPEad96.rra
2010-12-26 01:57 . 2003-03-29 05:27 266293 ----a-w- c:\windows\system32\MSVCac00.rra
2010-12-26 01:57 . 1999-04-27 04:00 995383 ----a-w- c:\windows\system32\Mfc4aba3.rra
2010-12-26 01:57 . 1999-04-24 04:22 933888 ----a-w- c:\windows\system32\MFC4ab45.rra
2010-12-26 01:57 . 1998-09-01 14:17 31184 ----a-w- c:\windows\system32\COMP9620.rra
2010-12-26 01:45 . 2003-03-29 05:27 7168 ----a-w- c:\windows\system32\STDOf7df.rra
2010-12-26 01:45 . 2003-03-29 05:27 17920 ----a-w- c:\windows\system32\STDOf7de.rra
2010-12-26 01:45 . 1998-09-01 14:17 4224 ----a-w- c:\windows\system32\STORf7ee.rra
2010-12-26 01:45 . 1998-05-12 00:01 177856 ----a-w- c:\windows\system32\TYPEf7ee.rra
2010-12-26 01:45 . 2003-04-21 05:54 326656 ----a-w- c:\windows\system32\msvcf58d.rra
2010-12-26 01:45 . 2003-03-29 05:27 266293 ----a-w- c:\windows\system32\MSVCf55f.rra
2010-12-26 01:45 . 1999-04-27 04:00 995383 ----a-w- c:\windows\system32\Mfc4f4f1.rra
2010-12-26 01:45 . 1999-04-24 04:22 933888 ----a-w- c:\windows\system32\MFC4f4a3.rra
2010-12-26 01:45 . 1998-09-01 14:17 31184 ----a-w- c:\windows\system32\COMPe1cf.rra
2010-12-26 01:29 . 2003-04-21 05:54 326656 ----a-w- c:\windows\system32\msvcbd6d.rra
2010-12-26 01:29 . 2003-03-29 05:27 7168 ----a-w- c:\windows\system32\STDObe78.rra
2010-12-26 01:29 . 2003-03-29 05:27 266293 ----a-w- c:\windows\system32\MSVCbd3f.rra
2010-12-26 01:29 . 2003-03-29 05:27 17920 ----a-w- c:\windows\system32\STDObe77.rra
2010-12-26 01:29 . 1998-09-01 14:17 4224 ----a-w- c:\windows\system32\STORbe86.rra
2010-12-26 01:29 . 1998-05-12 00:01 177856 ----a-w- c:\windows\system32\TYPEbe86.rra
2010-12-26 01:29 . 1999-04-27 04:00 995383 ----a-w- c:\windows\system32\Mfc4bce1.rra
2010-12-26 01:29 . 1999-04-24 04:22 933888 ----a-w- c:\windows\system32\MFC4bc93.rra
2010-12-26 01:29 . 1998-09-01 14:17 31184 ----a-w- c:\windows\system32\COMPa971.rra
2010-12-26 01:18 . 2010-12-26 01:18 -------- d-----w- c:\program files\Common Files\Click2Learn
2010-12-26 01:18 . 2003-04-21 05:54 326656 ----a-w- c:\windows\system32\msvc9fa1.rra
2010-12-26 01:18 . 2003-03-29 05:27 7168 ----a-w- c:\windows\system32\STDOa1c4.rra
2010-12-26 01:18 . 2003-03-29 05:27 17920 ----a-w- c:\windows\system32\STDOa1c3.rra
2010-12-26 01:18 . 1998-09-01 14:17 4224 ----a-w- c:\windows\system32\STORa1e2.rra
2010-12-26 01:18 . 1998-05-12 00:01 177856 ----a-w- c:\windows\system32\TYPEa1e2.rra
2010-12-26 01:18 . 1997-12-08 04:00 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL
2010-12-26 01:18 . 2003-03-29 05:27 266293 ----a-w- c:\windows\system32\MSVC9f33.rra
2010-12-26 01:18 . 1999-04-27 04:00 995383 ----a-w- c:\windows\system32\Mfc49ddc.rra
2010-12-26 01:18 . 1999-04-24 04:22 933888 ----a-w- c:\windows\system32\MFC49d11.rra
2010-12-26 01:18 . 1998-09-01 14:17 31184 ----a-w- c:\windows\system32\COMP7e2c.rra
2010-12-15 01:53 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2010-06-10 03:14 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 20:51 . 2010-06-09 01:59 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
\HWSetup.exe hwSetUP [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 15:37 2321600 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2006-09-11 22:21 180224 ----a-w- c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-22 05:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 23:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
2007-11-06 17:08 397312 ------w- c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 17:03 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-07 00:14 34352 ----a-w- c:\program files\Toshiba\Utilities\KeNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
2005-07-04 14:50 643072 ----a-w- c:\program files\PureEdge\Viewer 6.5\masqform.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-04-25 18:14 4444160 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-13 22:36 1822720 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 19:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StarzTray]
2007-12-12 17:05 385024 ----a-w- c:\program files\Vongo\VongoTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-03-23 04:42 438272 ----a-w- c:\program files\Toshiba\Utilities\SVPWUTIL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-03-20 12:36 1451304 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c99c68f4f83717;Google Update Service (gupdate1c99c68f4f83717);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 133104]
R3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [x]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 01:30]

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 01:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:25490
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: att.com\www
Trusted Zone: bellsouth.com\myaccount
Trusted Zone: facebook.com\www
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
MSConfigStartUp-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSConfigStartUp-Internet Security Suite - c:\programdata\88b312\IS88b_2228.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 11:45
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-01-11 11:50:35
ComboFix-quarantined-files.txt 2011-01-11 17:50

Pre-Run: 147,103,711,232 bytes free
Post-Run: 146,499,080,192 bytes free

- - End Of File - - E8853AE6159CB3A109F82F3D5D60DEFE
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
Folder::
c:\programdata\cDeIa01803

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:25490


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 11-01-10.08 - fiskfam4 01/11/2011 12:40:42.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.929 [GMT -6:00]
Running from: c:\users\fiskfam4\Desktop\ComboFix.exe
Command switches used :: c:\users\fiskfam4\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\cDeIa01803
c:\programdata\cDeIa01803\cDeIa01803

.
((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-11 18:46 . 2011-01-11 18:47 -------- d-----w- c:\users\fiskfam4\AppData\Local\temp
2011-01-11 18:46 . 2011-01-11 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-11 17:53 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{47DF5F1E-A679-4A6E-9CFF-3C1DF18B6724}\mpengine.dll
2011-01-10 22:00 . 2011-01-11 17:04 -------- d-----w- c:\program files\Common Files\PC Tools
2011-01-10 19:25 . 2011-01-10 19:25 -------- d-----w- c:\users\fiskfam4\AppData\Roaming\Malwarebytes
2011-01-10 19:25 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-10 19:25 . 2011-01-10 19:25 -------- d-----w- c:\programdata\Malwarebytes
2011-01-10 19:25 . 2011-01-10 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-10 19:25 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-09 22:49 . 2011-01-10 00:05 -------- d-----w- c:\users\fiskfam4\DoctorWeb
2011-01-07 21:01 . 2011-01-07 21:01 -------- d-----w- C:\found.001
2011-01-05 01:25 . 2011-01-05 01:25 -------- d-----w- c:\program files\MyOwnSuperheroEI
2010-12-28 03:05 . 2010-12-28 03:05 -------- d-----w- c:\program files\Biography Software
2010-12-26 01:57 . 2003-04-21 05:54 326656 ----a-w- c:\windows\system32\msvcac2f.rra
2010-12-26 01:57 . 2003-03-29 05:27 7168 ----a-w- c:\windows\system32\STDOad86.rra
2010-12-26 01:57 . 2003-03-29 05:27 17920 ----a-w- c:\windows\system32\STDOad77.rra
2010-12-26 01:57 . 1998-09-01 14:17 4224 ----a-w- c:\windows\system32\STORad86.rra
2010-12-26 01:57 . 1998-05-12 00:01 177856 ----a-w- c:\windows\system32\TYPEad96.rra
2010-12-26 01:57 . 2003-03-29 05:27 266293 ----a-w- c:\windows\system32\MSVCac00.rra
2010-12-26 01:57 . 1999-04-27 04:00 995383 ----a-w- c:\windows\system32\Mfc4aba3.rra
2010-12-26 01:57 . 1999-04-24 04:22 933888 ----a-w- c:\windows\system32\MFC4ab45.rra
2010-12-26 01:57 . 1998-09-01 14:17 31184 ----a-w- c:\windows\system32\COMP9620.rra
2010-12-26 01:45 . 2003-03-29 05:27 7168 ----a-w- c:\windows\system32\STDOf7df.rra
2010-12-26 01:45 . 2003-03-29 05:27 17920 ----a-w- c:\windows\system32\STDOf7de.rra
2010-12-26 01:45 . 1998-09-01 14:17 4224 ----a-w- c:\windows\system32\STORf7ee.rra
2010-12-26 01:45 . 1998-05-12 00:01 177856 ----a-w- c:\windows\system32\TYPEf7ee.rra
2010-12-26 01:45 . 2003-04-21 05:54 326656 ----a-w- c:\windows\system32\msvcf58d.rra
2010-12-26 01:45 . 2003-03-29 05:27 266293 ----a-w- c:\windows\system32\MSVCf55f.rra
2010-12-26 01:45 . 1999-04-27 04:00 995383 ----a-w- c:\windows\system32\Mfc4f4f1.rra
2010-12-26 01:45 . 1999-04-24 04:22 933888 ----a-w- c:\windows\system32\MFC4f4a3.rra
2010-12-26 01:45 . 1998-09-01 14:17 31184 ----a-w- c:\windows\system32\COMPe1cf.rra
2010-12-26 01:29 . 2003-04-21 05:54 326656 ----a-w- c:\windows\system32\msvcbd6d.rra
2010-12-26 01:29 . 2003-03-29 05:27 7168 ----a-w- c:\windows\system32\STDObe78.rra
2010-12-26 01:29 . 2003-03-29 05:27 266293 ----a-w- c:\windows\system32\MSVCbd3f.rra
2010-12-26 01:29 . 2003-03-29 05:27 17920 ----a-w- c:\windows\system32\STDObe77.rra
2010-12-26 01:29 . 1998-09-01 14:17 4224 ----a-w- c:\windows\system32\STORbe86.rra
2010-12-26 01:29 . 1998-05-12 00:01 177856 ----a-w- c:\windows\system32\TYPEbe86.rra
2010-12-26 01:29 . 1999-04-27 04:00 995383 ----a-w- c:\windows\system32\Mfc4bce1.rra
2010-12-26 01:29 . 1999-04-24 04:22 933888 ----a-w- c:\windows\system32\MFC4bc93.rra
2010-12-26 01:29 . 1998-09-01 14:17 31184 ----a-w- c:\windows\system32\COMPa971.rra
2010-12-26 01:18 . 2010-12-26 01:18 -------- d-----w- c:\program files\Common Files\Click2Learn
2010-12-26 01:18 . 2003-04-21 05:54 326656 ----a-w- c:\windows\system32\msvc9fa1.rra
2010-12-26 01:18 . 2003-03-29 05:27 7168 ----a-w- c:\windows\system32\STDOa1c4.rra
2010-12-26 01:18 . 2003-03-29 05:27 17920 ----a-w- c:\windows\system32\STDOa1c3.rra
2010-12-26 01:18 . 1998-09-01 14:17 4224 ----a-w- c:\windows\system32\STORa1e2.rra
2010-12-26 01:18 . 1998-05-12 00:01 177856 ----a-w- c:\windows\system32\TYPEa1e2.rra
2010-12-26 01:18 . 1997-12-08 04:00 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL
2010-12-26 01:18 . 2003-03-29 05:27 266293 ----a-w- c:\windows\system32\MSVC9f33.rra
2010-12-26 01:18 . 1999-04-27 04:00 995383 ----a-w- c:\windows\system32\Mfc49ddc.rra
2010-12-26 01:18 . 1999-04-24 04:22 933888 ----a-w- c:\windows\system32\MFC49d11.rra
2010-12-26 01:18 . 1998-09-01 14:17 31184 ----a-w- c:\windows\system32\COMP7e2c.rra
2010-12-15 01:53 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2010-06-10 03:14 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 20:51 . 2010-06-09 01:59 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
\HWSetup.exe hwSetUP [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 15:37 2321600 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2006-09-11 22:21 180224 ----a-w- c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-22 05:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 23:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
2007-11-06 17:08 397312 ------w- c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 17:03 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-07 00:14 34352 ----a-w- c:\program files\Toshiba\Utilities\KeNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
2005-07-04 14:50 643072 ----a-w- c:\program files\PureEdge\Viewer 6.5\masqform.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-04-25 18:14 4444160 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-13 22:36 1822720 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 19:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StarzTray]
2007-12-12 17:05 385024 ----a-w- c:\program files\Vongo\VongoTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-03-23 04:42 438272 ----a-w- c:\program files\Toshiba\Utilities\SVPWUTIL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-03-20 12:36 1451304 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c99c68f4f83717;Google Update Service (gupdate1c99c68f4f83717);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 133104]
R3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [x]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 01:30]

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 01:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: att.com\www
Trusted Zone: bellsouth.com\myaccount
Trusted Zone: facebook.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 12:47
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-01-11 12:49:58
ComboFix-quarantined-files.txt 2011-01-11 18:49
ComboFix2.txt 2011-01-11 17:50

Pre-Run: 146,528,538,624 bytes free
Post-Run: 146,497,634,304 bytes free

- - End Of File - - 8B000BCD0762096B4A29B6F376D54EEE
 
Good :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Computer is working great!!

OTL logfile created on: 1/11/2011 1:17:10 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\fiskfam4\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 136.48 Gb Free Space | 58.98% Space Free | Partition Type: NTFS
Drive D: | 310.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FISKFAM4-PC | User Name: fiskfam4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/11 13:16:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\fiskfam4\Desktop\OTL.exe
PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/04/27 21:15:46 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/03/29 11:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/02/25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 18:50:26 | 000,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 18:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2007/01/22 09:59:08 | 000,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/01/11 13:16:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\fiskfam4\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/30 15:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/04/27 21:15:46 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 11:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 18:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 18:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys -- (EraserUtilDrvI9)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/05/28 19:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/06/19 20:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2009/03/20 06:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/04/27 21:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/04/25 18:03:58 | 001,771,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/24 23:07:14 | 002,590,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/03/12 22:47:54 | 000,011,264 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2006/12/25 19:35:08 | 000,067,072 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 03:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 03:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 21:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/08/30 10:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/07/28 17:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2006/02/14 12:50:00 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2005/09/27 17:57:00 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/11/26 20:13:28 | 000,403,693 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13965 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Fast Browser Search) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: att.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bellsouth.com ([myaccount] https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.disneyphotopass.com/software/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\fiskfam4\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\fiskfam4\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/10/29 10:57:56 | 000,000,038 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/11 13:16:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\fiskfam4\Desktop\OTL.exe
[2011/01/11 12:50:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/11 12:50:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/11 12:50:00 | 000,000,000 | ---D | C] -- C:\Users\fiskfam4\AppData\Local\temp
[2011/01/11 12:38:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/11 11:32:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/11 11:32:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/11 11:32:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/11 11:32:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/11 11:31:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/10 21:06:29 | 000,000,000 | ---D | C] -- C:\Users\fiskfam4\Desktop\logs
[2011/01/10 16:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/01/10 13:25:27 | 000,000,000 | ---D | C] -- C:\Users\fiskfam4\AppData\Roaming\Malwarebytes
[2011/01/10 13:25:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/10 13:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/10 13:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/10 13:25:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/10 13:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/09 21:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/01/09 16:49:11 | 000,000,000 | ---D | C] -- C:\Users\fiskfam4\DoctorWeb
[2011/01/07 15:01:09 | 000,000,000 | ---D | C] -- C:\found.001
[2011/01/04 19:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\MyOwnSuperheroEI
[2010/12/27 21:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple 1-2-3 Digital Albums
[2010/12/27 21:09:56 | 000,212,992 | ---- | C] (PictureVision Inc.) -- C:\Windows\System32\opccli32.dll
[2010/12/27 21:09:47 | 000,284,032 | ---- | C] (Xceed Software Inc (450) 442-2626 zip@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedZip.dll
[2010/12/27 21:09:47 | 000,100,480 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\mmail32.ocx
[2010/12/27 21:09:46 | 000,139,416 | ---- | C] (Wintertree Software Inc. www.wintertree-software.com) -- C:\Windows\System32\WSpell.ocx
[2010/12/27 21:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Biography Software
[2010/12/25 19:18:53 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\PCDLIB32.DLL
[2010/12/25 19:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Click2Learn
[2010/12/20 22:01:43 | 000,000,000 | ---D | C] -- C:\Users\fiskfam4\Desktop\New Folder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/11 13:16:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\fiskfam4\Desktop\OTL.exe
[2011/01/11 13:14:34 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/11 13:14:34 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/11 13:14:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/11 12:34:29 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/11 11:29:52 | 004,152,479 | R--- | M] () -- C:\Users\fiskfam4\Desktop\ComboFix.exe
[2011/01/11 11:22:10 | 000,080,384 | ---- | M] () -- C:\Users\fiskfam4\Desktop\MBRCheck.exe
[2011/01/11 11:04:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/10 13:25:22 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/09 16:46:51 | 000,139,776 | ---- | M] () -- C:\Users\fiskfam4\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/09 16:32:51 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/09 16:32:51 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/04 18:57:37 | 004,142,080 | ---- | M] () -- C:\Users\fiskfam4\Documents\POWAPOINT[1].ppt
[2010/12/29 03:38:02 | 000,056,736 | ---- | M] () -- C:\Users\fiskfam4\Documents\boom.jpg
[2010/12/27 21:10:11 | 000,002,059 | ---- | M] () -- C:\Users\Public\Desktop\Simple 1-2-3 Traditional Memories.lnk
[2010/12/27 21:10:01 | 000,000,288 | ---- | M] () -- C:\Windows\bsc.ini
[2010/12/27 20:55:16 | 000,112,829 | ---- | M] () -- C:\Users\fiskfam4\Documents\Joel Jerome Person.docx
[2010/12/27 20:43:43 | 000,097,152 | ---- | M] () -- C:\Users\fiskfam4\Documents\deloresChristmas.docx
[2010/12/26 20:54:56 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\Master Your CDC.lnk
[2010/12/26 20:53:52 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/12/24 19:58:41 | 000,000,952 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/14 20:24:29 | 000,405,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/11 11:32:28 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/11 11:32:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/11 11:32:28 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/11 11:32:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/11 11:32:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/11 11:29:33 | 004,152,479 | R--- | C] () -- C:\Users\fiskfam4\Desktop\ComboFix.exe
[2011/01/11 11:22:09 | 000,080,384 | ---- | C] () -- C:\Users\fiskfam4\Desktop\MBRCheck.exe
[2011/01/10 13:25:22 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/29 23:04:19 | 004,142,080 | ---- | C] () -- C:\Users\fiskfam4\Documents\POWAPOINT[1].ppt
[2010/12/29 03:42:49 | 000,056,736 | ---- | C] () -- C:\Users\fiskfam4\Documents\boom.jpg
[2010/12/27 21:10:11 | 000,002,059 | ---- | C] () -- C:\Users\Public\Desktop\Simple 1-2-3 Traditional Memories.lnk
[2010/12/27 21:09:57 | 000,313,693 | ---- | C] () -- C:\Windows\System32\sscebr2.clx
[2010/12/27 21:09:57 | 000,309,534 | ---- | C] () -- C:\Windows\System32\ssceam2.clx
[2010/12/27 21:09:57 | 000,000,152 | ---- | C] () -- C:\Windows\System32\WSpell.lic
[2010/12/27 21:09:56 | 000,000,422 | ---- | C] () -- C:\Windows\System32\MMAIL.LIC
[2010/12/27 21:09:54 | 000,000,499 | ---- | C] () -- C:\Windows\System32\ltocx11.lic
[2010/12/27 21:09:49 | 000,118,784 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll
[2010/12/27 21:09:49 | 000,068,096 | ---- | C] () -- C:\Windows\System32\lfplt11n.dll
[2010/12/27 20:48:21 | 000,112,829 | ---- | C] () -- C:\Users\fiskfam4\Documents\Joel Jerome Person.docx
[2010/12/26 20:48:39 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\Master Your CDC.lnk
[2010/12/25 19:18:56 | 000,000,288 | ---- | C] () -- C:\Windows\bsc.ini
[2010/12/22 20:17:43 | 000,097,152 | ---- | C] () -- C:\Users\fiskfam4\Documents\deloresChristmas.docx
[2010/06/09 19:16:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/04/27 18:46:30 | 000,000,334 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/27 16:25:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/16 10:27:49 | 000,000,110 | ---- | C] () -- C:\ProgramData\{2602B4DC-7F39-4116-941F-7BFCC60D703F}_WiseFW.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/05/05 16:10:10 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/10/04 17:27:48 | 000,139,776 | ---- | C] () -- C:\Users\fiskfam4\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/16 19:40:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/16 19:40:55 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/16 19:40:55 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/16 19:40:55 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/16 19:40:55 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/16 19:40:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/16 18:46:42 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/16 18:30:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007/05/16 18:15:16 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/16 18:15:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/16 18:15:16 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/16 18:15:16 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/05/16 18:13:14 | 000,000,291 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/04/24 22:57:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/12/05 14:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/11/23 15:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/10/27 18:10:31 | 000,000,000 | ---D | M] -- C:\Users\fiskfam4\AppData\Roaming\2009 PDG Studyware
[2010/11/22 17:28:25 | 000,000,000 | ---D | M] -- C:\Users\fiskfam4\AppData\Roaming\acccore
[2010/10/24 18:15:09 | 000,000,000 | ---D | M] -- C:\Users\fiskfam4\AppData\Roaming\CVS
[2008/12/28 15:00:24 | 000,000,000 | ---D | M] -- C:\Users\fiskfam4\AppData\Roaming\MusicNet
[2009/02/18 20:45:15 | 000,000,000 | ---D | M] -- C:\Users\fiskfam4\AppData\Roaming\PDG Studyware
[2009/08/18 07:40:07 | 000,000,000 | ---D | M] -- C:\Users\fiskfam4\AppData\Roaming\PureEdge
[2008/08/19 19:09:53 | 000,000,000 | ---D | M] -- C:\Users\fiskfam4\AppData\Roaming\Simple Star
[2009/10/23 15:17:19 | 000,000,000 | ---D | M] -- C:\Users\fiskfam4\AppData\Roaming\TOSHIBA
[2008/01/03 16:58:26 | 000,000,000 | ---D | M] -- C:\Users\fiskfam4\AppData\Roaming\Ulead Systems
[2007/09/20 22:40:56 | 000,000,000 | ---D | M] -- C:\Users\fiskfam4\AppData\Roaming\WildTangent
[2007/08/20 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\fiskfam4\AppData\Roaming\WinBatch
[2011/01/10 21:56:27 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/05/16 17:47:29 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/01/11 12:49:59 | 000,015,887 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/02/06 14:00:54 | 000,066,067 | ---- | M] () -- C:\INSTALL.LOG
[2010/11/22 17:28:21 | 000,000,378 | -H-- | M] () -- C:\IPH.PH
[2011/01/11 11:04:19 | 2325,024,768 | -HS- | M] () -- C:\pagefile.sys
[2010/12/26 20:53:52 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET

< %systemroot%\Fonts\*.com >
[2006/11/02 06:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/06/09 19:31:19 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 01:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/06/09 17:55:23 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/05/16 17:47:12 | 006,602,752 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007/05/16 17:47:10 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007/05/16 17:47:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007/05/16 17:47:24 | 015,556,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007/05/16 17:47:27 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/06/09 18:39:15 | 000,000,339 | -HS- | M] () -- C:\Users\fiskfam4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2009/02/20 16:29:01 | 001,325,052 | ---- | M] () -- C:\Users\fiskfam4\Desktop\CDC-4n051b-2006.EXE
[2007/09/21 16:37:57 | 000,872,574 | ---- | M] () -- C:\Users\fiskfam4\Desktop\CDC-4n071.EXE
[2011/01/11 11:29:52 | 004,152,479 | R--- | M] () -- C:\Users\fiskfam4\Desktop\ComboFix.exe
[2011/01/11 11:22:10 | 000,080,384 | ---- | M] () -- C:\Users\fiskfam4\Desktop\MBRCheck.exe
[2011/01/11 13:16:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\fiskfam4\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/08/18 08:38:34 | 000,000,402 | -HS- | M] () -- C:\Users\fiskfam4\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/27 18:47:21 | 000,000,334 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2009/09/16 10:28:39 | 000,000,110 | ---- | M] () -- C:\ProgramData\{2602B4DC-7F39-4116-941F-7BFCC60D703F}_WiseFW.ini

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
 
OTL Extras logfile created on: 1/11/2011 1:17:13 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\fiskfam4\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 136.48 Gb Free Space | 58.98% Space Free | Partition Type: NTFS
Drive D: | 310.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FISKFAM4-PC | User Name: fiskfam4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A14FADA-CFA9-4A87-AAD8-C2F73E148FA6}" = lport=138 | protocol=17 | dir=in | app=system |
"{0E4ABF1C-6018-4FD9-A3A4-4D36D8835DD8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1BDBDD9A-652B-4569-89D3-840EA20735B4}" = rport=139 | protocol=6 | dir=out | app=system |
"{2134E228-2949-46B7-A6A9-F575A1A76E59}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{243C4EC7-0189-4E08-9727-1644D7CCD589}" = rport=445 | protocol=6 | dir=out | app=system |
"{4624F668-5F5B-46CD-8BD7-85CD0C132AF2}" = lport=139 | protocol=6 | dir=in | app=system |
"{9517A145-6A3E-49A1-ABAD-7C9F3C14B6E7}" = lport=445 | protocol=6 | dir=in | app=system |
"{9AB6F8B1-9E09-4E89-AE18-C72D80F6A596}" = rport=138 | protocol=17 | dir=out | app=system |
"{9F32677E-2273-4C7E-9EEB-536250D623B5}" = rport=137 | protocol=17 | dir=out | app=system |
"{D15D3D02-ED20-4DC7-A6CA-65A69C9C1133}" = lport=137 | protocol=17 | dir=in | app=system |
"{E847CC05-F9CF-4646-9970-281D2F57AF8F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081EC2FC-4A2F-4335-805B-39CB3CFC0D05}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0BB0200F-C0C2-4693-A6F6-83BC4ED1EF94}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{1AB48ADB-9557-480A-9ED6-DD7BC7D1AA30}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2FD54F10-3F17-4F1E-866A-FA8B2FD5EE86}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{32A19AA2-D00A-490E-A8A9-C50829CC31A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5A89C871-5F5D-4517-849E-AB0272CCCE0B}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{5FEC5D09-C9C0-47A0-9046-59F1E93AE3F0}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{7101D4B9-774C-4FFB-83C9-29D8698504AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D56C309-4DDA-474D-A320-25520D5E0C7E}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{7F3441C5-2BD3-4689-AC0C-F6C1961D4F39}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{862CC4C3-9520-43BE-9D62-5EC1BA7E400A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8BE3548F-C440-439B-90EB-CE04B7453A68}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8E651F74-1D85-448E-8681-5051A8DADFBC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{90AD1B55-8C2E-4BEA-A053-5D6D37849306}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9616EE34-732E-4027-A4FC-CAD3138317F1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A0E27285-FBF3-4357-BDA4-3EA84EECFC87}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{B13CBD60-6BAC-43FF-9204-B39AE91DC705}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{BF2EFFFD-880A-4D73-BFF6-8AC848CFB09E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD99771B-E5B2-40B5-AA0C-A0EAF8DB82D8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{CE513C88-9A21-418B-AB73-04BFB2459BC3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{DE72784D-C6EA-4849-AAC1-F547C622335B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E8012BC0-E556-4635-8867-8C4E2FD12BC3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F3673C9A-798C-48DD-AD1A-74FC481D5B93}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{048CAE7A-228C-4359-B867-C0855FA6E04C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{24CE13BB-3EF4-40D6-9519-BF2546C414BA}C:\programdata\88b312\is88b_2228.exe" = protocol=6 | dir=in | app=c:\programdata\88b312\is88b_2228.exe |
"TCP Query User{26A3FED7-BEDF-4D56-AC44-10F96D53C926}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{49BE5750-3356-4B6A-B9F2-E923FEB9A565}C:\programdata\88b312\is88b_2228.exe" = protocol=6 | dir=in | app=c:\programdata\88b312\is88b_2228.exe |
"TCP Query User{AB9C884A-E668-4D8C-871C-21D2137BF59A}C:\program files\vongo\vongotray.exe" = protocol=6 | dir=in | app=c:\program files\vongo\vongotray.exe |
"TCP Query User{C4A35AD5-57DC-4250-B317-65FB7F285DF7}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"UDP Query User{02F076CA-A990-4140-AFE6-6AE60CA83A0D}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{03B750A6-01B3-4A4C-A5E2-87294449A5A9}C:\program files\vongo\vongotray.exe" = protocol=17 | dir=in | app=c:\program files\vongo\vongotray.exe |
"UDP Query User{49F910CA-9B6E-4CDE-A9A9-2D7FE341062F}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"UDP Query User{562E3FFF-B9F5-475E-A799-95D5CAE9802C}C:\programdata\88b312\is88b_2228.exe" = protocol=17 | dir=in | app=c:\programdata\88b312\is88b_2228.exe |
"UDP Query User{AE50F4F6-DEDF-4BB0-BDC6-7740FB5309FB}C:\programdata\88b312\is88b_2228.exe" = protocol=17 | dir=in | app=c:\programdata\88b312\is88b_2228.exe |
"UDP Query User{E13CAE46-9575-49F8-8DBF-A9CC1A2C8703}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B5184-F3DF-AF76-CB17-D35B7BB46B81}" = CCC Help Japanese
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music
"{0F6932CF-E642-5A7A-8194-3F7443188287}" = CCC Help Turkish
"{103A43D9-9ED8-E78D-7BF1-E536DFE6FC9F}" = Catalyst Control Center Localization Greek
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12887AF2-AE16-34CC-E85C-637DF6911C8C}" = Catalyst Control Center Localization Turkish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13614186-B0A0-AA21-F75A-2097F9167DB8}" = CCC Help Portuguese
"{177B615E-47B1-C1C4-6F3B-7D6FEB8D4564}" = CCC Help Thai
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2602B4DC-7F39-4116-941F-7BFCC60D703F}" = PDG Gold for NCOs - 2009
"{26210745-925C-8AE4-F3B9-5FA737A1F6F2}" = CCC Help Russian
"{2768CDA5-57DA-59D4-884F-A0F8A5B36D3E}" = CCC Help Finnish
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{29DC966A-DA3E-3ED4-68E7-6D3D9A055B42}" = Catalyst Control Center Localization Korean
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2E7A9DDC-E062-0074-08AB-DE7D1B431F75}" = Catalyst Control Center Localization Chinese Traditional
"{2FAE3800-CC47-C556-C57F-A91851BF7854}" = CCC Help French
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33824DAC-3F98-0BB6-56D5-7DE1A3CCC068}" = Catalyst Control Center Localization German
"{3621A2DF-0870-FE7E-674F-1DBCB18C5D22}" = ccc-utility
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39586F4F-758D-4A92-A5DF-33E9DB9C09D9}" = CA eTrust PestPatrol
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F11CE8A-388B-0D3A-DF6F-061F23A13D26}" = CCC Help Korean
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41DD15BE-811D-7DEF-19A9-30AF18F75EFF}" = Catalyst Control Center Localization Thai
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52F368DE-06BD-E116-9233-D1DE207BDFE6}" = CCC Help Dutch
"{53BABC75-1DC1-479B-224B-1EB9E18A799B}" = CCC Help German
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56797214-1A4C-052E-1ECE-B00308BF3362}" = CCC Help Chinese Standard
"{572D71E9-5102-74B3-5D22-DEDF911F7FE5}" = CCC Help Italian
"{5BA0C9F0-3B01-91A3-6922-4DCF943D9CBE}" = CCC Help English
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6080CE3C-2CB3-2FA3-1CE2-3350B06664BC}" = CCC Help Swedish
"{611E35B8-7F46-DDBB-CC4F-FAAED6C054FF}" = Catalyst Control Center Localization Spanish
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{678F1F2D-F214-08D4-67FB-AC04316C4940}" = ccc-core-static
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A0B868C-89BE-ACF1-8C0A-CC88878A9E46}" = Catalyst Control Center Localization Russian
"{6C4734CF-A10C-DFF4-5565-457F33849862}" = Catalyst Control Center Localization Swedish
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DECCD60-782D-7B14-22DE-FB8D6EA46433}" = CCC Help Polish
"{715044AC-B95E-4CD0-9B0C-CEDDB422F93B}" = CCC Help Czech
"{724A8BEC-B350-1C76-C580-959AEA487108}" = Catalyst Control Center Localization Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7994AA46-4BA6-4349-1606-1DF4148CE05B}" = CCC Help Hungarian
"{7AFBAC39-F6A8-9F8D-6A6D-F134F7E34B6E}" = Catalyst Control Center Localization Danish
"{845D19A7-0BBF-12DF-87CF-F5D468930EA6}" = Catalyst Control Center Localization Czech
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}" = Vongo
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90BF970B-3335-CFD5-711C-9FE0310A97C0}" = CCC Help Greek
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{926593ED-3962-4630-7CE3-34FF1B4ACCF3}" = Catalyst Control Center Localization Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EB0D4D4-87A5-52F5-C59C-159F81BED0E6}" = Catalyst Control Center Graphics Previews Vista
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A91383E9-0311-DB40-6AF6-3F9E80F83E84}" = Catalyst Control Center Localization Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B1211E68-4DA2-7942-BE75-14272A8C1EA9}" = Catalyst Control Center Localization Dutch
"{B1F8FA80-EFA5-EC12-AD36-F5266EF90B61}" = CCC Help Danish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4369E44-8703-E769-A711-40EE5000AC2C}" = Catalyst Control Center Core Implementation
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7DE7B5E-4A2B-B709-E133-EC74C81E654A}" = Catalyst Control Center Graphics Full New
"{B87A3B9F-7632-E053-2148-8EDD1A787B78}" = Catalyst Control Center Localization Chinese Standard
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C7EA6173-A2B8-D45E-A0EE-74F8D2C58D30}" = Catalyst Control Center Localization Hungarian
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1C3920F-1DC3-A2FA-BF5E-7497B5EF072E}" = Catalyst Control Center Localization Norwegian
"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN
"{D95AAA04-9BEF-54B3-CD70-348AC1155DAB}" = Catalyst Control Center Graphics Full Existing
"{D9C7C58C-AC51-EDBF-CF22-E4E1B93ED50D}" = Skins
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DDC4619D-1DC8-C2A7-4968-45586F237131}" = CCC Help Norwegian
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E015B7D9-01AD-FE29-052A-489F4F29ED7F}" = Catalyst Control Center Graphics Light
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7511B20-2857-3F50-1B84-F0F32C519FE1}" = CCC Help Chinese Traditional
"{EB5BE9DE-6025-6227-0C25-AE5C852EC479}" = Catalyst Control Center Localization Polish
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC28331A-FF2B-6D66-D8A0-32C706AEA120}" = CCC Help Spanish
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F2B27034-6059-0549-F01A-4BD9865521B1}" = Catalyst Control Center Localization French
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FBC03F37-80E6-4115-93BA-D39CE2C5662B}" = Simple 1-2-3 Traditional Memories
"{FBE6B550-A93E-AA46-1DBB-421EC319E2DA}" = Catalyst Control Center Localization Italian
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM Toolbar" = AIM Toolbar
"ATI Uninstaller" = ATI Uninstaller
"AudibleManager" = AudibleManager
"Desktop Dialer" = Desktop Dialer
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Master Your CDC 2.0" = Master Your CDC 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mystery Case Files - Huntsville" = Mystery Case Files - Huntsville (remove only)
"oggcodecs" = oggcodecs 0.71.0946
"Picasa 3" = Picasa 3
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"UnityWebPlayer" = Unity Web Player
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"PDG Gold 4.0" = PDG Gold 4.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/7/2010 11:46:12 PM | Computer Name = fiskfam4-PC | Source = Google Update | ID = 20
Description =

Error - 6/8/2010 7:09:22 AM | Computer Name = fiskfam4-PC | Source = Google Update | ID = 20
Description =

Error - 6/8/2010 7:11:41 AM | Computer Name = fiskfam4-PC | Source = Google Update | ID = 20
Description =

Error - 6/8/2010 9:01:11 PM | Computer Name = fiskfam4-PC | Source = Google Update | ID = 20
Description =

Error - 6/8/2010 9:27:16 PM | Computer Name = fiskfam4-PC | Source = EventSystem | ID = 4621
Description =

Error - 6/8/2010 9:45:18 PM | Computer Name = fiskfam4-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 6/8/2010 10:49:39 PM | Computer Name = fiskfam4-PC | Source = EventSystem | ID = 4621
Description =

Error - 6/9/2010 7:45:43 PM | Computer Name = fiskfam4-PC | Source = WerSvc | ID = 5007
Description =

Error - 6/9/2010 8:34:12 PM | Computer Name = fiskfam4-PC | Source = EventSystem | ID = 4621
Description =

Error - 6/9/2010 9:55:20 PM | Computer Name = fiskfam4-PC | Source = ESENT | ID = 215
Description = WinMail (2340) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

[ Media Center Events ]
Error - 1/28/2008 10:41:20 PM | Computer Name = fiskfam4-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 5/29/2008 7:19:36 PM | Computer Name = fiskfam4-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 11:06:37 PM | Computer Name = fiskfam4-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 10/9/2010 8:52:05 PM | Computer Name = fiskfam4-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 1/10/2011 11:49:46 PM | Computer Name = fiskfam4-PC | Source = DCOM | ID = 10016
Description =

Error - 1/10/2011 11:56:16 PM | Computer Name = fiskfam4-PC | Source = DCOM | ID = 10010
Description =

Error - 1/11/2011 1:05:08 PM | Computer Name = fiskfam4-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/11/2011 1:21:21 PM | Computer Name = fiskfam4-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.8 for the Network Card with network
address 001B9E3779A4 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/11/2011 1:31:57 PM | Computer Name = fiskfam4-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/11/2011 1:35:52 PM | Computer Name = fiskfam4-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/11/2011 1:45:48 PM | Computer Name = fiskfam4-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/11/2011 2:39:07 PM | Computer Name = fiskfam4-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/11/2011 2:40:12 PM | Computer Name = fiskfam4-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/11/2011 2:47:01 PM | Computer Name = fiskfam4-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >
 
Good news :)

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys -- (EraserUtilDrvI9)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Fast Browser Search) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O15 - HKCU\..Trusted Domains: att.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bellsouth.com ([myaccount] https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2009/09/27 16:25:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 

Similar threads

midian182
OneDrive users must justify why they are closing the app before exiting (Updated)
Replies
17
Views
913
Nobina
Nobina
midian182
Avast Free Antivirus: Testing its features and learning about the six layers of protection
Replies
0
Views
746
midian182
midian182
midian182
2K Games confirms user details were stolen in data breach last month
Replies
3
Views
791
passwordistaco
P

Latest posts

Back