[RESOLVED] Virus on computer Help Please..

You're running two AV programs, McAfee and TrendMicro.
One of them has to go.
If McAfee, make sure to use this tool: http://www.softpedia.com/get/Tweak/U...val-Tool.shtml

==================================================================

Please, uninstall AskSBar (if present).

Post fresh Combofix log.

Ok, I have uninstalled the Trend and Mcafee as my Mother-in-law, Ernie, hasn't been running virus scan since 12/09. She had the Geek squad come out and they told her that they put antivirus software on it so I left it alone. I am going to put Avast on her laptop once it is clean.

The McAffee is still on this machine. I did the removal but it didn't get everything. I believe it is the "real time scanner" still running and I looked for it under the services but I don't see it running.

I am going to try the removal again and restart. Wish me luck. Kim

No worries. If you'll have any problems, we'll remove it manually.

I tried it again and when I tried combofix again it said the McAfee real time scanner was still running. Then the computer went dead. I am not use to a laptop yet, battery and mouse grrr... Thank you for all your help. Can you help me remove McAfee so that I can run combofix again. Kim

Did you use the tool from my link to uninstall MCAfee?



Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

It's my bed time, so I'll have to check on you tomorrow.

Yes I used the tool. I am now following your post..

OTL logfile created on: 8/15/2010 2:56:11 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 382.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 66.98 Gb Free Space | 60.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/15 02:53:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2008/12/29 12:32:16 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/12/20 02:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2006/12/15 18:59:04 | 000,530,552 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/11/10 17:22:26 | 000,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2006/11/09 13:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/06 20:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\Toshiba\Utilities\KeNotify.exe
PRC - [2006/11/01 01:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006/10/27 16:11:02 | 000,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2006/09/12 11:03:20 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2005/12/16 05:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (SafeList) ==========

MOD - [2010/08/15 02:53:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
MOD - [2006/11/02 05:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/08/14 20:33:09 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/07/11 13:40:40 | 000,111,896 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2008/07/11 13:40:08 | 000,124,184 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT)
SRV - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/12 18:55:05 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/27 21:03:52 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/20 02:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/11/01 01:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/09/12 11:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/11/23 09:43:30 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/23 09:43:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/23 09:43:28 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/07/11 13:30:06 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2008/04/17 15:30:08 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/03/06 15:57:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/02/18 17:14:38 | 000,106,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2008/02/08 13:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/06/27 09:42:34 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 09:41:48 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2007/03/30 13:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007/02/28 21:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/02/19 22:13:24 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/02/19 22:12:46 | 000,219,520 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/29 00:39:52 | 001,476,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/29 00:39:52 | 001,476,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/11/08 22:09:24 | 001,647,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/04 12:35:50 | 000,059,392 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/27 17:14:22 | 000,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/10/23 19:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 23:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/08/31 09:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/07/28 19:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2006/07/06 16:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/01 19:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Inbox Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.inbox.com/homepage.aspx?tbid=80114&lng=en"
FF - prefs.js..extensions.enabledItems: [email protected]d:1.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.31
FF - prefs.js..keyword.URL: "http://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80114&language=en&qkw="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/23 17:54:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/19 10:37:37 | 000,000,000 | ---D | M]

[2010/03/13 14:04:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/08/15 00:48:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0w4zie3s.default\extensions
[2010/03/13 14:10:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0w4zie3s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 14:02:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0w4zie3s.default\extensions\[email protected]
[2010/03/13 14:10:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0w4zie3s.default\extensions\[email protected]
[2010/06/29 15:55:09 | 000,002,168 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0w4zie3s.default\searchplugins\inbox-search.xml
[2010/03/13 14:03:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/10 18:13:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\scanner1.exe.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LTCM Client] C:\Users\Owner\AppData\Local\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "&#37;1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

and the last of the OLT.txt file

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/15 02:01:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/15 01:48:55 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/13 14:58:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/13 14:58:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2010/08/13 14:58:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/10 18:02:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/10 18:02:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/10 18:02:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/10 18:02:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/10 18:02:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/10 17:29:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/04 00:52:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2010/08/04 00:52:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/04 00:52:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/04 00:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/04 00:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/03 09:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/03 09:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/01 22:02:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\hdsalwpvs
[2010/05/19 10:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/19 10:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

========== Files - Modified Within 90 Days ==========

[2010/08/15 02:55:59 | 002,621,440 | -HS- | M] () -- C:\Users\Owner\ntuser.dat
[2010/08/15 02:30:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/15 02:30:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/15 02:05:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/15 01:47:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/15 01:37:45 | 000,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/15 01:37:45 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/15 01:37:45 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/15 01:30:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/15 01:30:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/15 01:30:04 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/15 01:28:56 | 001,798,063 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/08/14 23:53:57 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A9701871-3651-42C4-BD67-14002B7FB0B1}.job
[2010/08/13 17:34:01 | 000,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/08/13 14:56:52 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/10 18:13:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/10 17:28:18 | 003,818,385 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2010/08/04 17:27:24 | 280,132,065 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/04 00:52:16 | 000,000,853 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/08/04 00:52:16 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/19 10:37:38 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk

========== Files Created - No Company Name ==========

[2010/08/14 02:16:47 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/10 18:02:29 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/10 18:02:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/10 18:02:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/10 18:02:29 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/10 18:02:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/10 17:28:18 | 003,818,385 | R--- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2010/08/04 19:28:27 | 000,008,993 | ---- | C] () -- C:\Users\Owner\Attach.txt
[2010/08/04 19:27:00 | 000,016,214 | ---- | C] () -- C:\Users\Owner\dds.txt
[2010/08/04 00:52:16 | 000,000,853 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/08/04 00:52:16 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/19 10:37:38 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/03/10 22:23:19 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/20 15:01:05 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/04/20 14:56:03 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF500.ini
[2008/07/30 16:40:05 | 000,026,760 | R--- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2007/05/22 18:57:04 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/22 18:14:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/22 18:14:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/22 18:14:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/22 18:14:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/22 18:14:52 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/22 18:14:52 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/22 17:51:29 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/22 17:51:29 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/22 17:51:29 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/22 17:51:29 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006/11/29 01:12:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2006/11/28 23:14:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/28 23:12:28 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/24 10:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/31 20:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/08/10 18:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 17:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2008/12/01 18:24:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InterVideo
[2009/04/20 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leader Technologies
[2009/04/20 15:14:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2008/07/30 16:09:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sierra Wireless
[2007/11/06 21:26:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2007/09/24 15:58:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
[2007/09/24 16:49:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
[2010/08/15 01:29:11 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/14 23:53:57 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A9701871-3651-42C4-BD67-14002B7FB0B1}.job

========== Purity Check ==========



========== Custom Scans ==========


< &#37;SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 03:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2007/05/22 18:10:51 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/08/15 01:30:04 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/24 21:03:53 | 000,000,164 | ---- | M] () -- C:\install.dat
[2010/08/15 01:30:02 | 1377,304,576 | -HS- | M] () -- C:\pagefile.sys
[2009/11/26 20:16:24 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2009/11/26 20:16:24 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 08:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 05:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007/09/27 21:00:22 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/05/22 18:10:33 | 006,602,752 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007/05/22 18:10:31 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007/05/22 18:10:34 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007/05/22 18:10:46 | 015,556,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007/05/22 18:10:48 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2007/09/12 15:15:34 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2006/11/02 05:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 05:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-14 06:34:33
< End of report >

It is past my bedtime too so I will check back tomorrow. Lots to do school starts Monday and I work at an Elementary School and have two children in High School..

OTL Extras logfile created on: 8/15/2010 2:56:11 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 382.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 66.98 Gb Free Space | 60.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10779E76-8031-4565-A75A-8DA98A0F5A08}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{18A9D6AF-80F1-4801-B44E-B4586E0C2856}" = rport=137 | protocol=17 | dir=out | app=system |
"{245ED221-D3FB-4EE0-9B4D-630F0EAEC321}" = lport=139 | protocol=6 | dir=in | app=system |
"{7D2FB236-257C-4067-B550-312CFB737101}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7EB86498-2258-4AB0-A4CC-DADB87DA6D47}" = lport=138 | protocol=17 | dir=in | app=system |
"{81536E03-E9CB-426F-B250-CE9F5C0E1AC3}" = rport=139 | protocol=6 | dir=out | app=system |
"{8562BD88-CF32-4B35-BB78-296BBAE012AE}" = lport=445 | protocol=6 | dir=in | app=system |
"{BABFB68E-8E8A-4440-AAC6-DBB39B692896}" = lport=137 | protocol=17 | dir=in | app=system |
"{C738E1C8-3526-474E-B3AE-EC6184F62425}" = rport=138 | protocol=17 | dir=out | app=system |
"{DA11A815-5F4F-4496-9D40-45200015F5A8}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01069126-3EC4-4B6A-83FA-65AF7223E68A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{1FA17E3C-E58B-4C32-9E60-A49EF1CED495}" = protocol=1 | dir=out | [email protected],-28544 |
"{1FBA06E3-AB93-4C28-A852-A9849920CED9}" = protocol=1 | dir=in | [email protected],-28543 |
"{246379BF-7645-4E28-B6D5-EB5C6A37FAD0}" = protocol=58 | dir=out | [email protected],-28546 |
"{35C1FF15-6C06-4621-9259-7F5F616F94A1}" = protocol=1 | dir=in | [email protected],-28543 |
"{85C04434-978F-40BE-BD4D-A5E039C8935D}" = protocol=1 | dir=out | [email protected],-28544 |
"{A128CD60-A295-4083-AE9E-A518E58012BD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{A1C2AB93-DDD3-4FEB-B8CE-14BEF9306AED}" = protocol=58 | dir=in | [email protected],-28545 |
"{C7BEDEE9-E5B2-4F2C-A397-857754A815F6}" = protocol=58 | dir=in | [email protected],-28545 |
"{CA289E79-656C-4BEE-913E-47863AB9E429}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E4F12C09-BC00-4ED2-BF3A-40BB1D2B92E6}" = protocol=58 | dir=out | [email protected],-28546 |
"{ED6B466E-2887-494C-B85A-0D1849A74477}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{4FEBFB81-B53D-4AF6-A9A2-5D6160B88CA0}C:\program files\common files\first coast news now\trueweather.exe" = protocol=6 | dir=in | app=c:\program files\common files\first coast news now\trueweather.exe |
"TCP Query User{C0F04F73-64C3-4FD0-A180-D9AB3C2FC262}C:\program files\common files\first coast news now\trueweather.exe" = protocol=6 | dir=in | app=c:\program files\common files\first coast news now\trueweather.exe |
"TCP Query User{C85AF9D3-1CA6-4374-B170-D5FE08D54D23}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"UDP Query User{1823BC35-6165-46B5-AD78-E1364E11BE95}C:\program files\common files\first coast news now\trueweather.exe" = protocol=17 | dir=in | app=c:\program files\common files\first coast news now\trueweather.exe |
"UDP Query User{5CD9F592-A995-41DF-8302-FB3CE51E51F3}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"UDP Query User{5E248837-AF34-42D5-B29F-471751EEA784}C:\program files\common files\first coast news now\trueweather.exe" = protocol=17 | dir=in | app=c:\program files\common files\first coast news now\trueweather.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochure
"{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2FD94FBC-07AE-475C-B522-BFE899B9048E}" = Garmin WebUpdater
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D25A304-C82D-41C3-85A8-3BEF84E04887}" = Garmin WebUpdater
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F626E006-C06C-466A-B133-92C1991385CA}" = ArcSoft Print Creations
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
"{F83C541F-E858-46E0-BE65-CB12E720AEBF}" = AT&T Communication Manager
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"Desktop Dialer" = Desktop Dialer
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 500 Series" = EPSON WorkForce 500 Series Printer Uninstall
"First Coast News NOW" = First Coast News NOW
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Internet Offers from Toshiba" = Internet Offers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"oggcodecs" = oggcodecs 0.71.0946
"Picasa2" = Picasa 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"WT015792" = FATE
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"LTCM Client" = LTCM Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2010 4:59:05 PM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 7/19/2010 3:14:57 PM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 7/19/2010 8:29:15 PM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 7/19/2010 8:56:51 PM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 7/20/2010 10:04:51 AM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 7/20/2010 10:05:05 AM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 7/20/2010 8:20:03 PM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 7/21/2010 2:11:14 PM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 7/22/2010 8:56:27 PM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 7/23/2010 8:51:35 PM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

[ Media Center Events ]
Error - 9/28/2007 3:50:04 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/2/2007 3:59:11 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/3/2007 7:47:42 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/19/2007 4:57:03 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/22/2007 5:53:24 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/26/2007 10:48:33 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/29/2007 8:56:47 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/29/2007 10:49:44 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/2/2007 2:40:17 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/29/2009 9:29:49 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/15/2010 12:11:05 AM | Computer Name = Owner-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.4. The computer with the IP address 192.168.10.5 did
not allow the name to be claimed by this computer.

Error - 8/15/2010 12:16:15 AM | Computer Name = Owner-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.4. The computer with the IP address 192.168.10.5 did
not allow the name to be claimed by this computer.

Error - 8/15/2010 12:19:26 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/15/2010 12:21:34 AM | Computer Name = Owner-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.4. The computer with the IP address 192.168.10.5 did
not allow the name to be claimed by this computer.

Error - 8/15/2010 12:26:44 AM | Computer Name = Owner-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.4. The computer with the IP address 192.168.10.5 did
not allow the name to be claimed by this computer.

Error - 8/15/2010 12:33:46 AM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:30:17 AM on 8/15/2010 was unexpected.

Error - 8/15/2010 12:39:10 AM | Computer Name = Owner-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.4. The computer with the IP address 192.168.10.5 did
not allow the name to be claimed by this computer.

Error - 8/15/2010 1:31:08 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/15/2010 1:33:13 AM | Computer Name = Owner-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.4. The computer with the IP address 192.168.10.5 did
not allow the name to be claimed by this computer.

Error - 8/15/2010 1:38:23 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >

Good Morning.

I wanted to let you know that I did use the tool twice and rebooted each time. Then Combofix sent a warning that McAfee was still running, so I did a search and tried to find out how to uninstall it completely. Someone said that his real time scanner for McAfee was something like McSheild. I scanned through all the services and really didn't find anything with the company's name or a file name that looked like it would be it and if they were running.

The OLT scan went smoothly. Took only 7 minutes.

I am going to give this back to her with a schedule of times to run her spyware. I will set up the virus scan to run itself. Besides Avast and Spyware, what else should we be running to keep ourselves safe?


Thank you again for your time.

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

==============================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

=============================================================


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  ---

  :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/08/01 22:02:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\hdsalwpvs


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

  ---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

==============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

• Disable your active antivirus program.
• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Good evening.

I went to the Java link and it stated that Java wasn't working on the computer. I checked through IE and it is enabled. I was also directed to go to control panel and was told that if I don't have a Java Icon then I don't have Java. Well I started downloading it and it said up to two hours. I left it downloading to come back to an error. I am now reloading Java. Kim

OK.....