ComboFix 11-05-25.01 - lexi 05/25/2011  19:07:31.2.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.2811.1845 [GMT -7:00]
Running from: c:\users\lexi\Desktop\ComboFixtry.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-26 to 2011-05-26  )))))))))))))))))))))))))))))))
.
.
2011-05-26 02:11 . 2011-05-26 02:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-26 01:33 . 2011-05-26 01:36	--------	d-----w-	C:\ComboFixtry
2011-05-26 01:06 . 2011-05-26 01:06	--------	d-----w-	c:\programdata\PC Tools
2011-05-25 04:30 . 2011-05-25 04:30	--------	d-----w-	c:\users\lexi\AppData\Roaming\ParetoLogic
2011-05-25 04:30 . 2011-05-25 04:30	--------	d-----w-	c:\users\lexi\AppData\Roaming\DriverCure
2011-05-25 04:30 . 2011-05-25 04:36	--------	d-----w-	c:\programdata\ParetoLogic
2011-05-25 03:50 . 2011-05-25 03:50	--------	d-----w-	c:\users\lexi\AppData\Local\TOSHIBA_Corporation
2011-05-25 02:35 . 2011-05-25 04:55	691	----a-w-	c:\users\lexi\AppData\Roaming\GetValue.vbs
2011-05-25 02:35 . 2011-05-25 04:55	35	----a-w-	c:\users\lexi\AppData\Roaming\SetValue.bat
2011-05-24 02:14 . 2010-12-21 01:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-20 00:53 . 2009-12-11 10:29	153160	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2011-05-20 00:53 . 2009-12-11 09:24	1446912	----a-w-	c:\windows\system32\lsasrv.dll
2011-05-20 00:53 . 2009-12-11 07:39	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2011-05-20 00:53 . 2009-12-11 07:36	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2011-05-20 00:52 . 2010-12-18 06:12	3138048	----a-w-	c:\windows\system32\mstscax.dll
2011-05-20 00:52 . 2010-12-18 05:30	2690560	----a-w-	c:\windows\SysWow64\mstscax.dll
2011-05-20 00:52 . 2010-12-18 06:08	1097216	----a-w-	c:\windows\system32\mstsc.exe
2011-05-20 00:52 . 2010-12-18 05:26	1034240	----a-w-	c:\windows\SysWow64\mstsc.exe
2011-05-20 00:52 . 2010-08-31 04:32	954752	----a-w-	c:\windows\SysWow64\mfc40.dll
2011-05-20 00:52 . 2010-08-31 04:32	954288	----a-w-	c:\windows\SysWow64\mfc40u.dll
2011-05-20 00:52 . 2010-09-01 05:14	167424	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2011-05-20 00:52 . 2010-09-01 04:26	164864	----a-w-	c:\program files (x86)\Windows Media Player\wmplayer.exe
2011-05-20 00:52 . 2010-09-01 05:12	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2011-05-20 00:52 . 2010-09-01 04:23	12625408	----a-w-	c:\windows\SysWow64\wmploc.DLL
2011-05-20 00:51 . 2011-02-12 06:14	267776	----a-w-	c:\windows\system32\FXSCOVER.exe
2011-05-18 02:12 . 2011-02-23 05:15	157696	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-05-18 02:12 . 2011-02-23 05:15	286720	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-05-18 02:12 . 2011-02-23 05:15	126464	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-05-18 02:12 . 2011-02-23 05:15	90624	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-05-17 02:33 . 2010-01-09 07:19	139264	----a-w-	c:\windows\system32\cabview.dll
2011-05-17 02:33 . 2010-01-09 06:52	132608	----a-w-	c:\windows\SysWow64\cabview.dll
2011-05-17 02:33 . 2009-12-29 08:03	220672	----a-w-	c:\windows\system32\wintrust.dll
2011-05-17 02:33 . 2009-12-29 06:55	172032	----a-w-	c:\windows\SysWow64\wintrust.dll
2011-05-17 02:22 . 2011-05-17 02:22	--------	d-----w-	C:\195f700e90cc972bd6f8
2011-05-16 02:51 . 2011-05-20 00:54	--------	d-----w-	c:\program files (x86)\PuppetShow - Souls of the Innocent
2011-05-15 22:21 . 2011-05-16 00:10	--------	d-----w-	c:\program files (x86)\PuppetShow - Lost Town
2011-05-15 16:12 . 2011-05-18 01:51	--------	d-----w-	c:\users\lexi\AppData\Roaming\ERS G-Studio
2011-05-15 15:04 . 2011-05-16 00:10	--------	d-----w-	c:\program files (x86)\PuppetShow - Mystery of Joyville
2011-05-10 23:47 . 2011-05-24 03:55	--------	d-----w-	c:\users\lexi\AppData\Local\ElevatedDiagnostics
2011-05-10 23:36 . 2011-05-10 23:36	--------	d-----w-	c:\users\lexi\AppData\Roaming\Malwarebytes
2011-05-10 23:36 . 2011-05-10 23:36	--------	d-----w-	c:\programdata\Malwarebytes
2011-05-08 14:36 . 2011-05-16 00:10	--------	d-----w-	c:\program files (x86)\Nancy Drew - The Creature of Kapu Cave
2011-05-07 21:26 . 2011-05-16 00:10	--------	d-----w-	c:\program files (x86)\G.H.O.S.T. Hunters - The Haunting of Majesty Manor
2011-05-07 12:49 . 2011-05-16 00:09	--------	d-----w-	c:\users\lexi\AppData\Roaming\TOMI2.THE GATES OF FATE
2011-05-07 12:48 . 2011-05-16 00:10	--------	d-----w-	c:\program files (x86)\The Treasures of Mystery Island - The Gates of Fate
2011-05-07 02:20 . 2011-05-07 02:20	--------	d-----w-	c:\users\lexi\AppData\Roaming\BigFishv1002
2011-05-07 02:19 . 2011-05-16 00:10	--------	d-----w-	c:\program files (x86)\Escape Rosecliff Island
2011-05-06 01:39 . 2011-05-06 01:39	--------	d-----w-	c:\users\lexi\AppData\Roaming\SpinTop Games
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-29 1485208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 135664]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2009-12-09 126392]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-01-29 103792]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
R2 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 297344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-03-24 332272]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 00:05]
.
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 00:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-01-29 517176]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Spyware Doctor with AntiVirus - c:\users\lexi\Desktop\sdasetup_aff[1].exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-25  19:13:30
ComboFix-quarantined-files.txt  2011-05-26 02:13
.
Pre-Run: 201,324,486,656 bytes free
Post-Run: 200,758,611,968 bytes free
.
- - End Of File - - 3D0E8077EDC4674664B6A2043C9EF03F