Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting Virus On Internet Explorer and Mozilla


  • This topic is locked This topic is locked
12 replies to this topic

#1 pinupdollash

pinupdollash

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 07 September 2010 - 01:22 PM

I have a Toshiba Laptop that runs Windows Vista.

I recently had the big problem of my computer screen going black and wasn't able to load anything. It all started when I tried purchasing tickets on Fandango. My Avast! started going crazy with Trojan pop ups and then all of a sudden "Spware Doctor" had downloaded itself to my computer. With that came the black screen. I would log in to my windows account, but once I logged in the screen was completely pitch black. I could open up the Task Manager, but when I would try running Internet Explorer a message would pop up saying the file could not be opened because it contained a virus. I took it to get repaired. It loads fine now, but the problem now is Internet Explorer and Mozilla keeps redirecting me to random websites on google. Both programs are running slow. Im very frustrated Ive tried everything! Malwarebytes isnt catching any problems, but Avast! keeps bringing up these three "threats":
C:\Windows\explorer.exe
C:\Windows\System32\wininit.exe
C:\Windows\explorer.exe
Why there are two explorer.exe I dont know. When I try moving or repairing the threats it keeps saying "error:read only file". I dont know what to do anymore! I had gotten rid of the redirecting virus before and didnt have it for a few months. But ever since I went on Fandango and caught the virus to make my computer screen stay black it hasnt been the same. The thing doesnt want to go away and it is very annoying! What can I do?

I am very new to this website so forgive me if I post anything incorrectly. Thank You!

DDS (Ver_10-03-17.01) - NTFSx86
Run by Ashley Marie at 10:23:18.71 on Tue 09/07/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1915.872 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\igfxext.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ashley Marie\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyServer = http=127.0.0.1:6522
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [dmadmin.exe] c:\users\ashley~1\appdata\local\temp\dmadmin.exe
uRun: [Data Protection] "c:\users\ashley marie\appdata\roaming\data protection\datprot.exe" -noscan
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [XBV6RD5SZF] c:\users\ashley~1\appdata\local\temp\Ffd.exe
uRun: [newsecureapp70700.exe] c:\users\ashley marie\appdata\roaming\aca7be0bb4b5ef17d727d15d06c36b19\newsecureapp70700.exe
uRun: [pmhepigh] c:\users\ashley marie\appdata\local\iwflntoci\oqdlkjbshdw.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Skytel] Skytel.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\users\ashley~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Authentication Packages = msv1_0 nnklii.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ashley~1\appdata\roaming\mozilla\firefox\profiles\014tvtnb.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 6522
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-4 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-6 165456]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090406.001\IDSvix86.sys [2009-4-8 272432]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-9 20384]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-6 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-6 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-6 40384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-6 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-6 40384]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-8-18 1245064]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355416]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-21 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-1-9 954368]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-18 15008]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-09-06 13:07:00 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-06 13:06:47 38848 ----a-w- c:\windows\avastSS.scr
2010-09-01 01:10:23 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-09-01 01:10:23 57752 ------w- c:\windows\system32\rpcnet.exe
2010-09-01 01:03:36 0 d-----w- c:\users\ashley~1\appdata\roaming\WinBatch
2010-09-01 01:03:35 0 d-----w- C:\slb8v220
2010-09-01 00:37:14 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-09-01 00:36:51 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-27 03:12:09 0 d-----w- c:\programdata\Update
2010-08-27 03:11:35 0 d-----w- c:\users\ashley~1\appdata\roaming\ACA7BE0BB4B5EF17D727D15D06C36B19
2010-08-26 09:17:39 79360 --sha-r- c:\windows\system32\icfupgda.dll
2010-08-25 21:36:27 23040 ----a-w- c:\windows\system32\instm32.exe
2010-08-25 21:36:25 9728 ----a-w- c:\windows\system32\wceprv.dll
2010-08-25 21:36:21 33792 ----a-w- c:\windows\system32\identprv.dll
2010-08-25 21:36:19 13312 ----a-w- c:\windows\system32\DIAGDLL64.DLL
2010-08-23 07:29:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-20 00:27:21 0 d-----w- c:\users\ashley marie\Blackberry
2010-08-14 16:57:42 2352341 ----a-w- c:\users\ashley marie\SAM_0024_Edited.JPG
2010-08-14 10:38:51 0 d-----w- c:\program files\Samsung
2010-08-14 10:38:48 0 d-----w- c:\users\ashley~1\appdata\roaming\Intelli-studio
2010-08-10 20:39:54 0 d-----w- c:\users\ashley marie\Movies
2010-08-10 19:09:10 0 d-----w- C:\My Videos
2010-08-10 19:08:48 0 d-----w- c:\users\ashley~1\appdata\roaming\aHisoft

==================== Find3M ====================

2010-07-12 08:55:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-01 06:23:31 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-01 06:23:31 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-01 06:23:31 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37:03 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31:29 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-11 16:16:20 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15:06 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-04-13 10:34:23 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-14 03:46:35 1880 ----a-w- c:\program files\Desktop Manager.lnk
2009-09-14 03:42:27 322411792 ----a-w- c:\program files\5_1_.0.0_Release021_multilanguage.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-31 01:11:20 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-01-31 01:11:17 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 10:24:45.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:19 AM

Posted 13 September 2010 - 12:53 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 pinupdollash

pinupdollash
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 16 September 2010 - 05:53 AM

Hello! Thank You for your help! Sorry for the late response. I wasnt notified there was a response. Here are the requested files:

OTL Txt:


OTL logfile created on: 9/16/2010 2:08:20 AM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Ashley Marie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.34 Gb Total Space | 79.23 Gb Free Space | 56.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASHLEYMARIE-PC
Current User Name: Ashley Marie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/16 02:05:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley Marie\Downloads\OTL.exe
PRC - [2010/08/31 18:09:51 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2010/08/18 01:46:58 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/08/18 01:46:56 | 001,355,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/07/22 19:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/28 13:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/10 18:39:43 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/09 14:53:01 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/08/04 14:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/25 16:05:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/06/02 14:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 12:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 16:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/21 08:02:00 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/02/06 14:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 14:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/20 19:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/20 19:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007/12/03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/02/20 05:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/09/16 02:05:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley Marie\Downloads\OTL.exe
MOD - [2009/04/10 23:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 19:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/20 19:24:15 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2006/11/02 02:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2006/11/02 02:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2010/08/31 18:09:51 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/08/18 01:46:56 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/07/23 16:34:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/10 18:39:43 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/05 12:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/08/18 11:49:59 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/08/04 14:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 16:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/02/21 08:02:00 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/02/06 14:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 19:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 19:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/12/03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/08/21 19:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090410.040\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090410.040\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - [2010/08/18 01:47:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/12 01:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/28 13:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 13:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 13:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 13:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/06/28 13:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/16 03:13:14 | 000,216,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/02/25 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/25 02:00:00 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/02/19 12:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/02/16 08:02:21 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/09 15:59:20 | 000,272,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090406.001\IDSvix86.sys -- (IDSvix86)
DRV - [2008/09/05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/07/28 16:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/06/12 19:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/04/28 17:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/09 19:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/02 17:26:08 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/01/31 11:51:00 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/01/31 11:51:00 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/01/31 11:51:00 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/01/20 19:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 19:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 09:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 12:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/08/08 11:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2006/11/28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/08 23:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/08 23:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 6522
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/03 16:49:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/03 16:49:42 | 000,000,000 | ---D | M]

[2010/09/03 16:51:56 | 000,000,000 | ---D | M] -- C:\Users\Ashley Marie\AppData\Roaming\Mozilla\Extensions
[2009/02/27 08:03:04 | 000,000,000 | ---D | M] -- C:\Users\Ashley Marie\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/09 13:57:20 | 000,000,000 | ---D | M] -- C:\Users\Ashley Marie\AppData\Roaming\Mozilla\Firefox\Profiles\014tvtnb.default\extensions
[2010/09/03 18:23:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ashley Marie\AppData\Roaming\Mozilla\Firefox\Profiles\014tvtnb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/03 16:49:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/21 19:41:12 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\Jumpstart\jswtrayutil.exe File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PRISMSVR.EXE] C:\Windows\System32\PRISMSVR.EXE File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000..\Run: [Data Protection] C:\Users\Ashley Marie\AppData\Roaming\Data Protection\datprot.exe File not found
O4 - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000..\Run: [dmadmin.exe] C:\Users\ASHLEY~1\AppData\Local\Temp\dmadmin.exe File not found
O4 - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000..\Run: [newsecureapp70700.exe] C:\Users\Ashley Marie\AppData\Roaming\ACA7BE0BB4B5EF17D727D15D06C36B19\newsecureapp70700.exe File not found
O4 - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000..\Run: [pmhepigh] C:\Users\Ashley Marie\AppData\Local\iwflntoci\oqdlkjbshdw.exe File not found
O4 - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000..\Run: [TOSCDSPD] File not found
O4 - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000..\Run: [XBV6RD5SZF] C:\Users\ASHLEY~1\AppData\Local\Temp\Ffd.exe File not found
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Users\Ashley Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000\..Trusted Domains: netzero.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4040486158-3992114278-3609345227-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Ashley Marie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ashley Marie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30 - LSA: Authentication Packages - (nnklii.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{067f3ec2-83ea-11df-8a83-001e339134f4}\Shell\AutoRun\command - "" = E:\MULTIM~1.EXE -- File not found
O33 - MountPoints2\{067f3ec2-83ea-11df-8a83-001e339134f4}\Shell\doubleTwist\command - "" = E:\MULTIM~1.EXE -- File not found
O33 - MountPoints2\{0713ffe4-a5d5-11df-97a1-001e339134f4}\Shell - "" = AutoRun
O33 - MountPoints2\{0713ffe4-a5d5-11df-97a1-001e339134f4}\Shell\AutoRun\command - "" = E:\iStudio.exe -- File not found
O33 - MountPoints2\{37473f9b-2261-11df-8f6b-001e339134f4}\Shell\AutoRun\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{37473f9b-2261-11df-8f6b-001e339134f4}\Shell\slacker\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{c3b1a367-a50a-11de-b082-001e339134f4}\Shell\AutoRun\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{c3b1a367-a50a-11de-b082-001e339134f4}\Shell\slacker\command - "" = E:\slacker.synclauncher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/16 01:55:29 | 000,000,000 | ---D | C] -- C:\Users\Ashley Marie\AppData\Local\vyityifet
[2010/09/07 11:33:38 | 000,000,000 | ---D | C] -- C:\Users\Ashley Marie\V Files
[2010/09/06 06:07:02 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/06 06:07:02 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/06 06:07:02 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/06 06:07:01 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/06 06:07:00 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/06 06:06:47 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/06 06:06:47 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/09/03 16:51:26 | 000,000,000 | ---D | C] -- C:\Users\Ashley Marie\AppData\Local\Mozilla
[2010/08/31 18:10:23 | 000,057,752 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2010/08/31 18:10:23 | 000,057,752 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2010/08/31 18:03:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley Marie\AppData\Roaming\WinBatch
[2010/08/31 18:03:35 | 000,000,000 | ---D | C] -- C:\slb8v220
[2010/08/26 20:12:18 | 000,000,000 | ---D | C] -- C:\Users\Ashley Marie\AppData\Local\iwflntoci
[2010/08/26 20:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/26 20:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/26 20:11:45 | 000,000,000 | ---D | C] -- C:\Users\Ashley Marie\AppData\Local\Windows Server
[2010/08/26 20:11:35 | 000,000,000 | ---D | C] -- C:\Users\Ashley Marie\AppData\Roaming\ACA7BE0BB4B5EF17D727D15D06C36B19
[2010/08/26 19:55:54 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/25 14:36:27 | 000,023,040 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\instm32.exe
[2010/08/25 14:36:25 | 000,009,728 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\wceprv.dll
[2010/08/25 14:36:21 | 000,033,792 | ---- | C] (Absolute Software Corporation) -- C:\Windows\System32\identprv.dll
[2010/08/25 14:36:19 | 000,013,312 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\DIAGDLL64.DLL
[2010/08/23 00:29:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/19 17:27:21 | 000,000,000 | ---D | C] -- C:\Users\Ashley Marie\Blackberry
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/16 02:13:16 | 003,407,872 | -HS- | M] () -- C:\Users\Ashley Marie\ntuser.dat
[2010/09/16 02:01:43 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/09/16 01:59:59 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2010/09/16 01:59:57 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2010/09/16 01:59:31 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/16 01:59:29 | 000,000,326 | -HS- | M] () -- C:\Windows\tasks\UPHUAAULGF.job
[2010/09/16 01:59:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/16 01:59:12 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/16 01:59:12 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/16 01:59:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/16 01:58:58 | 2009,063,424 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/16 01:37:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/15 23:48:09 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CCE31FDF-2E47-44D4-B41F-4CDDDEF75076}.job
[2010/09/15 14:07:29 | 000,524,288 | -HS- | M] () -- C:\Users\Ashley Marie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/15 14:07:29 | 000,065,536 | -HS- | M] () -- C:\Users\Ashley Marie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/15 14:06:53 | 001,893,820 | -H-- | M] () -- C:\Users\Ashley Marie\AppData\Local\IconCache.db
[2010/09/15 14:01:23 | 000,348,399 | ---- | M] () -- C:\Users\Ashley Marie\Desktop\MirandaKerrnun.jpg
[2010/09/14 21:37:35 | 001,013,120 | ---- | M] () -- C:\Users\Ashley Marie\Desktop\Intro_Colonial_LAmerica.pdf
[2010/09/14 20:55:02 | 003,777,185 | ---- | M] () -- C:\Users\Ashley Marie\Desktop\latin his2.xps
[2010/09/14 20:31:12 | 000,720,424 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/14 20:31:12 | 000,616,954 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/14 20:31:12 | 000,108,394 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/14 20:28:48 | 000,032,768 | ---- | M] () -- C:\Users\Ashley Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/14 20:25:38 | 004,771,768 | ---- | M] () -- C:\Users\Ashley Marie\Desktop\latin his..xps
[2010/09/14 19:16:06 | 000,410,024 | ---- | M] () -- C:\Users\Ashley Marie\Desktop\yhuu.jpg
[2010/09/14 19:16:06 | 000,410,024 | ---- | M] () -- C:\Users\Ashley Marie\Desktop\IMAG0008.jpg
[2010/09/14 19:10:03 | 001,442,176 | ---- | M] () -- C:\Users\Ashley Marie\Desktop\Sexy Babe.jpg
[2010/09/14 18:50:06 | 000,601,799 | ---- | M] () -- C:\Users\Ashley Marie\Desktop\IMAG0010.jpg
[2010/09/12 23:12:53 | 001,038,302 | ---- | M] () -- C:\Users\Ashley Marie\Pic3.jpg
[2010/09/12 23:11:55 | 000,895,906 | ---- | M] () -- C:\Users\Ashley Marie\Pic2.jpg
[2010/09/12 23:08:24 | 001,210,174 | ---- | M] () -- C:\Users\Ashley Marie\Pic1.jpg
[2010/09/12 05:00:02 | 220,695,087 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/06 12:28:28 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2010/09/06 06:07:03 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/06 06:07:00 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/03 16:49:46 | 000,001,719 | ---- | M] () -- C:\Users\Ashley Marie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/03 16:49:46 | 000,001,695 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/03 07:40:30 | 000,000,954 | ---- | M] () -- C:\Users\Ashley Marie\Desktop\Launch Internet Explorer Browser.lnk
[2010/08/31 18:09:51 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2010/08/22 18:53:10 | 000,114,968 | ---- | M] () -- C:\Users\Ashley Marie\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/22 18:51:57 | 002,332,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/15 14:01:42 | 000,348,399 | ---- | C] () -- C:\Users\Ashley Marie\Desktop\MirandaKerrnun.jpg
[2010/09/14 21:37:35 | 001,013,120 | ---- | C] () -- C:\Users\Ashley Marie\Desktop\Intro_Colonial_LAmerica.pdf
[2010/09/14 20:56:36 | 003,777,185 | ---- | C] () -- C:\Users\Ashley Marie\Desktop\latin his2.xps
[2010/09/14 20:28:40 | 004,771,768 | ---- | C] () -- C:\Users\Ashley Marie\Desktop\latin his..xps
[2010/09/14 19:16:20 | 000,410,024 | ---- | C] () -- C:\Users\Ashley Marie\Desktop\yhuu.jpg
[2010/09/14 19:10:01 | 001,442,176 | ---- | C] () -- C:\Users\Ashley Marie\Desktop\Sexy Babe.jpg
[2010/09/14 18:50:05 | 000,601,799 | ---- | C] () -- C:\Users\Ashley Marie\Desktop\IMAG0010.jpg
[2010/09/14 18:48:15 | 000,410,024 | ---- | C] () -- C:\Users\Ashley Marie\Desktop\IMAG0008.jpg
[2010/09/12 23:12:51 | 001,038,302 | ---- | C] () -- C:\Users\Ashley Marie\Pic3.jpg
[2010/09/12 23:11:52 | 000,895,906 | ---- | C] () -- C:\Users\Ashley Marie\Pic2.jpg
[2010/09/12 23:08:21 | 001,210,174 | ---- | C] () -- C:\Users\Ashley Marie\Pic1.jpg
[2010/09/06 12:27:36 | 2009,063,424 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/06 06:07:03 | 000,001,811 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/03 16:49:46 | 000,001,719 | ---- | C] () -- C:\Users\Ashley Marie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/03 16:49:46 | 000,001,695 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/03 07:40:30 | 000,000,954 | ---- | C] () -- C:\Users\Ashley Marie\Desktop\Launch Internet Explorer Browser.lnk
[2010/08/31 17:37:14 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2010/08/31 17:36:51 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010/08/26 02:17:39 | 000,000,326 | -HS- | C] () -- C:\Windows\tasks\UPHUAAULGF.job
[2010/08/24 09:01:12 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/29 18:05:36 | 000,000,127 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/29 18:01:53 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/02 23:34:31 | 000,004,096 | -H-- | C] () -- C:\Users\Ashley Marie\AppData\Local\keyfile3.drm
[2009/09/24 01:53:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/13 20:46:35 | 000,001,880 | ---- | C] () -- C:\Program Files\Desktop Manager.lnk
[2009/09/13 20:41:44 | 322,411,792 | ---- | C] () -- C:\Program Files\5_1_.0.0_Release021_multilanguage.exe
[2009/06/10 18:33:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/10 20:28:51 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/08 12:03:26 | 000,000,680 | ---- | C] () -- C:\Users\Ashley Marie\AppData\Local\d3d9caps.dat
[2009/01/31 14:57:43 | 000,032,768 | ---- | C] () -- C:\Users\Ashley Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/30 18:11:20 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/01/30 18:11:17 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/01/09 14:15:47 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/01/09 14:15:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/01/09 14:15:47 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/01/09 14:15:47 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/08/18 11:36:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/18 11:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/18 11:07:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/18 11:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/18 11:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/18 11:07:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/18 11:07:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/12 19:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008/03/24 20:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008/03/24 20:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008/03/25 20:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008/03/25 20:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/03/11 23:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/03/11 23:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/11 23:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/11 23:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/04/15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KR10N.SYS >
[2006/11/08 23:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6A4ADB9186DD0E114E623DAF57E42B31 -- C:\Windows\System32\drivers\KR10N.sys
[2006/11/08 23:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6A4ADB9186DD0E114E623DAF57E42B31 -- C:\Windows\System32\DriverStore\FileRepository\kr10.inf_c681c175\KR10N.sys
[2005/09/27 01:57:00 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\DriverStore\FileRepository\kr10n.inf_f8c77270\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 19:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 19:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >
[2010/09/16 01:59:29 | 000,000,326 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\UPHUAAULGF.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/08/18 10:51:06 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/08/18 10:51:02 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/08/18 10:51:06 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/08/18 10:51:12 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/08/18 10:51:13 | 006,635,520 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/28 13:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/06/28 13:32:56 | 000,050,256 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/28 13:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/28 13:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/28 13:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/07/12 01:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/06/18 08:04:57 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2010/06/18 08:04:44 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Ashley Marie\Documents\Sleeve Writing.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ashley Marie\Documents\Justin__s_Japanese_Half_Sleeve_by_zradkins.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ashley Marie\Documents\japanese_dragon_half_sleeve_by_bjsxiii.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ashley Marie\Documents\Japanese Sleeve.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ashley Marie\Documents\Japanese Dragon.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ashley Marie\Documents\Img160110_tattoo-alex-japanese.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ashley Marie\Documents\Img155984_samurai_inside_small_cropped.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ashley Marie\Documents\Img154975_2674554626_6fc067d077_b.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ashley Marie\Documents\Img152662_robs_tattoo_by_Vargas2008_053.jpg:Roxio EMC Stream
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:57DC3B52
< End of report >


AND Extra txt:

OTL Extras logfile created on: 9/16/2010 2:08:20 AM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Ashley Marie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.34 Gb Total Space | 79.23 Gb Free Space | 56.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASHLEYMARIE-PC
Current User Name: Ashley Marie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4040486158-3992114278-3609345227-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A8700C-7AF4-4ACD-82E2-E44612546E0F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0E7B161D-C5C4-45F5-916A-535E8E1780E9}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{33934CE2-5B2A-41C1-AC27-86BB588D5AA2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3A8B5F6C-1E2F-4781-AC9E-8816EBFCA251}" = lport=445 | protocol=6 | dir=in | app=system |
"{3C78ED55-CD3F-437E-8308-4C1E95F4E213}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4E5A13DA-D0B4-4D4F-848F-F11F5F3A6221}" = lport=138 | protocol=17 | dir=in | app=system |
"{4EB54DC9-CCCE-479B-9503-C123DCB2561B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{52B633E4-F740-4D16-A81D-DF45A53131C0}" = rport=445 | protocol=6 | dir=out | app=system |
"{52C0DF1F-F772-4077-B37B-4547A0A4B5DB}" = rport=137 | protocol=17 | dir=out | app=system |
"{5F39F455-D946-4C5D-8D4B-9C956E7F728B}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{62A03ED5-FC2A-4CDD-AFBB-3E5F62D3D4B9}" = rport=138 | protocol=17 | dir=out | app=system |
"{6ACB5CDB-2075-4E19-BAFB-70BC55C64A72}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{91AC5C8B-3C89-4794-84BB-BA47CF684014}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{98940150-81B2-455D-980F-0315EC828557}" = rport=139 | protocol=6 | dir=out | app=system |
"{D586B760-7744-4621-8DF0-AB62ADC412FC}" = lport=139 | protocol=6 | dir=in | app=system |
"{FF6D3499-6E58-4EDC-9F1C-C4B23126F018}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{091C0376-8711-4E0A-BDDA-317E186D5227}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0AB6568A-9BA8-4F8D-AD88-E83BA4B4B759}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{13969888-8928-4EC7-8A61-9FBC35C6491F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1C529C01-3651-464A-849D-292EB354F56C}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{91454075-F935-470D-ADFE-0D8A524A74C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{94F3CEB6-0F02-420F-B7F0-C89F233E96DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A5EE2040-EED4-4B2F-B1EA-1B9406F11632}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E2C31813-5448-4DFD-93CB-F6444BFB587A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E5686A83-B1BE-4F02-9315-DE8CEAC42652}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{F32DD636-36DE-45AD-8AF4-F77B0FD2179A}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C7BD4D35-6103-4E14-BA72-9D82DB8466F5}" = SymNet
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"avast5" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Intelli-studio" = SAMSUNG Intelli-studio
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Picasa 3" = Picasa 3
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/18/2010 8:43:57 PM | Computer Name = ASHLEYMARIE-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2010 8:43:57 PM | Computer Name = ASHLEYMARIE-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2010 8:43:57 PM | Computer Name = ASHLEYMARIE-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2010 8:43:58 PM | Computer Name = ASHLEYMARIE-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2010 8:43:58 PM | Computer Name = ASHLEYMARIE-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2010 8:43:59 PM | Computer Name = ASHLEYMARIE-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2010 8:43:59 PM | Computer Name = ASHLEYMARIE-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2010 8:44:01 PM | Computer Name = ASHLEYMARIE-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2010 8:44:01 PM | Computer Name = ASHLEYMARIE-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2010 8:44:42 PM | Computer Name = ASHLEYMARIE-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 4/4/2009 5:35:25 PM | Computer Name = ASHLEYMARIE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/5/2009 5:34:17 AM | Computer Name = ASHLEYMARIE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/30/2009 5:35:24 AM | Computer Name = ASHLEYMARIE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/14/2010 4:39:30 PM | Computer Name = ASHLEYMARIE-PC | Source = PlugPlayManager | ID = 12
Description = The device 'Intel® ICH9 Family PCI Express Root Port 2 - 2942' (PCI\VEN_8086&DEV_2942&SUBSYS_FF661179&REV_03\3&21436425&0&E1)
disappeared from the system without first being prepared for removal.

Error - 9/14/2010 4:39:30 PM | Computer Name = ASHLEYMARIE-PC | Source = PlugPlayManager | ID = 12
Description = The device 'Atheros AR5007EG Wireless Network Adapter' (PCI\VEN_168C&DEV_001C&SUBSYS_7128144F&REV_01\4&c8c337f&0&00E1)
disappeared from the system without first being prepared for removal.

Error - 9/14/2010 4:43:08 PM | Computer Name = ASHLEYMARIE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/14/2010 6:22:10 PM | Computer Name = ASHLEYMARIE-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:32:20 PM on 9/14/2010 was unexpected.

Error - 9/14/2010 6:22:59 PM | Computer Name = ASHLEYMARIE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/14/2010 9:22:59 PM | Computer Name = ASHLEYMARIE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/15/2010 4:50:59 PM | Computer Name = ASHLEYMARIE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/16/2010 2:46:30 AM | Computer Name = ASHLEYMARIE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/16/2010 4:59:02 AM | Computer Name = ASHLEYMARIE-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:57:17 AM on 9/16/2010 was unexpected.

Error - 9/16/2010 5:00:04 AM | Computer Name = ASHLEYMARIE-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:19 AM

Posted 16 September 2010 - 10:21 AM

Hi,

let me know if the notifications don't return.

Please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 pinupdollash

pinupdollash
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 16 September 2010 - 10:35 PM

Ok here is the combo fix log:

ComboFix 10-09-16.04 - Ashley Marie 09/16/2010 17:33:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1915.676 [GMT -7:00]
Running from: c:\users\Ashley Marie\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Ashley Marie\AppData\Local\Windows Server
c:\users\Ashley Marie\AppData\Local\Windows Server\admin.txt
c:\users\Ashley Marie\AppData\Local\Windows Server\flags.ini
c:\users\Ashley Marie\AppData\Local\Windows Server\server.dat
c:\users\Ashley Marie\AppData\Local\Windows Server\uses32.dat
c:\users\Ashley Marie\AppData\Roaming\.#
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@1030@1E028F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@1030@1E02928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@1030@1E02958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@1050@3428F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@1050@342928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@1050@342958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@1C4@17728F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@1C4@1772928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@1C4@1772958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@2E8@17028F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@2E8@1702928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@2E8@1702958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@2E8@3E28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@2E8@3E2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@2E8@3E2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@344@1BB28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@344@1BB2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@344@1BB2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@370@1EB28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@370@1EB2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@370@1EB2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@3D0@1B428F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@3D0@1B42928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@3D0@1B42958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@4C4@1E528F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@4C4@1E52928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@4C4@1E52958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@4F4@17B28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@4F4@17B2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@4F4@17B2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@5A4@17828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@5A4@1782928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@5A4@1782958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@5C0@1BF28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@5C0@1BF2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@5C0@1BF2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@5CC@17128F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@5CC@1712928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@5CC@1712958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@5D4@3928F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@5D4@392928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@5D4@392958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@67C@1B928F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@67C@1B92928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@67C@1B92958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@6F0@1C028F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@6F0@1C02928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@6F0@1C02958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@758@17128F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@758@1712928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@758@1712958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@7F0@3F28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@7F0@3F2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@7F0@3F2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@824@3428F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@824@342928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@824@342958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@83C@1628F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@83C@162928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@83C@162958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@89C@AD28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@89C@AD2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@89C@AD2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@8B8@1E428F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@8B8@1E42928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@8B8@1E42958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@8C4@1A28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@8C4@1A2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@8C4@1A2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@998@1928F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@998@192928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@998@192958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@A00@1C828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@A00@1C82928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@A00@1C82958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@A68@1828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@A68@182928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@A68@182958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@AC4@1B628F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@AC4@1B62928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@AC4@1B62958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@AD4@2C28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@AD4@2C2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@AD4@2C2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@ADC@3828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@ADC@382928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@ADC@382958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@AE4@1A928F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@AE4@1A92928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@AE4@1A92958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@B20@1AC28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@B20@1AC2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@B20@1AC2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@B24@1CF28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@B24@1CF2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@B24@1CF2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@B28@1D928F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@B28@1D92928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@B28@1D92958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@CA0@16F28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@CA0@16F2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@CA0@16F2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@CA8@1BC28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@CA8@1BC2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@CA8@1BC2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@CDC@1BE28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@CDC@1BE2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@CDC@1BE2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@CFC@1D628F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@CFC@1D62928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@CFC@1D62958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@CFC@2728F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@CFC@272928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@CFC@272958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D00@1C828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D00@1C82928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D00@1C82958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D14@1B528F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D14@1B52928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D14@1B52958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D48@3728F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D48@372928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D48@372958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D48@6C28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D48@6C2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D48@6C2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D64@1E428F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D64@1E42928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D64@1E42958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D70@1C928F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D70@1C92928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D70@1C92958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D74@1C228F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D74@1C22928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D74@1C22958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D80@3C28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D80@3C2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D80@3C2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D88@1BA28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D88@1BA2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D88@1BA2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D98@1D728F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D98@1D72928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@D98@1D72958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@DF8@1BA28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@DF8@1BA2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@DF8@1BA2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E2C@16F28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E2C@16F2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E2C@16F2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E4@3E28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E4@3E2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E4@3E2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E74@18228F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E74@1822928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E74@1822958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E88@1D228F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E88@1D22928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E88@1D22958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E98@1C528F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E98@1C52928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E98@1C52958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E9C@1AE28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E9C@1AE2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@E9C@1AE2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EA4@1D028F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EA4@1D02928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EA4@1D02958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EA8@6828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EA8@682928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EA8@682958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EC4@1BA28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EC4@1BA2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EC4@1BA2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EC4@3C28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EC4@3C2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EC4@3C2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@ECC@1CF28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@ECC@1CF2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@ECC@1CF2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@ECC@20628F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@ECC@2062928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@ECC@2062958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@ED4@18528F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@ED4@1852928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@ED4@1852958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EE0@20128F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EE0@2012928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EE0@2012958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EE8@17828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EE8@1782928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EE8@1782958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EE8@1B728F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EE8@1B72928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EE8@1B72958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EE8@1CC28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EE8@1CC2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EE8@1CC2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EF4@1BC28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EF4@1BC2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EF4@1BC2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EF4@3728F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EF4@372928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EF4@372958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EF8@1DC28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EF8@1DC2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EF8@1DC2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EFC@1D528F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EFC@1D52928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@EFC@1D52958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F00@1C528F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F00@1C52928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F00@1C52958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F00@1CC28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F00@1CC2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F00@1CC2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F08@1E228F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F08@1E22928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F08@1E22958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F0C@6428F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F0C@642928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F0C@642958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F10@1B528F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F10@1B52928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F10@1B52958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F10@2528F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F10@252928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F10@252958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F14@1B728F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F14@1B72928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F14@1B72958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F14@1DF28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F14@1DF2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F14@1DF2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F1C@1D328F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F1C@1D32928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F1C@1D32958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F20@1728F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F20@172928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F20@172958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F20@1D728F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F20@1D72928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F20@1D72958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F24@1D628F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F24@1D62928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F24@1D62958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F28@3828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F28@382928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F28@382958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F2C@1C128F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F2C@1C12928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F2C@1C12958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F2C@1CD28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F2C@1CD2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F2C@1CD2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F30@1EA28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F30@1EA2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F30@1EA2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F34@1D128F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F34@1D12928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F34@1D12958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F34@2528F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F34@252928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F34@252958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F38@6828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F38@682928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F38@682958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F3C@18128F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F3C@1812928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F3C@1812958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F40@1828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F40@182928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F40@182958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F44@18028F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F44@1802928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F44@1802958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F44@1BF28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F44@1BF2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F44@1BF2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F48@3828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F48@382928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F48@382958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F4C@1DE28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F4C@1DE2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F4C@1DE2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F50@1BE28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F50@1BE2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F50@1BE2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F50@2528F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F50@252928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F50@252958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F50@AE28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F50@AE2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F50@AE2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F54@1A828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F54@1A82928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F54@1A82958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F58@1D228F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F58@1D22928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F58@1D22958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F58@2628F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F58@262928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F58@262958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F5C@1C628F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F5C@1C62928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F5C@1C62958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F5C@1CB28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F5C@1CB2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F5C@1CB2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F5C@1D828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F5C@1D82928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F5C@1D82958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F5C@1DA28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F5C@1DA2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F5C@1DA2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F60@1B428F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F60@1B42928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F60@1B42958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F64@1D628F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F64@1D62928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F64@1D62958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F64@1F528F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F64@1F52928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F64@1F52958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F68@1E928F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F68@1E92928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F68@1E92958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F68@9E28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F68@9E2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F68@9E2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F6C@17E28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F6C@17E2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F6C@17E2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F6C@1D228F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F6C@1D22928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F6C@1D22958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F70@3828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F70@382928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F70@382958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F70@3C28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F70@3C2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F70@3C2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F74@17F28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F74@17F2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F74@17F2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F74@18D28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F74@18D2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F74@18D2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F74@1F28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F74@1F2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F74@1F2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F74@7028F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F74@702928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F74@702958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F78@1D328F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F78@1D32928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F78@1D32958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F7C@1B928F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F7C@1B92928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F7C@1B92958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F7C@1D028F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F7C@1D02928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F7C@1D02958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F84@1DE28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F84@1DE2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F84@1DE2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F84@6028F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F84@602928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F84@602958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F88@1CC28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F88@1CC2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F88@1CC2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F8C@1D328F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F8C@1D32928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F8C@1D32958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F90@2428F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F90@242928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@F90@242958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FA4@1B528F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FA4@1B52928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FA4@1B52958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FA8@1B228F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FA8@1B22928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FA8@1B22958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FB0@1D728F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FB0@1D72928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FB0@1D72958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FB4@1CF28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FB4@1CF2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FB4@1CF2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FC0@17B28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FC0@17B2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FC0@17B2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FC0@1D428F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FC0@1D42928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FC0@1D42958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FCC@1BA28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FCC@1BA2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FCC@1BA2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FD0@1D828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FD0@1D82928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FD0@1D82958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FD0@1E128F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FD0@1E12928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FD0@1E12958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FD4@1BF28F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FD4@1BF2928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FD4@1BF2958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FDC@1928F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FDC@192928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FDC@192958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FE0@B028F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FE0@B02928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FE0@B02958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FEC@1E828F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FEC@1E82928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FEC@1E82958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FEC@2328F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FEC@232928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FEC@232958.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FF0@1C628F8.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FF0@1C62928.###
c:\users\Ashley Marie\AppData\Roaming\.#\MBX@FF0@1C62958.###
c:\users\Ashley Marie\AppData\Roaming\ACA7BE0BB4B5EF17D727D15D06C36B19
c:\users\Ashley Marie\AppData\Roaming\ACA7BE0BB4B5EF17D727D15D06C36B19\enemies-names.txt
c:\users\Ashley Marie\AppData\Roaming\ACA7BE0BB4B5EF17D727D15D06C36B19\local.ini
c:\users\Ashley Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\Ashley Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\Ashley Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\windows\Downloaded Program Files\popcaploader.inf

Infected copy of c:\windows\system32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_PRAGMARSWCPXIWXS
-------\Service_npf
-------\Service_PRAGMArswcpxiwxs


((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))
.

2010-09-16 08:55 . 2010-09-16 08:55 -------- d-----w- c:\users\Ashley Marie\AppData\Local\vyityifet
2010-09-15 07:58 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 07:58 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 07:58 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 07:58 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-07 18:33 . 2010-09-11 20:56 -------- d-----w- c:\users\Ashley Marie\V Files
2010-09-06 13:07 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-06 13:07 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-06 13:07 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-06 13:07 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-06 13:07 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-06 13:06 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-09-06 13:06 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-03 23:51 . 2010-09-03 23:51 -------- d-----w- c:\users\Ashley Marie\AppData\Local\Mozilla
2010-09-01 01:10 . 2010-09-17 01:09 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-09-01 01:10 . 2010-09-01 01:09 57752 ------w- c:\windows\system32\rpcnet.exe
2010-09-01 01:03 . 2010-09-01 01:03 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\WinBatch
2010-09-01 01:03 . 2010-09-01 01:03 -------- d-----w- C:\slb8v220
2010-09-01 00:37 . 2010-09-06 19:28 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-09-01 00:36 . 2010-09-17 01:09 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-27 03:12 . 2010-08-28 13:42 -------- d-----w- c:\users\Ashley Marie\AppData\Local\iwflntoci
2010-08-27 03:12 . 2010-09-06 21:40 -------- d-----w- c:\programdata\Update
2010-08-27 02:55 . 2010-08-27 02:55 -------- d-----w- c:\windows\Sun
2010-08-25 21:36 . 2006-08-23 01:19 23040 ----a-w- c:\windows\system32\instm32.exe
2010-08-25 21:36 . 2009-11-03 00:51 9728 ----a-w- c:\windows\system32\wceprv.dll
2010-08-25 21:36 . 2009-10-21 16:45 33792 ----a-w- c:\windows\system32\identprv.dll
2010-08-25 21:36 . 2009-09-17 19:35 13312 ----a-w- c:\windows\system32\DIAGDLL64.DLL
2010-08-23 07:29 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-20 00:27 . 2010-08-20 00:28 -------- d-----w- c:\users\Ashley Marie\Blackberry

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 10:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-12 11:16 . 2010-08-14 10:38 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\Intelli-studio
2010-09-07 19:26 . 2009-06-08 07:44 -------- d-----w- c:\program files\Photoshoot
2010-09-02 16:01 . 2009-02-27 15:02 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\LimeWire
2010-08-24 15:44 . 2010-07-23 23:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-23 07:29 . 2010-07-20 08:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-23 01:53 . 2009-01-31 01:11 114968 ----a-w- c:\users\Ashley Marie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 02:25 . 2009-01-09 21:00 -------- d-----w- c:\programdata\Microsoft Help
2010-08-14 10:41 . 2010-08-14 10:41 17552011 ----a-w- c:\users\Ashley Marie\AppData\Roaming\Intelli-studio\iUpdate.exe
2010-08-14 10:38 . 2010-08-14 10:38 -------- d-----w- c:\program files\Samsung
2010-08-10 20:46 . 2008-08-18 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-10 20:44 . 2010-05-22 02:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-10 19:18 . 2010-08-10 19:18 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\vlc
2010-08-10 19:08 . 2010-08-10 19:08 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\aHisoft
2010-07-28 05:34 . 2010-07-28 05:21 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\CasinoOnNet
2010-07-28 05:25 . 2010-07-28 05:21 -------- d-----w- c:\program files\CasinoOnNet
2010-07-23 23:52 . 2010-07-23 23:52 -------- d-----w- c:\programdata\FLEXnet
2010-07-23 23:44 . 2008-08-18 18:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-23 23:43 . 2010-07-23 23:43 -------- d-----w- c:\program files\Adobe Media Player
2010-07-23 23:34 . 2010-07-23 23:34 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-19 21:11 . 2010-07-19 21:11 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-19 20:54 . 2010-04-21 04:56 -------- d-----w- c:\program files\Lavasoft
2010-07-12 08:56 . 2010-07-19 21:11 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2010-06-05 05:07 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2010-04-21 05:11 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-26 06:05 . 2010-08-12 00:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 00:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 00:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 00:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-23 03:28 . 2010-06-23 03:28 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB07C.tmp.exe
2010-06-21 13:37 . 2010-08-12 00:36 2037760 ----a-w- c:\windows\system32\win32k.sys
2009-09-14 03:46 . 2009-09-14 03:46 1880 ----a-w- c:\program files\Desktop Manager.lnk
2009-09-14 03:42 . 2009-09-14 03:41 322411792 ----a-w- c:\program files\5_1_.0.0_Release021_multilanguage.exe
2009-01-31 01:11 . 2009-01-31 01:11 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-01-31 01:11 . 2009-01-31 01:11 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-09 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NDSTray.exe"="NDSTray.exe" [BU]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-11 30192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-31 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-11 30192]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-18 15008]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S1 aswSP;aswSP; [x]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090406.001\IDSvix86.sys [2009-02-09 272432]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-18 1355416]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-09-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:47]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:21]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:21]

2010-09-17 c:\windows\Tasks\User_Feed_Synchronization-{CCE31FDF-2E47-44D4-B41F-4CDDDEF75076}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyServer = http=127.0.0.1:27811
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: netzero.com
Trusted Zone: netzero.net
FF - ProfilePath - c:\users\Ashley Marie\AppData\Roaming\Mozilla\Firefox\Profiles\014tvtnb.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 6522
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKCU-Run-Data Protection - c:\users\Ashley Marie\AppData\Roaming\Data Protection\datprot.exe
HKCU-Run-newsecureapp70700.exe - c:\users\Ashley Marie\AppData\Roaming\ACA7BE0BB4B5EF17D727D15D06C36B19\newsecureapp70700.exe
HKCU-Run-pmhepigh - c:\users\Ashley Marie\AppData\Local\iwflntoci\oqdlkjbshdw.exe
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 18:12
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(920)
c:\windows\System32\NLSLexicons0009.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
c:\windows\system32\BatMeter.dll
c:\windows\system32\bthprops.cpl
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\rpcnet.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-09-16 18:17:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-17 01:17

Pre-Run: 84,749,832,192 bytes free
Post-Run: 84,853,489,664 bytes free

Current=5 Default=5 Failed=1 LastKnownGood=4 Sets=1,2,3,4,5,6
- - End Of File - - 790FEF6B41F60F6B428EC03D8A914767


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:19 AM

Posted 17 September 2010 - 05:02 AM

Hi,

that looks promising. Please run the following fix as well:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:27811
uInternet Settings,ProxyOverride = <local>
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 6522


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

let me know how the PC is doing now.
regads myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 pinupdollash

pinupdollash
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 17 September 2010 - 08:04 PM

Hello! My computer has been running ALOT faster and it has NOT been redirecting! Thank you so much! I was pulling all my hair out trying to fix this! Here is the log:

ComboFix 10-09-17.04 - Ashley Marie 09/17/2010 17:45:05.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1915.1009 [GMT -7:00]
Running from: c:\users\Ashley Marie\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashley Marie\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 )))))))))))))))))))))))))))))))
.

2010-09-18 00:53 . 2010-09-18 00:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-18 00:53 . 2010-09-18 00:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-17 01:18 . 2010-09-18 00:53 -------- d-----w- c:\users\Ashley Marie\AppData\Local\temp
2010-09-16 08:55 . 2010-09-16 08:55 -------- d-----w- c:\users\Ashley Marie\AppData\Local\vyityifet
2010-09-15 07:58 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 07:58 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 07:58 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 07:58 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-07 18:33 . 2010-09-11 20:56 -------- d-----w- c:\users\Ashley Marie\V Files
2010-09-06 13:07 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-06 13:07 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-06 13:07 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-06 13:07 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-06 13:07 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-06 13:06 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-09-06 13:06 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-03 23:51 . 2010-09-03 23:51 -------- d-----w- c:\users\Ashley Marie\AppData\Local\Mozilla
2010-09-01 01:10 . 2010-09-18 00:35 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-09-01 01:10 . 2010-09-01 01:09 57752 ------w- c:\windows\system32\rpcnet.exe
2010-09-01 01:03 . 2010-09-01 01:03 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\WinBatch
2010-09-01 01:03 . 2010-09-01 01:03 -------- d-----w- C:\slb8v220
2010-09-01 00:37 . 2010-09-06 19:28 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-09-01 00:36 . 2010-09-18 00:35 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-27 03:12 . 2010-08-28 13:42 -------- d-----w- c:\users\Ashley Marie\AppData\Local\iwflntoci
2010-08-27 03:12 . 2010-09-06 21:40 -------- d-----w- c:\programdata\Update
2010-08-27 02:55 . 2010-08-27 02:55 -------- d-----w- c:\windows\Sun
2010-08-25 21:36 . 2006-08-23 01:19 23040 ----a-w- c:\windows\system32\instm32.exe
2010-08-25 21:36 . 2009-11-03 00:51 9728 ----a-w- c:\windows\system32\wceprv.dll
2010-08-25 21:36 . 2009-10-21 16:45 33792 ----a-w- c:\windows\system32\identprv.dll
2010-08-25 21:36 . 2009-09-17 19:35 13312 ----a-w- c:\windows\system32\DIAGDLL64.DLL
2010-08-23 07:29 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-20 00:27 . 2010-08-20 00:28 -------- d-----w- c:\users\Ashley Marie\Blackberry

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 10:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-12 11:16 . 2010-08-14 10:38 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\Intelli-studio
2010-09-07 19:26 . 2009-06-08 07:44 -------- d-----w- c:\program files\Photoshoot
2010-09-02 16:01 . 2009-02-27 15:02 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\LimeWire
2010-08-24 15:44 . 2010-07-23 23:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-23 07:29 . 2010-07-20 08:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-23 01:53 . 2009-01-31 01:11 114968 ----a-w- c:\users\Ashley Marie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 02:25 . 2009-01-09 21:00 -------- d-----w- c:\programdata\Microsoft Help
2010-08-14 10:41 . 2010-08-14 10:41 17552011 ----a-w- c:\users\Ashley Marie\AppData\Roaming\Intelli-studio\iUpdate.exe
2010-08-14 10:38 . 2010-08-14 10:38 -------- d-----w- c:\program files\Samsung
2010-08-10 20:46 . 2008-08-18 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-10 20:44 . 2010-05-22 02:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-10 19:18 . 2010-08-10 19:18 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\vlc
2010-08-10 19:08 . 2010-08-10 19:08 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\aHisoft
2010-07-28 05:34 . 2010-07-28 05:21 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\CasinoOnNet
2010-07-28 05:25 . 2010-07-28 05:21 -------- d-----w- c:\program files\CasinoOnNet
2010-07-23 23:52 . 2010-07-23 23:52 -------- d-----w- c:\programdata\FLEXnet
2010-07-23 23:44 . 2008-08-18 18:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-23 23:43 . 2010-07-23 23:43 -------- d-----w- c:\program files\Adobe Media Player
2010-07-23 23:34 . 2010-07-23 23:34 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-12 08:56 . 2010-07-19 21:11 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2010-06-05 05:07 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2010-04-21 05:11 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-26 06:05 . 2010-08-12 00:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 00:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 00:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 00:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-23 03:28 . 2010-06-23 03:28 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB07C.tmp.exe
2010-06-21 13:37 . 2010-08-12 00:36 2037760 ----a-w- c:\windows\system32\win32k.sys
2009-09-14 03:46 . 2009-09-14 03:46 1880 ----a-w- c:\program files\Desktop Manager.lnk
2009-09-14 03:42 . 2009-09-14 03:41 322411792 ----a-w- c:\program files\5_1_.0.0_Release021_multilanguage.exe
2009-01-31 01:11 . 2009-01-31 01:11 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-01-31 01:11 . 2009-01-31 01:11 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-09-18_00.30.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-09-18 00:36 63570 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-18 00:36 78198 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-31 01:12 . 2010-09-18 00:36 16652 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4040486158-3992114278-3609345227-1000_UserData.bin
+ 2009-01-09 22:02 . 2010-09-18 00:36 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-09 22:02 . 2010-09-18 00:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-09 22:02 . 2010-09-18 00:18 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-09 22:02 . 2010-09-18 00:36 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-09 22:02 . 2010-09-18 00:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-09 22:02 . 2010-09-18 00:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-18 00:34 . 2010-09-18 00:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-17 01:22 . 2010-09-17 01:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-17 01:22 . 2010-09-17 01:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-18 00:34 . 2010-09-18 00:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-09 21:54 . 2010-09-17 01:21 3213792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-01-09 21:54 . 2010-09-18 00:33 3213792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-09 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NDSTray.exe"="NDSTray.exe" [BU]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-11 30192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-18 1355416]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-31 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-11 30192]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-18 15008]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S1 aswSP;aswSP; [x]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090406.001\IDSvix86.sys [2009-02-09 272432]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-09-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:47]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:21]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:21]

2010-09-18 c:\windows\Tasks\User_Feed_Synchronization-{CCE31FDF-2E47-44D4-B41F-4CDDDEF75076}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: netzero.com
Trusted Zone: netzero.net
FF - ProfilePath - c:\users\Ashley Marie\AppData\Roaming\Mozilla\Firefox\Profiles\014tvtnb.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 6522
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-17 17:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-09-17 17:55:17
ComboFix-quarantined-files.txt 2010-09-18 00:55
ComboFix2.txt 2010-09-18 00:32
ComboFix3.txt 2010-09-17 01:18

Pre-Run: 84,076,208,128 bytes free
Post-Run: 84,017,422,336 bytes free

Current=5 Default=5 Failed=1 LastKnownGood=4 Sets=1,2,3,4,5,6
- - End Of File - - 7D76D626D7195EEDA6F9293627B2AF07


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:19 AM

Posted 20 September 2010 - 08:10 AM

Hi,

I messed up the last script slightly, if you did not set up the proxy in Firefox yourself, please run this script next:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Firefox::
FF - ProfilePath - c:\users\Ashley Marie\AppData\Roaming\Mozilla\Firefox\Profiles\014tvtnb.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 6522


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 pinupdollash

pinupdollash
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 21 September 2010 - 09:43 PM

Here you go:

ComboFix 10-09-17.04 - Ashley Marie 09/21/2010 0:14.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1915.1091 [GMT -7:00]
Running from: c:\users\Ashley Marie\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashley Marie\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-21 07:21 . 2010-09-21 07:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-21 07:21 . 2010-09-21 07:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-20 07:49 . 2010-09-20 07:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-17 01:18 . 2010-09-21 07:22 -------- d-----w- c:\users\Ashley Marie\AppData\Local\temp
2010-09-16 08:55 . 2010-09-16 08:55 -------- d-----w- c:\users\Ashley Marie\AppData\Local\vyityifet
2010-09-15 07:58 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 07:58 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 07:58 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 07:58 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-06 13:07 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-06 13:07 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-06 13:07 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-06 13:07 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-06 13:07 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-06 13:06 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-06 13:06 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-03 23:51 . 2010-09-03 23:51 -------- d-----w- c:\users\Ashley Marie\AppData\Local\Mozilla
2010-09-01 01:10 . 2010-09-21 07:06 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-09-01 01:10 . 2010-09-01 01:09 57752 ------w- c:\windows\system32\rpcnet.exe
2010-09-01 01:03 . 2010-09-01 01:03 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\WinBatch
2010-09-01 01:03 . 2010-09-01 01:03 -------- d-----w- C:\slb8v220
2010-09-01 00:37 . 2010-09-06 19:28 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-09-01 00:36 . 2010-09-21 07:06 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-27 03:12 . 2010-08-28 13:42 -------- d-----w- c:\users\Ashley Marie\AppData\Local\iwflntoci
2010-08-27 03:12 . 2010-09-06 21:40 -------- d-----w- c:\programdata\Update
2010-08-27 02:55 . 2010-08-27 02:55 -------- d-----w- c:\windows\Sun
2010-08-25 21:36 . 2006-08-23 01:19 23040 ----a-w- c:\windows\system32\instm32.exe
2010-08-25 21:36 . 2009-11-03 00:51 9728 ----a-w- c:\windows\system32\wceprv.dll
2010-08-25 21:36 . 2009-10-21 16:45 33792 ----a-w- c:\windows\system32\identprv.dll
2010-08-25 21:36 . 2009-09-17 19:35 13312 ----a-w- c:\windows\system32\DIAGDLL64.DLL
2010-08-23 07:29 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 10:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-12 11:16 . 2010-08-14 10:38 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\Intelli-studio
2010-09-07 19:26 . 2009-06-08 07:44 -------- d-----w- c:\program files\Photoshoot
2010-09-02 16:01 . 2009-02-27 15:02 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\LimeWire
2010-08-24 15:44 . 2010-07-23 23:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-23 07:29 . 2010-07-20 08:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-23 01:53 . 2009-01-31 01:11 114968 ----a-w- c:\users\Ashley Marie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 02:25 . 2009-01-09 21:00 -------- d-----w- c:\programdata\Microsoft Help
2010-08-14 10:41 . 2010-08-14 10:41 17552011 ----a-w- c:\users\Ashley Marie\AppData\Roaming\Intelli-studio\iUpdate.exe
2010-08-14 10:38 . 2010-08-14 10:38 -------- d-----w- c:\program files\Samsung
2010-08-10 20:46 . 2008-08-18 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-10 20:44 . 2010-05-22 02:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-10 19:18 . 2010-08-10 19:18 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\vlc
2010-08-10 19:08 . 2010-08-10 19:08 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\aHisoft
2010-07-28 05:34 . 2010-07-28 05:21 -------- d-----w- c:\users\Ashley Marie\AppData\Roaming\CasinoOnNet
2010-07-28 05:25 . 2010-07-28 05:21 -------- d-----w- c:\program files\CasinoOnNet
2010-07-23 23:52 . 2010-07-23 23:52 -------- d-----w- c:\programdata\FLEXnet
2010-07-23 23:44 . 2008-08-18 18:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-23 23:43 . 2010-07-23 23:43 -------- d-----w- c:\program files\Adobe Media Player
2010-07-23 23:34 . 2010-07-23 23:34 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-12 08:56 . 2010-07-19 21:11 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2010-06-05 05:07 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2010-04-21 05:11 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-26 06:05 . 2010-08-12 00:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 00:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 00:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 00:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-09-14 03:46 . 2009-09-14 03:46 1880 ----a-w- c:\program files\Desktop Manager.lnk
2009-09-14 03:42 . 2009-09-14 03:41 322411792 ----a-w- c:\program files\5_1_.0.0_Release021_multilanguage.exe
2009-01-31 01:11 . 2009-01-31 01:11 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-01-31 01:11 . 2009-01-31 01:11 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-09-18_00.30.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-09-21 07:08 63710 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-21 07:08 78246 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-31 01:12 . 2010-09-21 07:08 16692 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4040486158-3992114278-3609345227-1000_UserData.bin
+ 2009-01-09 22:02 . 2010-09-21 07:06 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-09 22:02 . 2010-09-18 00:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-09 22:02 . 2010-09-18 00:18 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-09 22:02 . 2010-09-21 07:06 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-09 22:02 . 2010-09-18 00:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-09 22:02 . 2010-09-21 07:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-10 21:35 . 2010-09-17 01:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-10 21:35 . 2010-09-20 08:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-10 21:35 . 2010-09-17 01:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-10 21:35 . 2010-09-20 08:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-10 21:35 . 2010-09-20 08:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-10 21:35 . 2010-09-17 01:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-20 07:49 . 2010-09-20 07:49 49664 c:\windows\Installer\6d2fc30.msi
+ 2009-03-04 15:14 . 2010-09-20 08:40 3304 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-03-04 15:14 . 2010-09-14 20:41 3304 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2010-09-21 07:06 . 2010-09-21 07:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-17 01:22 . 2010-09-17 01:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-17 01:22 . 2010-09-17 01:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-21 07:06 . 2010-09-21 07:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-01 16:05 . 2010-09-20 03:25 234286 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-01-31 01:17 . 2010-09-20 06:52 268114 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-01-09 21:54 . 2010-09-17 01:21 3213792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-01-09 21:54 . 2010-09-20 08:40 3213792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-09-20 07:49 . 2010-09-20 07:49 15709696 c:\windows\Installer\6d2fc36.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-09 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NDSTray.exe"="NDSTray.exe" [BU]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-11 30192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-18 1355416]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-31 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-11 30192]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-18 15008]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S1 aswSP;aswSP; [x]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090406.001\IDSvix86.sys [2009-02-09 272432]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-09-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:47]

2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:21]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:21]

2010-09-21 c:\windows\Tasks\User_Feed_Synchronization-{CCE31FDF-2E47-44D4-B41F-4CDDDEF75076}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: netzero.com
Trusted Zone: netzero.net
FF - ProfilePath - c:\users\Ashley Marie\AppData\Roaming\Mozilla\Firefox\Profiles\014tvtnb.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 00:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5916)
c:\windows\System32\fwpuclnt.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
.
Completion time: 2010-09-21 00:24:19
ComboFix-quarantined-files.txt 2010-09-21 07:24
ComboFix2.txt 2010-09-18 00:55
ComboFix3.txt 2010-09-18 00:32
ComboFix4.txt 2010-09-17 01:18

Pre-Run: 83,962,466,304 bytes free
Post-Run: 83,983,687,680 bytes free

Current=5 Default=5 Failed=1 LastKnownGood=4 Sets=1,2,3,4,5,6
- - End Of File - - 0FC81CD64601642A449A2FF00D5E23EA


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:19 AM

Posted 23 September 2010 - 03:03 PM

Hi,

that looks good. How is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 pinupdollash

pinupdollash
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 26 September 2010 - 07:19 PM

It's doing great! Its running fast again and i still have not been redirected at all! Thank you so much!

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:19 AM

Posted 27 September 2010 - 06:34 AM

Hi,

that is great! smile.gif

Just to be safe please run a scan with Eset as well:

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:19 AM

Posted 05 October 2010 - 06:34 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users