[JodiP]

I promise I V-scan with my paid version of Panda once a week. I don't surf bad places either. I am at a loss as to what is going on! Started to see google redirects on both IE8 and Firefox today. I grabbed my phone and searched google for an answer. I read about the TDSS stuff etc. Panda was run a few times and showed only a few cookies each time. Oh, I also have a shortcut on my desktop for the temp file which I delete daily. I think I ran Malwarebytes next.

First log
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8029

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

10/29/2011 10:53:35 AM
mbam-log-2011-10-29 (10-53-35).txt

Scan type: Quick scan
Objects scanned: 192036
Time elapsed: 9 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\programdata\googletraybackup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleTrayBackup (Trojan.SHarpro.PGen) -> Value: GoogleTrayBackup -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\-456346402 (Trojan.Agent.Gen) -> Value: -456346402 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\googletraybackup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

2nd log
alwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8029

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

10/29/2011 11:01:51 AM
mbam-log-2011-10-29 (11-01-51).txt

Scan type: Quick scan
Objects scanned: 192046
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\programdata\googletraybackup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleTrayBackup (Trojan.SHarpro.PGen) -> Value: GoogleTrayBackup -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\googletraybackup.dll (Trojan.SHarpro.PGen) -> Quarantined and deleted successfully.

3rd log
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8042

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

10/29/2011 4:15:31 PM
mbam-log-2011-10-29 (16-15-31).txt

Scan type: Quick scan
Objects scanned: 189164
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 1
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\Anon\AppData\Local\gamenauts\gamenautsupdate\gamenautsup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
c:\Users\Anon\AppData\Local\Bondi\bondiupdate\Bondiup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
c:\Users\Anon\AppData\Local\Apple\appleupdate\Appleup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
c:\Users\Anon\AppData\Local\Adobe\adobeupdate\Adobeup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CDDB Update (Trojan.SHarpro.PGen) -> Value: CDDB Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Audacity Update (Trojan.SHarpro.PGen) -> Value: Audacity Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ODBC Update (Trojan.SHarpro.PGen) -> Value: ODBC Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\keyhole.com Update (Trojan.SHarpro.PGen) -> Value: keyhole.com Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleTrayBackup (Trojan.SHarpro.PGen) -> Value: GoogleTrayBackup -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Anon\AppData\Local\gamenauts\gamenautsupdate\gamenautsup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
c:\Users\Anon\AppData\Local\Bondi\bondiupdate\Bondiup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
c:\Users\Anon\AppData\Local\Apple\appleupdate\Appleup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
c:\Users\Anon\AppData\Local\Adobe\adobeupdate\Adobeup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

4th log
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8042

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19154

10/29/2011 4:27:32 PM
mbam-log-2011-10-29 (16-27-32).txt

Scan type: Quick scan
Objects scanned: 184141
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

5th log
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8042

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

10/29/2011 4:40:05 PM
mbam-log-2011-10-29 (16-40-05).txt

Scan type: Quick scan
Objects scanned: 187049
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

6th and last one
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8042

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

10/29/2011 4:44:32 PM
mbam-log-2011-10-29 (16-44-32).txt

Scan type: Quick scan
Objects scanned: 187301
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Panda does not like MBam so I had to shut Panda down for a bit.

I have a screen shot of one I ran that did not delete anything because Panda blocked it but I don't know how to show that here. It basically is one Trojan.BHO and then a dozen or more Trojan.Sharpro.PGen. They vry from reg keys and values to files and memory modules. "No action was taken" but that was Panda blocking it.

I also got two error messages upon booting. Error loading C:\Users\Anon\AppData\Local\Temp\choidate.dll. The specified module could not be found. The other one was C:\ProgramData\GoogleTrayBackup.dll. The specified module could not be found.

I ran Kaspersky FixTDSS tool and it finds nothing. I can't d/l any of the suggested tools. The first one ERUNT says it isn't for Vista. The next one OTM was saved to my desktop but when I try to open it as admin or normal it says not a valid win32 application. GooredFix just leaves me with an error message that says about blank after I click the bar to allow it to d/l.

Forgot, system restore has no back up points at all It always does!

I'm lost. I'm tired too. I made sure to back up all important stuff today. I took my three Toshiba disks out and prepared to format. Guess what happened? After getting the standard warning about erasing my HD I got a message written in cross stich (only way to describe those cute little x's) that said "WRONG MACHINE!!!" Why is it that I can't picture Toshiba placing a childish note like that as an error message? I'm 99.9% sure these are the correct disks as they came from Best Buy when I bought the laptop. Pretty sure I formatted this a month or so after I bought it using dais disks too.

I'm probably forgetting something but it's midnight and I am old Thank you to anyone willing to help me. I will be back on in the morning.

[Advertisements]

Hi there lets see if we can remedy this

First can you get into safe mode with networking :

Restart the computer and immediately press and hold F8
When the menu appears select Safe Mode with Networking

If that works then download and run these two programmes

Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 2 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  C:\Windows\assembly\tmp\U\*.* /s
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[Essexboy]

Hi there lets see if we can remedy this

First can you get into safe mode with networking :

Restart the computer and immediately press and hold F8
When the menu appears select Safe Mode with Networking

If that works then download and run these two programmes

Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 2 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  C:\Windows\assembly\tmp\U\*.* /s
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[JodiP]

Yes, I know I can get to safe mode with networking. I will do all you ask right now. Thank you. Will post back very soon.

[Essexboy]

[JodiP]

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Anon [Admin rights]
Mode: Remove -- Date : 10/30/2011 08:20:25

Bad processes: 0

Registry Entries: 4
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:55010) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()
[APPINIT_DLL] HKLM\[...]\Windows : AppInit_DLLs (C:\PROGRAMDATA\AUDIOENG32.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) -> REPLACED ()

Particular Files / Folders:

Driver: [NOT LOADED]

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt

[Essexboy]

Nice shows me part of the problem

[JodiP]

Running Orleans scan now. Typing from my phone.

[JodiP]

Not Orleans...otl. never get used to phone deciding what it thinks I meant to type

[JodiP]

OTL logfile created on: 10/30/2011 8:27:43 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Anon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 84.29% Memory free
6.19 Gb Paging File | 5.90 Gb Available in Paging File | 95.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 100.27 Gb Free Space | 67.94% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 148.94 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: ANON-PC | User Name: Anon | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/30 08:26:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anon\Desktop\OTL.com
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (FontCache3.0.0.032)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/09/17 13:17:32 | 000,293,120 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrvx86.exe -- (PAVSRV)
SRV - [2009/08/25 14:28:20 | 000,028,928 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe -- (PskSvcRetail)
SRV - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009/08/10 14:45:52 | 000,169,216 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2009/04/17 11:17:24 | 000,157,440 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe -- (TPSrv)
SRV - [2009/04/08 11:56:24 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Stopped] -- c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE -- (PSHost)
SRV - [2009/02/14 10:17:33 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2008/07/02 15:09:36 | 000,060,160 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Internet Security 2010\GWMsrv.dll -- (Gwmsrv)
SRV - [2008/06/19 13:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/02/04 18:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Auto | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/05/31 08:38:48 | 000,053,248 | ---- | M] (Tablet Driver) [Auto | Stopped] -- C:\Windows\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Auto | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/10/30 08:23:18 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2010/06/23 10:23:46 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/11/20 22:24:46 | 000,013,880 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\COMFiltr.sys -- (ComFiltr)
DRV - [2009/10/01 00:07:44 | 000,075,016 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2009/09/09 11:29:18 | 000,199,432 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\neti1639.sys -- (NETIMFLT01060039)
DRV - [2009/09/02 04:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/08/06 13:29:16 | 000,049,160 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\amm8660.sys -- (AmFSM)
DRV - [2009/07/23 13:42:00 | 009,814,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/30 18:17:12 | 000,163,336 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\PavProc.sys -- (PavProc)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/16 14:33:02 | 000,046,728 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2009/06/16 14:33:00 | 000,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\Windows\System32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2009/06/16 14:32:58 | 000,193,800 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2009/06/16 14:32:58 | 000,053,128 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2009/06/10 15:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/06/01 07:58:52 | 000,009,728 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/03/28 12:25:06 | 000,022,072 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2008/03/04 16:59:42 | 000,041,144 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2008/01/21 17:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/26 08:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/06/07 12:16:28 | 000,018,944 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2007/05/31 12:33:44 | 000,012,800 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2007/04/23 10:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2007/04/23 10:28:56 | 000,010,752 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2007/04/16 12:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/09 00:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 00:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/07/28 19:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2005/10/04 04:16:22 | 000,007,936 | ---- | M] (M Three Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\keychain.sys -- (keychain)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B2 0C 89 01 63 F3 9A 43 8A 33 08 3B BD D7 BF 3F [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B2 0C 89 01 63 F3 9A 43 8A 33 08 3B BD D7 BF 3F [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B2 0C 89 01 63 F3 9A 43 8A 33 08 3B BD D7 BF 3F [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B2 0C 89 01 63 F3 9A 43 8A 33 08 3B BD D7 BF 3F [binary data]

IE - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msnbc.com/
IE - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B2 0C 89 01 63 F3 9A 43 8A 33 08 3B BD D7 BF 3F [binary data]
IE - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55010

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.jillcataldo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {37153479-1976-43c3-a1ee-557513977b64}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {6f5d109a-72a0-4fd2-b75a-bfa5bfe3a2c6}:1.0
FF - prefs.js..extensions.enabledItems: {8b8478bd-ba96-4782-9322-da6937a1d8ec}:1.0
FF - prefs.js..extensions.enabledItems: {2f3a21c4-ce26-4c78-ac60-8970b64e1906}:1.0
FF - prefs.js..extensions.enabledItems: {4d6f9453-60f7-40c6-9f44-1997a8f90997}:1.0
FF - prefs.js..extensions.enabledItems: {6c69851a-6ddd-4590-80e2-0ccf607f6f31}:1.0
FF - prefs.js..extensions.enabledItems: {ad64d9dd-4c12-499e-bd17-da04735aadd5}:1.0
FF - prefs.js..extensions.enabledItems: {c2d851ac-d793-4c9b-95b8-7757964e3b3c}:1.0
FF - prefs.js..extensions.enabledItems: {8cfb5ae1-c409-4a33-9838-288af6e70de7}:1.0
FF - prefs.js..extensions.enabledItems: {c417facb-24f6-43eb-936b-804067b1588f}:1.0
FF - prefs.js..extensions.enabledItems: {7b7f9bd5-4788-4f66-a981-c1ed76f79b1d}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins
pArtistScope42.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Anon\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins
pArtistScope42.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 12:32:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/30 12:32:15 | 000,000,000 | ---D | M]

[2009/07/17 00:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anon\AppData\Roaming\Mozilla\Extensions
[2009/07/17 00:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anon\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/30 07:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions
[2011/10/27 08:42:04 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{2f3a21c4-ce26-4c78-ac60-8970b64e1906}
[2011/10/02 14:31:42 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2011/10/27 08:44:47 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{4d6f9453-60f7-40c6-9f44-1997a8f90997}
[2011/10/29 10:24:52 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{6c69851a-6ddd-4590-80e2-0ccf607f6f31}
[2011/06/14 16:40:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{6f5d109a-72a0-4fd2-b75a-bfa5bfe3a2c6}
[2011/10/29 23:28:51 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{7b7f9bd5-4788-4f66-a981-c1ed76f79b1d}
[2011/06/15 20:43:44 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{8b8478bd-ba96-4782-9322-da6937a1d8ec}
[2011/10/29 16:35:23 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{8cfb5ae1-c409-4a33-9838-288af6e70de7}
[2011/10/30 07:52:08 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{acc2f632-b0a0-4d27-8eb9-5716ad5b9536}
[2011/10/29 08:53:59 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{ad64d9dd-4c12-499e-bd17-da04735aadd5}
[2011/10/02 14:31:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/26 22:01:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(23)
[2011/10/29 14:10:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{c2d851ac-d793-4c9b-95b8-7757964e3b3c}
[2011/10/29 21:11:53 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{c417facb-24f6-43eb-936b-804067b1588f}
[2010/07/31 23:00:01 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\[email protected]
[2011/09/24 19:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/15 13:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScope42.dll
[2011/03/13 15:33:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/13 15:33:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/03/18 12:33:21 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 12:33:22 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/09/01 00:07:42 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Reg Error: Value error.) - {01890CB2-F363-439A-8A33-083BBDD7BF3f} - C:\Users\Anon\AppData\Local\InternetCodec.dll (The Imaging Source Europe GmbH)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (94bfe48b) - {67D2DE69-FF07-DBC4-13E4-3370EFBCA85A} - C:\ProgramData\AudioEng32.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2010\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-172382132-1955810624-3325907670-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; Zune 3.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://207.245.65.10...?SKU=99154&RGB=[244,242,180]&DisplayShockwave=1" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D89EECA-1E1C-4E4E-A056-26367852D582}: DhcpNameServer = 68.87.72.134 68.87.77.134
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\Windows\System32\avldr.dll (Panda Security, S.L.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/10/30 08:25:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Anon\Desktop\OTL.com
[2011/10/30 08:20:00 | 000,000,000 | ---D | C] -- C:\Users\Anon\Desktop\RK_Quarantine
[2011/10/29 22:10:03 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Anon\Desktop\FixTDSS.exe
[2011/10/29 12:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Software
[2011/10/29 08:53:57 | 000,358,912 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Users\Anon\AppData\Local\InternetCodec.dll
[2011/10/20 17:37:09 | 000,000,000 | ---D | C] -- C:\Users\Anon\Documents\dictator deaths
[2011/09/30 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\Anon\Documents\My Photos
[2011/09/30 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\Anon\Documents\My Documents
[2011/09/30 16:57:31 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/09/30 16:53:36 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\Htc
[2011/09/30 16:49:22 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Roaming\HTC
[2011/09/30 16:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2011/09/30 16:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2011/09/30 16:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
[2011/09/30 16:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/30 08:26:56 | 000,001,356 | ---- | M] () -- C:\Users\Anon\AppData\Local\d3d9caps.dat
[2011/10/30 08:26:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anon\Desktop\OTL.com
[2011/10/30 08:23:18 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/30 08:19:30 | 000,725,504 | ---- | M] () -- C:\Users\Anon\Desktop\RogueKiller.exe
[2011/10/30 08:16:10 | 000,606,420 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/30 08:16:10 | 000,104,430 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/30 08:11:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/30 08:11:35 | 000,000,136 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg
[2011/10/30 08:08:49 | 000,000,136 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg.bck
[2011/10/30 08:08:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 08:08:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 07:53:02 | 000,079,872 | ---- | M] () -- C:\Users\Anon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/30 07:51:43 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/30 07:50:44 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/30 00:03:07 | 000,002,569 | ---- | M] () -- C:\Users\Anon\Desktop\Microsoft Office Word 2003.lnk
[2011/10/29 23:28:11 | 000,426,757 | ---- | M] () -- C:\Users\Anon\Desktop\OTM.exe
[2011/10/29 22:46:12 | 000,370,364 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2011/10/29 22:46:12 | 000,370,364 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2011/10/29 22:30:47 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG.bck
[2011/10/29 22:30:47 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG
[2011/10/29 22:30:47 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg.bck
[2011/10/29 22:30:47 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg
[2011/10/29 22:30:47 | 000,000,092 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt.bck
[2011/10/29 22:30:47 | 000,000,092 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt
[2011/10/29 22:30:47 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg.bck
[2011/10/29 22:30:47 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg
[2011/10/29 22:30:47 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg.bck
[2011/10/29 22:30:47 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg
[2011/10/29 22:30:47 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg.bck
[2011/10/29 22:30:47 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg
[2011/10/29 22:30:37 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls.bck
[2011/10/29 22:30:37 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls
[2011/10/29 22:25:51 | 000,000,072 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt.bck
[2011/10/29 22:25:51 | 000,000,072 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt
[2011/10/29 22:25:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/29 22:24:38 | 000,804,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/29 22:10:03 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Anon\Desktop\FixTDSS.exe
[2011/10/29 21:31:51 | 000,302,592 | ---- | M] () -- C:\Users\Anon\Desktop\mbqkq3c7.exe
[2011/10/29 17:03:01 | 000,046,986 | ---- | M] () -- C:\Users\Anon\Desktop\bookmarks-2011-10-29.json
[2011/10/29 16:37:49 | 000,015,714 | ---- | M] () -- C:\Users\Anon\AppData\Roaming\wklnhst.dat
[2011/10/29 08:53:57 | 000,358,912 | ---- | M] (The Imaging Source Europe GmbH) -- C:\Users\Anon\AppData\Local\InternetCodec.dll
[2011/10/28 10:55:45 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011/09/30 16:56:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2011/09/30 16:49:12 | 000,000,942 | ---- | M] () -- C:\Users\Anon\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/30 08:20:00 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/30 08:19:30 | 000,725,504 | ---- | C] () -- C:\Users\Anon\Desktop\RogueKiller.exe
[2011/10/29 23:28:11 | 000,426,757 | ---- | C] () -- C:\Users\Anon\Desktop\OTM.exe
[2011/10/29 21:31:50 | 000,302,592 | ---- | C] () -- C:\Users\Anon\Desktop\mbqkq3c7.exe
[2011/10/29 21:04:49 | 000,299,008 | ---- | C] () -- C:\Windows\System32\regxplor.dll
[2011/10/29 17:03:01 | 000,046,986 | ---- | C] () -- C:\Users\Anon\Desktop\bookmarks-2011-10-29.json
[2011/09/30 16:56:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2011/09/30 16:49:12 | 000,000,942 | ---- | C] () -- C:\Users\Anon\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
[2011/07/08 12:03:45 | 000,004,397 | ---- | C] () -- C:\Users\Anon\AppData\Roaming\E0FA.BD8
[2011/06/15 17:22:16 | 000,000,036 | ---- | C] () -- C:\ProgramData\344cb3d9
[2011/02/22 12:09:28 | 000,000,145 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/25 21:11:15 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2010/02/20 23:45:01 | 000,000,141 | ---- | C] () -- C:\Windows\asym.ini
[2009/12/06 18:45:16 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/06 18:45:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/11/20 22:24:46 | 000,013,880 | ---- | C] () -- C:\Windows\System32\drivers\COMFiltr.sys
[2009/11/20 22:24:30 | 000,000,262 | ---- | C] () -- C:\Windows\System32\PavCPL.dat
[2009/11/20 22:24:26 | 000,370,364 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2009/11/20 22:24:26 | 000,370,364 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/23 22:22:50 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/09 23:34:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/09 23:34:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/10 14:16:15 | 000,118,784 | ---- | C] () -- C:\Windows\ShowBmp.exe
[2009/05/10 14:16:15 | 000,014,381 | ---- | C] () -- C:\Windows\Tw533a.ini
[2009/05/10 14:16:15 | 000,001,325 | ---- | C] () -- C:\Windows\Remove.ini
[2009/03/05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/14 10:17:33 | 000,266,240 | ---- | C] () -- C:\Windows\System32\CSHelper.exe
[2009/01/23 15:17:30 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/06 21:37:29 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/09/06 21:37:29 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/07/24 06:05:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/05 15:48:38 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2008/07/04 17:56:47 | 000,031,007 | ---- | C] () -- C:\Users\Anon\AppData\Roaming\UserTile.png
[2008/07/04 14:58:43 | 000,001,356 | ---- | C] () -- C:\Users\Anon\AppData\Local\d3d9caps.dat
[2008/07/02 22:33:30 | 000,079,872 | ---- | C] () -- C:\Users\Anon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/02 21:16:24 | 000,027,240 | ---- | C] () -- C:\Users\Anon\AppData\Roaming\nvModes.001
[2008/07/02 20:30:09 | 000,015,714 | ---- | C] () -- C:\Users\Anon\AppData\Roaming\wklnhst.dat
[2008/07/02 19:46:05 | 000,027,240 | ---- | C] () -- C:\Users\Anon\AppData\Roaming\nvModes.dat
[2008/07/02 19:13:13 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/07/02 17:00:44 | 000,000,016 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/02/21 13:34:55 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2008/02/21 13:34:55 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2008/02/21 13:34:55 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/02/21 13:34:55 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/02/18 19:56:41 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/18 19:56:41 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/18 19:56:41 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/18 19:56:41 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/18 19:56:41 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/18 19:56:41 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/18 19:04:21 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/18 18:57:50 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2008/02/18 18:55:00 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/18 18:55:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/18 18:55:00 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/18 18:55:00 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/18 17:53:20 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/04/24 14:31:12 | 000,010,240 | ---- | C] () -- C:\Windows\System32\ucinst32.dll
[2007/04/24 13:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2007/03/06 18:54:04 | 000,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,804,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,420 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,430 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 17:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2004/05/10 10:33:46 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lhtool.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/08/21 22:14:41 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Anarchy
[2010/07/08 19:09:28 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Avanquest
[2011/03/13 15:33:55 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Catalina Marketing Corp
[2010/01/12 23:37:16 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2010/02/27 14:53:51 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\com.zipeg
[2008/07/08 12:27:19 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Downloaded Installations
[2009/12/06 01:20:26 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\GTM_Bodie
[2010/09/02 22:04:41 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\HamsterSoft
[2011/09/30 17:02:24 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\HTC
[2011/09/30 16:57:31 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2009/12/02 23:46:31 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\IronCode
[2008/07/03 15:23:11 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\iWin
[2009/10/24 19:08:23 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Meridian93
[2009/03/29 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Neopets Toolbar
[2009/10/26 22:30:53 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Oberonv1001
[2009/10/24 00:54:56 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Oberonv1002
[2009/01/05 22:40:32 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\OpenOffice.org
[2009/12/02 01:47:30 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Orbit
[2010/08/21 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Orneon
[2009/11/20 22:22:42 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Panda Security
[2008/07/04 17:56:47 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\PeerNetworking
[2009/11/29 00:51:15 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\PlayFirst
[2009/12/06 00:56:37 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Playrix Entertainment
[2009/10/27 22:46:33 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Princess Isabella
[2008/08/05 10:39:10 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\SecondLife
[2009/10/24 18:38:51 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Sudden Games
[2008/07/02 20:30:10 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Template
[2009/11/29 20:08:50 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\TheScruffs
[2010/03/12 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\toshiba
[2008/07/02 22:14:44 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\WinBatch
[2010/02/27 14:56:41 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Zipeg
[2011/10/04 13:17:34 | 000,000,000 | ---D | M] -- C:\Users\gas\AppData\Roaming\HTC
[2011/10/30 08:08:31 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Anon\Documents\MVI_0127.AVI:TOC.WMV
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2FAFBD6A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C7F08EA3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:860D9052
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A6D6E537
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6CE0638C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AECF4772
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4E158DDD
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:0AC32449

< End of report >

[JodiP]

OTL Extras logfile created on: 10/30/2011 8:27:43 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Anon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 84.29% Memory free
6.19 Gb Paging File | 5.90 Gb Available in Paging File | 95.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 100.27 Gb Free Space | 67.94% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 148.94 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: ANON-PC | User Name: Anon | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{428D351B-4058-43AB-B29F-7B823719B212}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{791DDDDA-4A92-4B12-9C52-5EC64495159A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CF88F7A3-3919-4850-88C9-0B8C49108187}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E6149B23-3976-4705-8C72-59B083E37D16}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{373CD184-EDEB-4350-AE43-9E334F6FE240}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{393A93EB-2A77-4389-8802-B935B5E696B2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{587BB843-5A93-40DF-AE0D-DB7CA9180EB1}" = dir=in | app=c:\windows\system32\inetres32.exe |
"{69DB8F04-3C6B-477C-8A26-6FBA96E87716}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{7D8206AD-815E-4C26-96A6-17DF64EF4C9F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{81F81D84-FD74-4172-8A00-7A0FB2E6E32D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{87797184-D33F-4E77-A410-CE8E31D00C3E}" = dir=in | app=c:\windows\system32\inetres32.exe |
"{87967848-B89C-4D5D-ADA9-DFDDD61C7FDF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{98BF2797-4C5B-4D8D-89A4-8B051A96A2F2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{9CE228D6-6E63-442C-844E-F7F594AD1295}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{C59EDF5A-4C65-477A-973F-6AAC7C443E58}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CF0C3C65-E863-4D1C-B0D7-9E8D7A43C250}" = dir=in | app=c:\windows\system32\inetres32.exe |
"{D04708CA-7566-44DC-B6F1-D19DB11965F1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{594ECEE0-DAF0-47EB-A56F-1E11D12E75BE}C:\users\anon\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=6 | dir=in | app=c:\users\anon\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe |
"TCP Query User{754C4E7A-E991-41DD-9D09-2D87E69F4D1A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2A1E23F2-AC40-4B44-9ADC-7EE3783D42C8}C:\users\anon\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=17 | dir=in | app=c:\users\anon\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe |
"UDP Query User{CB6249C0-D297-4E06-B83B-6E0A048604B1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{15AD427B-9243-46C6-8A14-CA6BA264162B}" = MySoftware Fonts
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2CD82D77-8D1E-44FC-9A90-BBA95AC8D6B7}" = Protector Suite QL 5.8
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{568161BB-4D77-4534-AB92-55040CD92798}" = Panda Internet Security 2010
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7926EFB6-7CB4-4A9D-AB01-095F67F9D519}" = Panda Internet Security 2010
"{7EF7C59B-A6D9-92F6-8705-BC873A58BB6A}" = Comcast Access
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C1205500-2179-11D7-B0B9-0000E24D4B29}" = Digital Camera
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F9AD06D7-55F5-EB9B-6FD9-3FEE745B4E01}" = Cakes, Bars & Cookies
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"148830032a5f9d57a66451e2d5e595fb.8A83BD0BE459142F50C111755484E359D8DBFFF2.1" = Cakes, Bars & Cookies
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"ArtistScope Plugin FX 424.2.0.0" = ArtistScope Plugin FX 42
"Audacity_is1" = Audacity 1.2.6
"com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Access
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"EZ Vinyl Converter by MixMeister_is1" = EZ Vinyl Converter 2.0.0 by MixMeister
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 2.1.0.9 by MixMeister
"FitDay_is1" = FitDay PC version 2.0
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"ieSpell" = ieSpell
"InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Viewer" = Photo Viewer
"ProInst" = Intel® PROSet/Wireless Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Scruffs_is1" = The Scruffs
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Weight-By-Date Pro Trial" = Weight-By-Date Pro Trial
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"Zipeg" = Zipeg
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


This was from the "extras"

[Essexboy]

OK killing time Once this run has completed then boot to normal mode and let me know what the current problems are please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B2 0C 89 01 63 F3 9A 43 8A 33 08 3B BD D7 BF 3F [binary data]
  IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B2 0C 89 01 63 F3 9A 43 8A 33 08 3B BD D7 BF 3F [binary data]
  IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B2 0C 89 01 63 F3 9A 43 8A 33 08 3B BD D7 BF 3F [binary data]
  IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B2 0C 89 01 63 F3 9A 43 8A 33 08 3B BD D7 BF 3F [binary data]
  IE - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B2 0C 89 01 63 F3 9A 43 8A 33 08 3B BD D7 BF 3F [binary data]
  IE - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55010
  FF - prefs.js..extensions.enabledItems: {6f5d109a-72a0-4fd2-b75a-bfa5bfe3a2c6}:1.0
  FF - prefs.js..extensions.enabledItems: {8b8478bd-ba96-4782-9322-da6937a1d8ec}:1.0
  FF - prefs.js..extensions.enabledItems: {2f3a21c4-ce26-4c78-ac60-8970b64e1906}:1.0
  FF - prefs.js..extensions.enabledItems: {4d6f9453-60f7-40c6-9f44-1997a8f90997}:1.0
  FF - prefs.js..extensions.enabledItems: {6c69851a-6ddd-4590-80e2-0ccf607f6f31}:1.0
  FF - prefs.js..extensions.enabledItems: {ad64d9dd-4c12-499e-bd17-da04735aadd5}:1.0
  FF - prefs.js..extensions.enabledItems: {c2d851ac-d793-4c9b-95b8-7757964e3b3c}:1.0
  FF - prefs.js..extensions.enabledItems: {8cfb5ae1-c409-4a33-9838-288af6e70de7}:1.0
  FF - prefs.js..extensions.enabledItems: {c417facb-24f6-43eb-936b-804067b1588f}:1.0
  FF - prefs.js..extensions.enabledItems: {7b7f9bd5-4788-4f66-a981-c1ed76f79b1d}:1.0
  [2011/10/27 08:42:04 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{2f3a21c4-ce26-4c78-ac60-8970b64e1906}
  [2011/10/27 08:44:47 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{4d6f9453-60f7-40c6-9f44-1997a8f90997}
  [2011/10/29 10:24:52 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{6c69851a-6ddd-4590-80e2-0ccf607f6f31}
  [2011/06/14 16:40:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{6f5d109a-72a0-4fd2-b75a-bfa5bfe3a2c6}
  [2011/10/29 23:28:51 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{7b7f9bd5-4788-4f66-a981-c1ed76f79b1d}
  [2011/06/15 20:43:44 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{8b8478bd-ba96-4782-9322-da6937a1d8ec}
  [2011/10/29 16:35:23 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{8cfb5ae1-c409-4a33-9838-288af6e70de7}
  [2011/10/30 07:52:08 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{acc2f632-b0a0-4d27-8eb9-5716ad5b9536}
  [2011/10/29 08:53:59 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{ad64d9dd-4c12-499e-bd17-da04735aadd5}
  [2011/10/29 14:10:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{c2d851ac-d793-4c9b-95b8-7757964e3b3c}
  [2011/10/29 21:11:53 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{c417facb-24f6-43eb-936b-804067b1588f}
  O2 - BHO: (Reg Error: Value error.) - {01890CB2-F363-439A-8A33-083BBDD7BF3f} - C:\Users\Anon\AppData\Local\InternetCodec.dll (The Imaging Source Europe GmbH)
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (94bfe48b) - {67D2DE69-FF07-DBC4-13E4-3370EFBCA85A} - C:\ProgramData\AudioEng32.dll File not found
  [2011/10/29 08:53:57 | 000,358,912 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Users\Anon\AppData\Local\InternetCodec.dll
  [2011/10/29 21:04:49 | 000,299,008 | ---- | C] () -- C:\Windows\System32\regxplor.dll
  [2011/06/15 17:22:16 | 000,000,036 | ---- | C] () -- C:\ProgramData\344cb3d9
  
  :Reg
  [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  [HKU\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[JodiP]

am I deleting the code you had me put in before? Do I keep the same things checked as before but just check "run fix" as well?

[Essexboy]

Copy alll the text in the quote box starting at :OTL and down to and including [reboot] replacing the scan information then press run fix



[attachment=53271:Untitled.jpg]

[JodiP]

Rebooted. Have cursor but desktop black. Looks like laptop is thinking as that light is flashing

[Essexboy]

Yes it may take a few moments as OTL tidies up