LandzDown Forum

My hotmail email became infected a couple of months ago in which I thought was because I left the program open for an extended period of time.  It was periodically sending spam emails to everyone in my contact list.  Although I had McAfee installed at the time, I could never get the spam to stop.  I was getting feedback that they were viruses, which I don't doubt that.  I uninstalled McAfee and downloaded a trial of the Norton 2011 about three weeks ago.  I stopped using hotmail altogether and since installing the anti-virus software I have not gotten reports that I was still sending out spam emails.  With that said, while on my computer this morning looking at coloring page printouts, I clicked on a link and immediately was redirected to a "Windows Security" pop-up that said I had several high to critical security threats and that my computer was in danger of crashing unless I downloaded their file.  Norton also picked up on this threat and said that it had quarantined the file.  So no download took place and now I am trying to figure out what is going on with my computer and how to fix it and protect it from future attacks.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2011-02-17 12:35:34
Microsoft Windows 7 Home Premium 
System drive C: has 391 GB (84%) free of 465 GB
Total RAM: 3964 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:35:50 PM, on 2/17/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\Upromise\UpromiseTray.exe
C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Upromise\UpromiseGlobalCache.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Users\Owner\Documents\Girl Scouts\SecurityCheck.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\notepad.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {4219427b-0228-4356-a78b-eb7668d37d07} - C:\Program Files (x86)\InboxDollars\Helper.dll
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwa2.dll
R3 - URLSearchHook: (no name) - {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Toolbar BHO - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Search Assistant BHO - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
O2 - BHO: BHO Project - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - C:\Program Files (x86)\Object\bho_project.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: FCTBPos00Pos - {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - C:\Program Files (x86)\InboxDollars\Toolbar.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll
O2 - BHO: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwa2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: InboxDollars - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll
O3 - Toolbar: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwa2.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O3 - Toolbar: Coupon Alert - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] "C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MyTOSHIBA] "C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [My Faster PC] c:\program files (x86)\consumersoft\my faster pc\mfpchelper.exe
O4 - HKCU\..\Run: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe
O4 - HKCU\..\Run: [BIBLauncher] C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O9 - Extra button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files (x86)\TimeLeft3\TLIntergIE.html
O9 - Extra 'Tools' menuitem: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files (x86)\TimeLeft3\TLIntergIE.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} (CopyGuardCtrl Class) - http://www.opinionguru.com/CopyGuardIE.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Coupon Alert Service (CouponAlert_2pService) - CouponAlert - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16521 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe
"C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\diMaster.dll" /prefetch:1
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe" /c /a /s UserSession
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\ThpSrv.exe" /logon
"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"
"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe"
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Windows\WindowsMobile\wmdc.exe"
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\Upromise\UpromiseTray.exe"
"C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe"
"C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE" /tsr
C:\windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\windows\system32\wuauclt.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:9.0 /MODE:2
C:\Windows\ehome\ehmsas.exe -Embedding
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4392 CREDAT:71937
"C:\Program Files (x86)\Upromise\UpromiseGlobalCache.exe" -Embedding
"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4392 CREDAT:137498
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe -Embedding
"C:\Users\Owner\Documents\Girl Scouts\SecurityCheck.exe"
cmd /c ""C:\Users\Owner\AppData\Local\Temp\RarSFX0\SecurityCheck\SecurityCheck.bat" "
\??\C:\windows\system32\conhost.exe
NOTEPAD  checkup.txt
"C:\Users\Owner\Documents\Girl Scouts\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-10-26 398512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll [2010-10-26 317496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772}]
Toolbar BHO - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll [2011-02-03 684032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll [2010-09-03 396144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799}]
Search Assistant BHO - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll [2011-02-03 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69}]
Facetheme - C:\Program Files (x86)\Object\bho_project.dll [2010-09-03 93696]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL [2010-02-03 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
InboxDollars BHO - C:\Program Files (x86)\InboxDollars\Toolbar.dll [2010-09-12 1499136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
Zynga Toolbar - C:\Program Files (x86)\Zynga\tbZyn0.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
Swag Bucks Toolbar - C:\Program Files (x86)\Swag_Bucks\tbSwa2.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-26 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}]
DCA BHO - C:\Program Files (x86)\Upromise\dca-bho.dll [2010-08-04 806584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-09-02 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}]
ShopAtHomeIEHelper Class - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll [2010-08-09 746984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EDC0F17F-F4B7-47e4-B73E-887FAEB376FA}]
Upromise TurboSaver - C:\Program Files (x86)\Upromise\upromisetoolbar.dll [2010-08-06 2055888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-10-26 398512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7b13ec3e-999a-4b70-b9cb-2617b8323822} - Zynga Toolbar - C:\Program Files (x86)\Zynga\tbZyn0.dll [2010-06-13 2734688]
{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - ShopAtHome Toolbar - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll [2010-08-09 746984]
{47980628-3844-42AA-A0DD-E2D86BBA9600} - InboxDollars - C:\Program Files (x86)\InboxDollars\Toolbar.dll [2010-09-12 1499136]
{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - Swag Bucks Toolbar - C:\Program Files (x86)\Swag_Bucks\tbSwa2.dll [2010-10-18 3908192]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll [2010-09-03 396144]
{06E58E5E-F8CB-4049-991E-A41C03BD419E} - Upromise TurboSaver - C:\Program Files (x86)\Upromise\upromisetoolbar.dll [2010-08-06 2055888]
{3462c343-be19-4143-af70-cefb56f46fc6} - Coupon Alert - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll [2011-02-03 684032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"IgfxTray"=C:\windows\system32\igfxtray.exe [2009-09-02 165912]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2009-09-02 387608]
"Persistence"=C:\windows\system32\igfxpers.exe [2009-09-02 365592]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-29 7982112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-20 1815848]
"ThpSrv"=C:\windows\system32\ThpSrv.exe [2009-07-08 531520]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-08-05 497504]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-07-28 508216]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-08-05 909624]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2009-08-11 1482080]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2009-08-04 711000]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2009-08-03 709976]
"Windows Mobile Device Center"=C:\windows\WindowsMobile\wmdc.exe [2007-05-31 660360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"=C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe [2009-08-06 264048]
"DW6"=C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe []
"My Faster PC"=c:\program files (x86)\consumersoft\my faster pc\mfpchelper.exe []
"Upromise Tray"=C:\Program Files (x86)\Upromise\UpromiseTray.exe [2010-08-06 237264]
"BIBLauncher"=C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe [2009-11-16 853736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe [2010-10-31 232912]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"TUSBSleepChargeSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [2009-07-02 252288]
"NortonOnlineBackupReminder"=C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [2009-07-16 529256]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-07-21 1293624]
"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-12-14 47904]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]
"CouponAlert_2p Browser Plugin Loader"=C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe [2011-02-03 20480]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2009-08-27 259584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2011-02-17 12:35:34 ----D---- C:\rsit
2011-02-17 12:35:34 ----D---- C:\Program Files\trend micro
2011-02-10 23:25:16 ----D---- C:\ProgramData\MFAData
2011-02-10 22:14:02 ----D---- C:\Program Files (x86)\Adobe
2011-02-10 22:13:46 ----SHD---- C:\Config.Msi
2011-02-09 09:39:10 ----A---- C:\windows\system32\mshtml.dll
2011-02-09 09:39:09 ----A---- C:\windows\SYSWOW64\mshtml.dll
2011-02-09 09:39:07 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2011-02-09 09:39:06 ----A---- C:\windows\SYSWOW64\mstime.dll
2011-02-09 09:39:06 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2011-02-09 09:39:06 ----A---- C:\windows\system32\mstime.dll
2011-02-09 09:39:06 ----A---- C:\windows\system32\msfeeds.dll
2011-02-09 09:39:06 ----A---- C:\windows\system32\iedkcs32.dll
2011-02-09 09:39:05 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2011-02-09 09:39:05 ----A---- C:\windows\SYSWOW64\msfeedssync.exe
2011-02-09 09:39:05 ----A---- C:\windows\SYSWOW64\msfeedsbs.dll
2011-02-09 09:39:05 ----A---- C:\windows\SYSWOW64\licmgr10.dll
2011-02-09 09:39:05 ----A---- C:\windows\SYSWOW64\iertutil.dll
2011-02-09 09:39:05 ----A---- C:\windows\SYSWOW64\iepeers.dll
2011-02-09 09:39:05 ----A---- C:\windows\system32\mshtmled.dll
2011-02-09 09:39:05 ----A---- C:\windows\system32\msfeedssync.exe
2011-02-09 09:39:05 ----A---- C:\windows\system32\msfeedsbs.dll
2011-02-09 09:39:05 ----A---- C:\windows\system32\licmgr10.dll
2011-02-09 09:39:05 ----A---- C:\windows\system32\iertutil.dll
2011-02-09 09:39:05 ----A---- C:\windows\system32\iepeers.dll
2011-02-09 09:38:48 ----A---- C:\windows\SYSWOW64\kerberos.dll
2011-02-09 09:38:48 ----A---- C:\windows\system32\kerberos.dll
2011-02-09 09:38:44 ----A---- C:\windows\system32\winsrv.dll
2011-02-09 09:38:41 ----A---- C:\windows\system32\urlmon.dll
2011-02-09 09:38:41 ----A---- C:\windows\system32\upnp.dll
2011-02-09 09:38:41 ----A---- C:\windows\system32\msxml6.dll
2011-02-09 09:38:41 ----A---- C:\windows\system32\msxml3.dll
2011-02-09 09:38:40 ----A---- C:\windows\SYSWOW64\urlmon.dll
2011-02-09 09:38:40 ----A---- C:\windows\SYSWOW64\upnp.dll
2011-02-09 09:38:40 ----A---- C:\windows\SYSWOW64\msxml6.dll
2011-02-09 09:38:40 ----A---- C:\windows\system32\wininet.dll
2011-02-09 09:38:39 ----A---- C:\windows\SYSWOW64\wininet.dll
2011-02-09 09:38:39 ----A---- C:\windows\SYSWOW64\WebClnt.dll
2011-02-09 09:38:39 ----A---- C:\windows\SYSWOW64\msxml3.dll
2011-02-09 09:38:39 ----A---- C:\windows\SYSWOW64\ieframe.dll
2011-02-09 09:38:39 ----A---- C:\windows\SYSWOW64\davclnt.dll
2011-02-09 09:38:39 ----A---- C:\windows\system32\wscapi.dll
2011-02-09 09:38:39 ----A---- C:\windows\system32\winhttp.dll
2011-02-09 09:38:39 ----A---- C:\windows\system32\WebClnt.dll
2011-02-09 09:38:39 ----A---- C:\windows\system32\ieframe.dll
2011-02-09 09:38:39 ----A---- C:\windows\system32\davclnt.dll
2011-02-09 09:38:38 ----A---- C:\windows\SYSWOW64\wscapi.dll
2011-02-09 09:38:38 ----A---- C:\windows\SYSWOW64\winhttp.dll
2011-02-09 09:38:38 ----A---- C:\windows\SYSWOW64\slwga.dll
2011-02-09 09:38:38 ----A---- C:\windows\system32\wscsvc.dll
2011-02-09 09:38:38 ----A---- C:\windows\system32\slwga.dll
2011-02-09 09:38:36 ----A---- C:\windows\system32\win32k.sys
2011-02-09 09:38:35 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2011-02-09 09:38:35 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2011-02-09 09:38:35 ----A---- C:\windows\system32\cdd.dll
2011-02-09 09:38:32 ----A---- C:\windows\SYSWOW64\vbscript.dll
2011-02-09 09:38:32 ----A---- C:\windows\SYSWOW64\jscript.dll
2011-02-09 09:38:32 ----A---- C:\windows\system32\vbscript.dll
2011-02-09 09:38:32 ----A---- C:\windows\system32\jscript.dll
2011-02-09 09:38:31 ----A---- C:\windows\system32\ntoskrnl.exe
2011-02-09 09:38:30 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2011-02-09 09:38:30 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2011-02-09 09:38:30 ----A---- C:\windows\SYSWOW64\ntdll.dll
2011-02-09 09:38:30 ----A---- C:\windows\system32\ntdll.dll
2011-02-09 09:38:28 ----A---- C:\windows\SYSWOW64\atmlib.dll
2011-02-09 09:38:28 ----A---- C:\windows\SYSWOW64\atmfd.dll
2011-02-09 09:38:28 ----A---- C:\windows\system32\atmlib.dll
2011-02-09 09:38:28 ----A---- C:\windows\system32\atmfd.dll
2011-02-06 15:27:41 ----A---- C:\windows\SYSWOW64\msxml3a.dll
2011-02-06 15:25:12 ----D---- C:\Program Files (x86)\Business-in-a-Box
2011-02-04 21:51:25 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2011-02-03 12:46:34 ----D---- C:\Program Files (x86)\CouponAlert_2p
2011-02-03 12:45:54 ----D---- C:\Program Files (x86)\CouponAlert_2pEI
2011-01-29 15:47:24 ----D---- C:\Users\Owner\AppData\Roaming\NesterSoft
2011-01-29 15:47:24 ----D---- C:\Program Files (x86)\TimeLeft3
2011-01-28 23:11:13 ----D---- C:\Users\Owner\AppData\Roaming\upromise
2011-01-28 23:11:13 ----D---- C:\Program Files (x86)\Upromise
2011-01-27 22:13:07 ----A---- C:\windows\SYSWOW64\~GLH0003.TMP
2011-01-27 22:12:42 ----D---- C:\Program Files (x86)\The Weather Channel FW
2011-01-27 03:00:37 ----D---- C:\de185e76be59bfa7efb3d9b418ed50
2011-01-26 15:24:12 ----D---- C:\Users\Owner\AppData\Roaming\Template
2011-01-24 22:43:33 ----RA---- C:\windows\SYSWOW64\GEARAspi.dll
2011-01-24 22:43:33 ----RA---- C:\windows\system32\GEARAspi64.dll
2011-01-24 22:43:33 ----RA---- C:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-24 22:43:18 ----D---- C:\Program Files\Symantec
2011-01-24 22:43:18 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-01-24 22:43:18 ----A---- C:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-01-24 22:41:30 ----D---- C:\windows\system32\drivers\N360x64
2011-01-24 22:41:29 ----D---- C:\Program Files (x86)\Norton 360
2011-01-24 22:00:25 ----D---- C:\Users\Owner\AppData\Roaming\ConsumerSoft
2011-01-24 21:58:57 ----D---- C:\Program Files (x86)\ConsumerSoft
2011-01-24 11:05:59 ----D---- C:\Program Files (x86)\Windows Live Safety Center
2011-01-21 16:22:27 ----D---- C:\ProgramData\Cadsoft
2011-01-21 14:17:31 ----A---- C:\ProgramData\_r_a_p_.tmp
2011-01-12 06:47:35 ----A---- C:\windows\SYSWOW64\d3d10warp.dll
2011-01-12 06:47:35 ----A---- C:\windows\system32\d3d10warp.dll
2011-01-12 06:47:34 ----A---- C:\windows\SYSWOW64\DWrite.dll
2011-01-12 06:47:34 ----A---- C:\windows\SYSWOW64\d2d1.dll
2011-01-12 06:47:34 ----A---- C:\windows\system32\XpsPrint.dll
2011-01-12 06:47:34 ----A---- C:\windows\system32\WMVDECOD.DLL
2011-01-12 06:47:34 ----A---- C:\windows\system32\mf.dll
2011-01-12 06:47:34 ----A---- C:\windows\system32\FntCache.dll
2011-01-12 06:47:34 ----A---- C:\windows\system32\DWrite.dll
2011-01-12 06:47:34 ----A---- C:\windows\system32\d2d1.dll
2011-01-12 06:47:33 ----A---- C:\windows\SYSWOW64\XpsPrint.dll
2011-01-12 06:47:33 ----A---- C:\windows\SYSWOW64\XpsGdiConverter.dll
2011-01-12 06:47:33 ----A---- C:\windows\SYSWOW64\WMVDECOD.DLL
2011-01-12 06:47:33 ----A---- C:\windows\SYSWOW64\mfreadwrite.dll
2011-01-12 06:47:33 ----A---- C:\windows\SYSWOW64\mf.dll
2011-01-12 06:47:33 ----A---- C:\windows\SYSWOW64\ExplorerFrame.dll
2011-01-12 06:47:33 ----A---- C:\windows\SYSWOW64\d3d10_1core.dll
2011-01-12 06:47:33 ----A---- C:\windows\system32\XpsRasterService.dll
2011-01-12 06:47:33 ----A---- C:\windows\system32\XpsGdiConverter.dll
2011-01-12 06:47:33 ----A---- C:\windows\system32\mfreadwrite.dll
2011-01-12 06:47:33 ----A---- C:\windows\system32\ExplorerFrame.dll
2011-01-12 06:47:33 ----A---- C:\windows\system32\d3d10_1core.dll
2011-01-12 06:47:32 ----A---- C:\windows\SYSWOW64\XpsRasterService.dll
2011-01-12 06:47:32 ----A---- C:\windows\SYSWOW64\d3d10_1.dll
2011-01-12 06:47:32 ----A---- C:\windows\system32\mfps.dll
2011-01-12 06:47:32 ----A---- C:\windows\system32\d3d10_1.dll
2011-01-12 06:47:23 ----A---- C:\windows\SYSWOW64\odbc32.dll
2011-01-12 06:47:23 ----A---- C:\windows\system32\odbc32.dll
2011-01-06 12:26:00 ----D---- C:\Users\Owner\AppData\Roaming\Amazon
2011-01-03 11:51:25 ----D---- C:\Program Files\iPod
2011-01-03 11:51:24 ----D---- C:\Program Files\iTunes
2011-01-03 11:41:55 ----D---- C:\Program Files (x86)\QuickTime
2011-01-02 23:26:34 ----D---- C:\Users\Owner\AppData\Roaming\Intuit
2011-01-02 23:26:30 ----A---- C:\windows\QUICKEN.INI
2011-01-02 23:25:53 ----D---- C:\ProgramData\Intuit
2010-12-25 18:15:19 ----D---- C:\Users\Owner\AppData\Roaming\Fisher-Price
2010-12-25 18:11:02 ----D---- C:\ProgramData\Fisher-Price
2010-12-25 18:10:31 ----D---- C:\Program Files (x86)\Fisher-Price
2010-12-15 14:56:35 ----A---- C:\windows\SYSWOW64\tzres.dll
2010-12-15 14:56:35 ----A---- C:\windows\system32\tzres.dll
2010-12-15 14:56:24 ----A---- C:\windows\system32\taskschd.dll
2010-12-15 14:56:24 ----A---- C:\windows\system32\taskeng.exe
2010-12-15 14:56:24 ----A---- C:\windows\system32\schedsvc.dll
2010-12-15 14:56:23 ----A---- C:\windows\SYSWOW64\taskschd.dll
2010-12-15 14:56:23 ----A---- C:\windows\SYSWOW64\taskeng.exe
2010-12-15 14:56:23 ----A---- C:\windows\SYSWOW64\taskcomp.dll
2010-12-15 14:56:23 ----A---- C:\windows\SYSWOW64\schtasks.exe
2010-12-15 14:56:23 ----A---- C:\windows\system32\wmicmiplugin.dll
2010-12-15 14:56:23 ----A---- C:\windows\system32\taskcomp.dll
2010-12-15 14:56:23 ----A---- C:\windows\system32\schtasks.exe
2010-12-15 14:56:12 ----A---- C:\windows\SYSWOW64\webio.dll
2010-12-15 14:56:12 ----A---- C:\windows\system32\webio.dll
2010-12-15 14:56:10 ----A---- C:\windows\system32\consent.exe
2010-12-15 14:55:13 ----A---- C:\windows\SYSWOW64\ieui.dll
2010-12-15 14:55:13 ----A---- C:\windows\system32\ieui.dll
2010-12-15 14:55:11 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2010-12-15 14:55:11 ----A---- C:\windows\system32\jsproxy.dll
2010-11-30 15:01:56 ----D---- C:\Program Files (x86)\Apple Software Update
2010-11-30 14:16:30 ----D---- C:\Program Files\Bonjour
2010-11-30 14:16:30 ----D---- C:\Program Files (x86)\Bonjour
2010-11-20 10:02:01 ----D---- C:\Program Files (x86)\ConduitEngine
2010-11-20 10:02:01 ----A---- C:\windows\SYSWOW64\ConduitEngine.tmp

======List of files/folders modified in the last 3 months======

2011-02-17 12:35:50 ----D---- C:\windows\Prefetch
2011-02-17 12:35:34 ----RD---- C:\Program Files
2011-02-17 12:34:15 ----D---- C:\windows\Temp
2011-02-17 12:19:54 ----SD---- C:\Users\Owner\AppData\Roaming\Microsoft
2011-02-17 07:38:37 ----D---- C:\windows\system32\config
2011-02-10 23:25:16 ----HD---- C:\ProgramData
2011-02-10 22:44:43 ----D---- C:\ProgramData\Adobe
2011-02-10 22:14:25 ----SHD---- C:\windows\Installer
2011-02-10 22:14:02 ----RD---- C:\Program Files (x86)
2011-02-10 22:13:42 ----D---- C:\windows\SysWOW64
2011-02-10 10:30:06 ----SHD---- C:\System Volume Information
2011-02-10 10:30:05 ----D---- C:\windows\winsxs
2011-02-10 10:26:05 ----D---- C:\Program Files\Internet Explorer
2011-02-10 10:26:05 ----D---- C:\Program Files (x86)\Internet Explorer
2011-02-10 10:26:05 ----AD---- C:\windows\System32
2011-02-10 10:26:00 ----D---- C:\windows\system32\drivers
2011-02-10 09:58:57 ----D---- C:\ProgramData\Microsoft Help
2011-02-10 09:56:04 ----A---- C:\windows\system32\MRT.exe
2011-02-09 09:38:08 ----D---- C:\windows\system32\catroot
2011-02-09 09:38:07 ----D---- C:\windows\system32\catroot2
2011-02-05 00:33:27 ----D---- C:\windows\Microsoft.NET
2011-02-05 00:32:36 ----RSD---- C:\windows\assembly
2011-02-04 21:55:27 ----D---- C:\windows\ShellNew
2011-02-04 21:55:15 ----RSD---- C:\windows\Fonts
2011-02-04 21:55:01 ----D---- C:\Program Files (x86)\Common Files
2011-02-04 21:54:50 ----D---- C:\Program Files (x86)\Microsoft Office
2011-02-04 21:52:38 ----D---- C:\windows\system32\Tasks
2011-02-04 21:52:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-02-04 21:52:20 ----SD---- C:\ProgramData\Microsoft
2011-02-04 21:51:33 ----D---- C:\Program Files\Microsoft Office
2011-02-04 20:12:04 ----AD---- C:\Windows
2011-02-04 20:07:10 ----D---- C:\windows\Downloaded Program Files
2011-02-02 17:17:47 ----D---- C:\windows\inf
2011-02-02 17:17:47 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-01-29 17:11:51 ----D---- C:\windows\system32\NDF
2011-01-28 15:18:10 ----D---- C:\Program Files (x86)\Coupons
2011-01-28 08:06:45 ----A---- C:\windows\win.ini
2011-01-27 15:16:58 ----D---- C:\Program Files (x86)\NortonInstaller
2011-01-27 13:39:51 ----D---- C:\windows\system32\FxsTmp
2011-01-27 08:13:02 ----D---- C:\Program Files (x86)\Microsoft Works
2011-01-27 08:09:43 ----D---- C:\windows\WindowsMobile
2011-01-27 03:10:20 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-01-27 03:10:19 ----D---- C:\ProgramData\McAfee
2011-01-27 03:10:19 ----D---- C:\Program Files (x86)\McAfee
2011-01-27 03:10:18 ----D---- C:\Program Files\McAfee
2011-01-27 03:10:18 ----D---- C:\Program Files\Common Files\McAfee
2011-01-24 22:45:13 ----D---- C:\ProgramData\Norton
2011-01-24 22:43:18 ----D---- C:\Program Files\Common Files
2011-01-24 21:48:36 ----SHD---- C:\$Recycle.Bin
2011-01-24 16:01:16 ----D---- C:\ProgramData\Symantec
2011-01-24 16:01:13 ----D---- C:\windows\Tasks
2011-01-24 12:20:05 ----D---- C:\Program Files (x86)\Windows Live
2011-01-23 20:47:47 ----D---- C:\Program Files (x86)\Nova Development
2011-01-23 20:47:46 ----D---- C:\ProgramData\Nova Development
2011-01-23 20:47:04 ----D---- C:\Users\Owner\AppData\Roaming\Adobe
2011-01-21 14:21:46 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-01-21 13:32:08 ----D---- C:\Program Files (x86)\ColorByNumbers
2011-01-17 21:24:03 ----D---- C:\windows\rescache
2011-01-05 16:23:16 ----D---- C:\Users\Owner\AppData\Roaming\Apple Computer
2011-01-03 11:51:58 ----D---- C:\Program Files (x86)\iTunes
2010-12-24 17:53:45 ----D---- C:\windows\system32\drivers\UMDF
2010-12-16 11:38:37 ----D---- C:\windows\SYSWOW64\en-US
2010-12-16 11:38:37 ----D---- C:\windows\system32\en-US
2010-12-16 11:38:12 ----D---- C:\Program Files\Windows Mail
2010-12-16 11:38:12 ----D---- C:\Program Files (x86)\Windows Mail
2010-12-16 11:38:11 ----D---- C:\windows\SYSWOW64\migration
2010-12-16 11:38:11 ----D---- C:\windows\system32\migration
2010-11-30 15:13:12 ----DC---- C:\windows\system32\DRVSTORE
2010-11-30 14:16:54 ----D---- C:\windows\system32\DriverStore
2010-11-30 14:13:11 ----D---- C:\Program Files (x86)\Safari
2010-11-20 10:02:00 ----D---- C:\Program Files (x86)\Swag_Bucks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-08-07 408600]
R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12352]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-13 214096]
R0 SymDS;Symantec Data Store; C:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [2010-02-03 433200]
R0 SymEFA;Symantec Extended File Attributes; C:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [2010-04-21 221232]
R0 Thpdrv;TOSHIBA HDD Protection Driver; C:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver; C:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-01-14 953904]
R1 ccHP;Symantec Hash Provider; C:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [2010-02-25 615040]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2011-01-24 475696]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110216.001\IDSvia64.sys [2010-12-01 476792]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\windows\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS [2010-04-21 32304]
R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [2010-04-29 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [2010-05-05 451120]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R2 rimspci;rimspci; C:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
R2 risdpcie;risdpcie; C:\windows\system32\DRIVERS\risdpe64.sys [2009-07-28 81408]
R2 rixdpcie;rixdpcie; C:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-01-24 132656]
R3 FwLnk;FwLnk Driver; C:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2009-08-27 7369600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2009-07-29 1966624]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110217.003\ENG64.SYS [2011-01-24 117880]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110217.003\EX64.SYS [2011-01-24 1791096]
R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\windows\system32\DRIVERS\rtl8192se.sys [2009-09-09 943616]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\windows\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS [2010-04-21 505392]
R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [2011-01-24 173104]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-07-20 274480]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2009-06-19 1394688]
S3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-13 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-13 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2009-07-13 551936]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-13 79360]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-13 158720]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-07-13 109056]
S3 usb_rndisx;USB RNDIS Adapter; C:\windows\system32\DRIVERS\usb8023x.sys [2009-07-13 19968]
S3 USBAAPL64;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys [2010-09-28 51712]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-13 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 CouponAlert_2pService;Coupon Alert Service; C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe [2011-02-03 28766]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-25 126392]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\windows\system32\svchost.exe [2009-07-13 27136]
R2 Thpsrv;TOSHIBA HDD Protection; C:\windows\system32\ThpSrv.exe [2009-07-08 531520]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-08-05 488800]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\windows\system32\svchost.exe [2009-07-13 27136]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-07-21 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2009-05-22 250616]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-02 182768]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 932640]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-03-12 1255736]

-----------------EOF-----------------

Results of screen317's Security Check version 0.99.8 
 Windows 7  (UAC is enabled)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 Norton 360     
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Java(TM) 6 Update 14 
 Out of date Java installed!
 Adobe Flash Player   
Adobe Reader 9.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Norton ccSvcHst.exe
``````````End of Log````````````

Good Morning,

I have to say it is frustrating having a computer smarter than you are.  I ran into some problems with my instructons last night and I am stumped.

I was able to successfully remove ShopatHome and Zynga toolbars but after that the issues started pouring in.

While trying to uninstall the Swag Bucks toolbar, it "froze" in the middle of the process and then after trying to refresh said that it did not uninstall properly but that caused a window to pop up with the message "could not open INSTALL.LOG.file".  I tried restarting the computer but it is stuck that way now and still shows up in add/remove programs.  On the other hand, InboxDollars had a similar issue but a message had stated that it was not properly uninstalled or may have been uninstalled and had an option to remove it from being seen in the programs in the control panel.

Next, Adobe was installed properly and the version was X(10.0.1)- no problems there.  All other versions were uninstalled but don't have current versions of Shockwave, etc. (those were seperate downloads and didn't know if I should have done them at that point or later so need further instruction on that)

Okay now for the major stuff.  Java is kicking my butt!  I first tried to uninstall the old version of Java and kept getting a window that said: Error 1723: Which basically stated that there is a missing "dll" file that could not be found and therefore the task could not be performed.  I was not about to go searching on the web for what that error meant so I looked for help in both Windows and Java's FAQ's.  Had really no luck with that error number in either place. I then tried to install the JavaRa but couldn't do that either.  So I went to Java's website to try and look for more answers as to why this was happening and struck out there too.

Not to worry, Stephanie.  You did great! 

Go ahead with TFC (Temp File Cleaner) and Malwarebytes.  Post the MBAM log and a fresh HijackThis log when you're finished.

Well thanks to you I have a much faster, more efficient running computer.  I have not been able to get to the JavaRa part yet, but will in the next couple of hours.  I have copied my report below.  I don't know for sure, but even though I did have 11 trojans on my computer, I believe there were removed successfully and now we are ready for anti-virus software?????

I will post again when I have successfully (or not I suppose) installed Java.

Thanks again.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5799

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/18/2011 12:35:51 PM
mbam-log-2011-02-18 (12-35-51).txt

Scan type: Quick scan
Objects scanned: 162282
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files (x86)\Object\bho_project.dll (Trojan.BHO) -> Not selected for removal.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\Object\bho_project.dll (Trojan.BHO) -> Not selected for removal.
 

Forgot to mention this...I made a mistake by unselecting them cause in the example you gave me, I thought it was ALL of C:/, then I looked again and realized it was C:/System Volume Information files, one of which was I do believe in my program files (perhaps the Java removal issue).  I redid the scan and malwarebytes did not find any system errors.  Now I don't know how to find these two files and take care of them.  Also I need to include the Hijackthis log as well which I will do and post in a min.

I just now got around to trying out this offline installation and I am still having the same problem, can't uninstall or install due to this error 1723 which says the problem with this Windows Installer Package is "A DLL required for the install to complete could not be run"  and then to contact your support personnel.  I get the same window for both.  Uggg so close, but I am still trying to find where those two files I didn't check went cause I can't find them anywhere and malwarebytes isn't detecting it anymore.  It says there are 0 threats and my computer is clean.  I am sure this Java thing is part of the missing link.

ComboFix 11-02-19.01 - Owner 02/19/2011  14:48:09.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3964.2358 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\Java
c:\program files (x86)\Object\bho_project.dll
c:\users\Owner\AppData\Local\ie_runner_app.exe

.
(((((((((((((((((((((((((   Files Created from 2011-01-19 to 2011-02-19  )))))))))))))))))))))))))))))))
.

2011-02-18 17:17 . 2011-02-18 17:17   --------   d-----w-   c:\users\Owner\AppData\Roaming\Malwarebytes
2011-02-18 17:17 . 2011-02-18 17:17   --------   d-----w-   c:\programdata\Malwarebytes
2011-02-18 17:17 . 2010-12-20 23:09   38224   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-18 17:17 . 2011-02-18 17:17   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-18 17:17 . 2010-12-20 23:08   24152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-18 03:25 . 2011-02-18 03:25   --------   d-----w-   c:\program files (x86)\Common Files\Adobe
2011-02-17 17:35 . 2011-02-19 02:30   --------   d-----w-   c:\program files\trend micro
2011-02-17 17:35 . 2011-02-17 17:35   --------   d-----w-   C:\rsit
2011-02-11 04:25 . 2011-02-11 04:25   --------   d-----w-   c:\programdata\MFAData
2011-02-09 14:38 . 2010-12-18 06:11   714752   ----a-w-   c:\windows\system32\kerberos.dll
2011-02-06 20:27 . 2000-10-19 19:05   25088   ----a-w-   c:\windows\SysWow64\msxml3a.dll
2011-02-04 17:49 . 2011-02-04 17:49   --------   d-----w-   c:\users\Owner\AppData\Local\CrashDumps
2011-02-03 17:46 . 2011-02-03 17:46   --------   d-----w-   c:\program files (x86)\CouponAlert_2p
2011-01-29 04:11 . 2011-02-18 02:23   --------   d-----w-   c:\program files (x86)\Upromise
2011-01-29 04:11 . 2011-01-29 04:11   --------   d-----w-   c:\users\Owner\AppData\Roaming\upromise
2011-01-28 03:12 . 2011-01-28 03:12   --------   d-----w-   c:\users\Owner\AppData\Local\The Weather Channel
2011-01-28 03:12 . 2011-01-28 03:12   --------   d-----w-   c:\program files (x86)\The Weather Channel FW
2011-01-27 13:10 . 2011-01-27 13:10   --------   d-----w-   c:\users\Default\AppData\Local\Microsoft Help
2011-01-27 08:00 . 2011-01-27 08:00   --------   d-----w-   C:\de185e76be59bfa7efb3d9b418ed50
2011-01-26 20:24 . 2011-01-26 20:25   --------   d-----w-   c:\users\Owner\AppData\Roaming\Template
2011-01-25 03:43 . 2009-05-18 21:17   34152   ----a-r-   c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-25 03:43 . 2008-04-17 20:12   126312   ----a-r-   c:\windows\system32\GEARAspi64.dll
2011-01-25 03:43 . 2008-04-17 20:12   107368   ----a-r-   c:\windows\SysWow64\GEARAspi.dll
2011-01-25 03:43 . 2011-01-25 03:43   --------   d-----w-   c:\program files\Symantec
2011-01-25 03:43 . 2011-01-25 03:43   173104   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-01-25 03:43 . 2011-01-25 03:43   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2011-01-25 03:41 . 2011-02-02 21:46   --------   d-----w-   c:\windows\system32\drivers\N360x64
2011-01-25 03:41 . 2011-01-25 03:41   --------   d-----w-   c:\program files (x86)\Norton 360
2011-01-25 03:00 . 2011-01-25 03:00   --------   d-----w-   c:\users\Owner\AppData\Roaming\ConsumerSoft
2011-01-24 16:05 . 2011-01-24 16:06   --------   d-----w-   c:\program files (x86)\Windows Live Safety Center
2011-01-24 01:56 . 2011-01-24 01:56   --------   d-----w-   c:\users\Owner\AppData\Local\Avanquest North America
2011-01-21 21:22 . 2011-01-21 21:22   --------   d-----w-   c:\programdata\Cadsoft
2011-01-21 19:17 . 2011-01-21 19:17   0   ----a-w-   c:\programdata\_r_a_p_.tmp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:38 . 2010-11-29 22:38   94208   ----a-w-   c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38   69632   ----a-w-   c:\windows\SysWow64\QuickTime.qts
2002-07-27 07:02 . 2010-10-09 03:21   153088   ------w-   c:\program files (x86)\UNWISE.EXE
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\tbSwa2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2010-10-18 10:26   3908192   ----a-w-   c:\program files (x86)\Swag_Bucks\tbSwa2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\tbSwa2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"Upromise Tray"="c:\program files (x86)\Upromise\UpromiseTray.exe" [2010-08-06 237264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TUSBSleepChargeSrv"="c:\program files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-07-21 1293624]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CouponAlert_2pService;Coupon Alert Service;c:\progra~2\COUPON~2\bar\1.bin\2pbarsvc.exe

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-07-21 51512]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-12 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [2010-02-04 433200]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [2010-04-22 221232]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-01-14 953904]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [2010-02-26 615040]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110218.003\IDSvia64.sys [2010-12-01 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [2010-04-29 150064]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [2010-05-06 451120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-29 81408]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-01-24 132656]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-09-09 943616]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15   264048   ----a-w-   c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1815848]
"ThpSrv"="c:\windows\system32\ThpSrv.exe" [2009-07-08 531520]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 497504]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 508216]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 909624]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-12 1482080]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-04 711000]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
mStart Page = hxxp://www.startsearcher.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.opinionguru.com/CopyGuardIE.cab
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{4219427b-0228-4356-a78b-eb7668d37d07} - c:\program files (x86)\InboxDollars\Helper.dll
URLSearchHooks-{7b9f8c21-46ec-4c0b-8683-e755ef84577a} - c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
BHO-{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - c:\progra~2\COUPON~2\bar\1.bin\2pbar.dll
BHO-{60e91567-ef8a-4520-bce2-83aba5256799} - c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
BHO-{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - c:\program files (x86)\InboxDollars\Toolbar.dll
Toolbar-Locked - (no file)
Toolbar-{47980628-3844-42AA-A0DD-E2D86BBA9600} - c:\program files (x86)\InboxDollars\Toolbar.dll
Toolbar-{3462c343-be19-4143-af70-cefb56f46fc6} - c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKCU-Run-My Faster PC - c:\program files (x86)\consumersoft\my faster pc\mfpchelper.exe
Wow6432Node-HKLM-Run-AppleSyncNotifier - c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
Wow6432Node-HKLM-Run-CouponAlert_2p Browser Plugin Loader - c:\progra~2\COUPON~2\bar\1.bin\2pbrmon.exe
Toolbar-Locked - (no file)
WebBrowser-{47980628-3844-42AA-A0DD-E2D86BBA9600} - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
HKLM-Run-(Default) - (no file)
AddRemove-Adobe AIR - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-HOMESTUDENTR - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe
AddRemove-InstallShield_{0363C7DA-291C-454E-A318-570D4FC0A040} - c:\program files (x86)\InstallShield Installation Information\{0363C7DA-291C-454E-A318-570D4FC0A040}\setup.exe
AddRemove-InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A} - c:\program files (x86)\InstallShield Installation Information\{50F68032-B5B7-4513-9116-C978DBD8F27A}\setup.exe
AddRemove-InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF} - c:\program files (x86)\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe
AddRemove-InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E} - c:\program files (x86)\InstallShield Installation Information\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}\setup.exe
AddRemove-InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38} - c:\program files (x86)\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe
AddRemove-InstallShield_{DE6DBCE8-05B1-49BF-BB0F-D1C8C49FB1EA} - c:\program files (x86)\InstallShield Installation Information\{DE6DBCE8-05B1-49BF-BB0F-D1C8C49FB1EA}\setup.exe
AddRemove-InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81} - c:\program files (x86)\InstallShield Installation Information\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}\setup.exe
AddRemove-InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F} - c:\program files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe
AddRemove-Office14.SingleImage - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe
AddRemove-{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE} - c:\program files (x86)\InstallShield Installation Information\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}\setup.exe
AddRemove-{1B87C40B-A60B-4EF3-9A68-706CF4B69978} - c:\program files (x86)\InstallShield Installation Information\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}\setup.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_AC0049E063DE2AEA.exe
AddRemove-{3B843B38-04B1-4CE6-8888-586273E0F289} - c:\program files (x86)\InstallShield Installation Information\{3B843B38-04B1-4CE6-8888-586273E0F289}\setup.exe
AddRemove-{5E6F6CF3-BACC-4144-868C-E14622C658F3} - c:\program files (x86)\InstallShield Installation Information\{5E6F6CF3-BACC-4144-868C-E14622C658F3}\setup.exe
AddRemove-{6C5F3BDC-0A1B-4436-A696-5939629D5C31} - c:\program files (x86)\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe
AddRemove-{8833FFB6-5B0C-4764-81AA-06DFEED9A476} - c:\program files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe
AddRemove-{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{E966C940-CC8C-4EC0-8D84-ED27AC20D53C} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1D1A4F08-2F17-475B-BA72-476CE5992FEE} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{556146F7-74AE-4E0A-B64F-5B8B93469F61} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6C845127-B949-4D76-A732-BCB396AD9AA5} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{75F91382-920C-4AE1-B9E6-FFFCEDA797E8} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{86B7A074-265D-420C-9E1E-7A920EF0ECA7} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A004ADA8-EFD6-4CFE-849A-0C91B4C665FC} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A6D422EE-1196-45EE-B9AE-6B5B64975E8B} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B5516874-E926-4BFD-B412-D0E70112F244} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{C3C277D5-36E3-4B1A-926A-175B2BC019CF} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D6CE7280-6EE3-419A-8F47-DB111C040B1B} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F134C2C6-30B3-4169-A325-58482B4CE6FC} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{9AEAF9CC-390B-49C0-8F7F-14092BF163B6} - c:\program files (x86)\InstallShield Installation Information\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}\setup.exe
AddRemove-{AC6569FA-6919-442A-8552-073BE69E247A} - c:\program files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe
AddRemove-{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} - c:\program files (x86)\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe
AddRemove-{DA84ECBF-4B79-47F2-B34C-95C38484C058} - c:\program files (x86)\InstallShield Installation Information\{DA84ECBF-4B79-47F2-B34C-95C38484C058}\setup.exe
AddRemove-{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F} - c:\program files (x86)\InstallShield Installation Information\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}\setup.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Completion time: 2011-02-19  15:01:42 - machine was rebooted
ComboFix-quarantined-files.txt  2011-02-19 20:01

Pre-Run: 431,835,938,816 bytes free
Post-Run: 431,654,551,552 bytes free

- - End Of File - - F0375BF4E9429CF466B079BE23A52DC2