Slow Running/Potentially Infected Computer

Started by slkohlmeier, February 17, 2011, 05:52:47 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2
User actions

slkohlmeier

#15
February 19, 2011, 08:17:42 PM
Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2011-02-19 15:13:45
Microsoft Windows 7 Home Premium 
System drive C: has 412 GB (89%) free of 465 GB
Total RAM: 3964 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:13:48 PM, on 2/19/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\Upromise\UpromiseTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Upromise\UpromiseGlobalCache.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwa2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Toolbar BHO - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Search Assistant BHO - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: FCTBPos00Pos - {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - C:\Program Files (x86)\InboxDollars\Toolbar.dll (file missing)
O2 - BHO: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwa2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (file missing)
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O3 - Toolbar: InboxDollars - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll (file missing)
O3 - Toolbar: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwa2.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O3 - Toolbar: Coupon Alert - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (file missing)
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] "C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MyTOSHIBA] "C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
O4 - HKCU\..\Run: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://c:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (file missing)
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (file missing)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\bonjour\mdnsnsp.dll' missing
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} (CopyGuardCtrl Class) - http://www.opinionguru.com/CopyGuardIE.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing)
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Coupon Alert Service (CouponAlert_2pService) - Unknown owner - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Office  Source Engine (ose) - Unknown owner - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14429 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
winlogon.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\diMaster.dll" /prefetch:1
"taskhost.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\windows\system32\Dwm.exe"
C:\windows\system32\ThpSrv.exe
C:\windows\Explorer.EXE
C:\Windows\system32\TODDSrv.exe
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe" /c /a /s UserSession
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\ThpSrv.exe" /logon
"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"
"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe"
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Upromise\UpromiseTray.exe"
C:\windows\system32\svchost.exe -k WindowsMobile
taskeng.exe {FD798E63-5C82-48B2-A71F-BFDF07A22122}
"C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\windows\system32\wuauclt.exe"
notepad.exe  "C:\Users\Owner\AppData\Local\Temp\log.txt"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4948 CREDAT:71937
"C:\Program Files (x86)\Upromise\UpromiseGlobalCache.exe" -Embedding
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe -Embedding
"C:\Users\Owner\Documents\Girl Scouts\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll [2010-10-26 317496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772}]
Toolbar BHO - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll [2010-09-03 396144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799}]
Search Assistant BHO - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL [2010-02-03 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
InboxDollars BHO - C:\Program Files (x86)\InboxDollars\Toolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
Swag Bucks Toolbar - C:\Program Files (x86)\Swag_Bucks\tbSwa2.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}]
DCA BHO - C:\Program Files (x86)\Upromise\dca-bho.dll [2010-08-04 806584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EDC0F17F-F4B7-47e4-B73E-887FAEB376FA}]
Upromise TurboSaver - C:\Program Files (x86)\Upromise\upromisetoolbar.dll [2010-08-06 2055888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47980628-3844-42AA-A0DD-E2D86BBA9600} - InboxDollars - C:\Program Files (x86)\InboxDollars\Toolbar.dll []
{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - Swag Bucks Toolbar - C:\Program Files (x86)\Swag_Bucks\tbSwa2.dll [2010-10-18 3908192]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll []
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll [2010-09-03 396144]
{06E58E5E-F8CB-4049-991E-A41C03BD419E} - Upromise TurboSaver - C:\Program Files (x86)\Upromise\upromisetoolbar.dll [2010-08-06 2055888]
{3462c343-be19-4143-af70-cefb56f46fc6} - Coupon Alert - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2009-09-02 165912]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2009-09-02 387608]
"Persistence"=C:\windows\system32\igfxpers.exe [2009-09-02 365592]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-29 7982112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-20 1815848]
"ThpSrv"=C:\windows\system32\ThpSrv.exe [2009-07-08 531520]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-08-05 497504]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-07-28 508216]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-08-05 909624]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2009-08-11 1482080]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2009-08-04 711000]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2009-08-03 709976]
"Windows Mobile Device Center"=C:\windows\WindowsMobile\wmdc.exe [2007-05-31 660360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"=C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe [2009-08-06 264048]
"Upromise Tray"=C:\Program Files (x86)\Upromise\UpromiseTray.exe [2010-08-06 237264]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"TUSBSleepChargeSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [2009-07-02 252288]
"NortonOnlineBackupReminder"=C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [2009-07-16 529256]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-07-21 1293624]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2009-08-27 259584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2009-07-13 290304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-02-19 15:01:45 ----D---- C:\windows\temp
2011-02-19 15:01:42 ----A---- C:\ComboFix.txt
2011-02-19 14:47:05 ----A---- C:\windows\zip.exe
2011-02-19 14:47:05 ----A---- C:\windows\SWSC.exe
2011-02-19 14:47:05 ----A---- C:\windows\SWREG.exe
2011-02-19 14:47:05 ----A---- C:\windows\sed.exe
2011-02-19 14:47:05 ----A---- C:\windows\PEV.exe
2011-02-19 14:47:05 ----A---- C:\windows\NIRCMD.exe
2011-02-19 14:47:05 ----A---- C:\windows\MBR.exe
2011-02-19 14:47:05 ----A---- C:\windows\grep.exe
2011-02-19 14:46:34 ----A---- C:\windows\SWXCACLS.exe
2011-02-19 14:46:31 ----D---- C:\32788R22FWJFW
2011-02-19 14:45:59 ----D---- C:\windows\ERDNT
2011-02-19 14:43:56 ----D---- C:\Qoobox
2011-02-18 12:17:48 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2011-02-18 12:17:29 ----D---- C:\ProgramData\Malwarebytes
2011-02-18 12:17:29 ----A---- C:\windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-02-18 12:17:26 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-18 12:17:26 ----A---- C:\windows\system32\drivers\mbam.sys
2011-02-17 23:47:27 ----D---- C:\Users\Owner\AppData\Roaming\Sun
2011-02-17 22:25:47 ----D---- C:\Program Files (x86)\Adobe
2011-02-17 12:35:34 ----D---- C:\rsit
2011-02-17 12:35:34 ----D---- C:\Program Files\trend micro
2011-02-10 23:25:16 ----D---- C:\ProgramData\MFAData
2011-02-10 22:13:46 ----D---- C:\Config.Msi
2011-02-09 09:39:10 ----A---- C:\windows\system32\mshtml.dll
2011-02-09 09:39:09 ----A---- C:\windows\SYSWOW64\mshtml.dll
2011-02-09 09:39:07 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2011-02-09 09:39:06 ----A---- C:\windows\SYSWOW64\mstime.dll
2011-02-09 09:39:06 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2011-02-09 09:39:06 ----A---- C:\windows\system32\mstime.dll
2011-02-09 09:39:06 ----A---- C:\windows\system32\msfeeds.dll
2011-02-09 09:39:06 ----A---- C:\windows\system32\iedkcs32.dll
2011-02-09 09:39:05 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2011-02-09 09:39:05 ----A---- C:\windows\SYSWOW64\msfeedssync.exe
2011-02-09 09:39:05 ----A---- C:\windows\SYSWOW64\msfeedsbs.dll
2011-02-09 09:39:05 ----A---- C:\windows\SYSWOW64\licmgr10.dll
2011-02-09 09:39:05 ----A---- C:\windows\SYSWOW64\iertutil.dll
2011-02-09 09:39:05 ----A---- C:\windows\SYSWOW64\iepeers.dll
2011-02-09 09:39:05 ----A---- C:\windows\system32\mshtmled.dll
2011-02-09 09:39:05 ----A---- C:\windows\system32\msfeedssync.exe
2011-02-09 09:39:05 ----A---- C:\windows\system32\msfeedsbs.dll
2011-02-09 09:39:05 ----A---- C:\windows\system32\licmgr10.dll
2011-02-09 09:39:05 ----A---- C:\windows\system32\iertutil.dll
2011-02-09 09:39:05 ----A---- C:\windows\system32\iepeers.dll
2011-02-09 09:38:48 ----A---- C:\windows\SYSWOW64\kerberos.dll
2011-02-09 09:38:48 ----A---- C:\windows\system32\kerberos.dll
2011-02-09 09:38:44 ----A---- C:\windows\system32\winsrv.dll
2011-02-09 09:38:41 ----A---- C:\windows\system32\urlmon.dll
2011-02-09 09:38:41 ----A---- C:\windows\system32\upnp.dll
2011-02-09 09:38:41 ----A---- C:\windows\system32\msxml6.dll
2011-02-09 09:38:41 ----A---- C:\windows\system32\msxml3.dll
2011-02-09 09:38:40 ----A---- C:\windows\SYSWOW64\urlmon.dll
2011-02-09 09:38:40 ----A---- C:\windows\SYSWOW64\upnp.dll
2011-02-09 09:38:40 ----A---- C:\windows\SYSWOW64\msxml6.dll
2011-02-09 09:38:40 ----A---- C:\windows\system32\wininet.dll
2011-02-09 09:38:39 ----A---- C:\windows\SYSWOW64\wininet.dll
2011-02-09 09:38:39 ----A---- C:\windows\SYSWOW64\WebClnt.dll
2011-02-09 09:38:39 ----A---- C:\windows\SYSWOW64\msxml3.dll
2011-02-09 09:38:39 ----A---- C:\windows\SYSWOW64\ieframe.dll
2011-02-09 09:38:39 ----A---- C:\windows\SYSWOW64\davclnt.dll
2011-02-09 09:38:39 ----A---- C:\windows\system32\wscapi.dll
2011-02-09 09:38:39 ----A---- C:\windows\system32\winhttp.dll
2011-02-09 09:38:39 ----A---- C:\windows\system32\WebClnt.dll
2011-02-09 09:38:39 ----A---- C:\windows\system32\ieframe.dll
2011-02-09 09:38:39 ----A---- C:\windows\system32\davclnt.dll
2011-02-09 09:38:38 ----A---- C:\windows\SYSWOW64\wscapi.dll
2011-02-09 09:38:38 ----A---- C:\windows\SYSWOW64\winhttp.dll
2011-02-09 09:38:38 ----A---- C:\windows\SYSWOW64\slwga.dll
2011-02-09 09:38:38 ----A---- C:\windows\system32\wscsvc.dll
2011-02-09 09:38:38 ----A---- C:\windows\system32\slwga.dll
2011-02-09 09:38:36 ----A---- C:\windows\system32\win32k.sys
2011-02-09 09:38:35 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2011-02-09 09:38:35 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2011-02-09 09:38:35 ----A---- C:\windows\system32\cdd.dll
2011-02-09 09:38:32 ----A---- C:\windows\SYSWOW64\vbscript.dll
2011-02-09 09:38:32 ----A---- C:\windows\SYSWOW64\jscript.dll
2011-02-09 09:38:32 ----A---- C:\windows\system32\vbscript.dll
2011-02-09 09:38:32 ----A---- C:\windows\system32\jscript.dll
2011-02-09 09:38:31 ----A---- C:\windows\system32\ntoskrnl.exe
2011-02-09 09:38:30 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2011-02-09 09:38:30 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2011-02-09 09:38:30 ----A---- C:\windows\SYSWOW64\ntdll.dll
2011-02-09 09:38:30 ----A---- C:\windows\system32\ntdll.dll
2011-02-09 09:38:28 ----A---- C:\windows\SYSWOW64\atmlib.dll
2011-02-09 09:38:28 ----A---- C:\windows\SYSWOW64\atmfd.dll
2011-02-09 09:38:28 ----A---- C:\windows\system32\atmlib.dll
2011-02-09 09:38:28 ----A---- C:\windows\system32\atmfd.dll
2011-02-06 15:27:41 ----A---- C:\windows\SYSWOW64\msxml3a.dll
2011-02-03 12:46:34 ----D---- C:\Program Files (x86)\CouponAlert_2p
2011-01-28 23:11:13 ----D---- C:\Users\Owner\AppData\Roaming\upromise
2011-01-28 23:11:13 ----D---- C:\Program Files (x86)\Upromise
2011-01-27 22:12:42 ----D---- C:\Program Files (x86)\The Weather Channel FW
2011-01-27 03:00:37 ----D---- C:\de185e76be59bfa7efb3d9b418ed50
2011-01-26 15:24:12 ----D---- C:\Users\Owner\AppData\Roaming\Template
2011-01-24 22:43:33 ----RA---- C:\windows\SYSWOW64\GEARAspi.dll
2011-01-24 22:43:33 ----RA---- C:\windows\system32\GEARAspi64.dll
2011-01-24 22:43:33 ----RA---- C:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-24 22:43:18 ----D---- C:\Program Files\Symantec
2011-01-24 22:43:18 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-01-24 22:43:18 ----A---- C:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-01-24 22:41:30 ----D---- C:\windows\system32\drivers\N360x64
2011-01-24 22:41:29 ----D---- C:\Program Files (x86)\Norton 360
2011-01-24 22:00:25 ----D---- C:\Users\Owner\AppData\Roaming\ConsumerSoft
2011-01-24 11:05:59 ----D---- C:\Program Files (x86)\Windows Live Safety Center
2011-01-21 16:22:27 ----D---- C:\ProgramData\Cadsoft
2011-01-21 14:17:31 ----A---- C:\ProgramData\_r_a_p_.tmp

======List of files/folders modified in the last 1 months======

2011-02-19 15:01:47 ----D---- C:\windows\system32\drivers
2011-02-19 15:01:45 ----AD---- C:\Windows
2011-02-19 15:00:26 ----D---- C:\windows\Tasks
2011-02-19 15:00:26 ----D---- C:\windows\system32\Tasks
2011-02-19 14:59:51 ----D---- C:\windows\system32\config
2011-02-19 14:58:10 ----D---- C:\windows\Prefetch
2011-02-19 14:56:31 ----A---- C:\windows\system.ini
2011-02-19 14:55:35 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-02-19 14:55:05 ----SHD---- C:\System Volume Information
2011-02-19 14:52:51 ----D---- C:\Program Files (x86)
2011-02-19 14:52:50 ----D---- C:\Program Files (x86)\Object
2011-02-19 14:51:06 ----D---- C:\windows\SYSWOW64\drivers
2011-02-19 14:51:06 ----D---- C:\windows\SysWOW64
2011-02-19 14:51:06 ----D---- C:\windows\AppPatch
2011-02-19 14:51:06 ----AD---- C:\windows\System32
2011-02-19 14:51:04 ----D---- C:\Program Files\Common Files
2011-02-19 14:51:04 ----D---- C:\Program Files (x86)\Common Files
2011-02-19 09:29:34 ----SHD---- C:\windows\Installer
2011-02-19 09:28:52 ----D---- C:\windows\system32\catroot2
2011-02-18 12:17:29 ----D---- C:\ProgramData
2011-02-18 00:27:13 ----D---- C:\windows\Downloaded Program Files
2011-02-18 00:25:48 ----D---- C:\windows\system32\wbem
2011-02-18 00:23:36 ----D---- C:\windows\system32\wfp
2011-02-18 00:23:34 ----D---- C:\windows\registration
2011-02-18 00:23:34 ----D---- C:\ProgramData\Norton
2011-02-17 22:29:07 ----D---- C:\windows\SYSWOW64\Macromed
2011-02-17 22:25:48 ----D---- C:\ProgramData\Adobe
2011-02-17 22:01:15 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-02-17 22:01:14 ----D---- C:\windows\inf
2011-02-17 21:56:16 ----D---- C:\Program Files (x86)\InboxDollars
2011-02-17 21:56:16 ----D---- C:\Program Files (x86)\Bonjour
2011-02-17 21:24:14 ----D---- C:\Program Files (x86)\Microsoft Office
2011-02-17 21:23:55 ----D---- C:\Program Files (x86)\Internet Explorer
2011-02-17 21:23:52 ----D---- C:\Program Files (x86)\Google
2011-02-17 21:23:20 ----D---- C:\Program Files (x86)\Microsoft Works
2011-02-17 21:23:20 ----D---- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2011-02-17 21:23:15 ----D---- C:\Program Files (x86)\Windows Media Player
2011-02-17 21:23:08 ----D---- C:\Program Files (x86)\QuickTime
2011-02-17 21:23:08 ----D---- C:\Program Files (x86)\Nova Development
2011-02-17 12:35:34 ----RD---- C:\Program Files
2011-02-17 12:19:54 ----SD---- C:\Users\Owner\AppData\Roaming\Microsoft
2011-02-10 10:30:05 ----D---- C:\windows\winsxs
2011-02-10 10:26:05 ----D---- C:\Program Files\Internet Explorer
2011-02-10 09:58:57 ----D---- C:\ProgramData\Microsoft Help
2011-02-10 09:56:04 ----A---- C:\windows\system32\MRT.exe
2011-02-09 09:38:08 ----D---- C:\windows\system32\catroot
2011-02-05 00:33:27 ----D---- C:\windows\Microsoft.NET
2011-02-05 00:32:36 ----RSD---- C:\windows\assembly
2011-02-04 21:55:27 ----D---- C:\windows\ShellNew
2011-02-04 21:55:15 ----RSD---- C:\windows\Fonts
2011-02-04 21:52:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-02-04 21:52:20 ----SD---- C:\ProgramData\Microsoft
2011-02-04 21:51:33 ----D---- C:\Program Files\Microsoft Office
2011-01-29 17:11:51 ----D---- C:\windows\system32\NDF
2011-01-28 08:06:45 ----A---- C:\windows\win.ini
2011-01-27 23:29:48 ----A---- C:\windows\QUICKEN.INI
2011-01-27 15:16:58 ----D---- C:\Program Files (x86)\NortonInstaller
2011-01-27 13:39:51 ----D---- C:\windows\system32\FxsTmp
2011-01-27 08:09:43 ----D---- C:\windows\WindowsMobile
2011-01-27 03:10:19 ----D---- C:\ProgramData\McAfee
2011-01-27 03:10:18 ----D---- C:\Program Files\McAfee
2011-01-27 03:10:18 ----D---- C:\Program Files\Common Files\McAfee
2011-01-24 16:01:16 ----D---- C:\ProgramData\Symantec
2011-01-24 12:20:05 ----D---- C:\Program Files (x86)\Windows Live
2011-01-23 20:47:46 ----D---- C:\ProgramData\Nova Development
2011-01-23 20:47:04 ----D---- C:\Users\Owner\AppData\Roaming\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-08-07 408600]
R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12352]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-13 214096]
R0 SymDS;Symantec Data Store; C:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [2010-02-03 433200]
R0 SymEFA;Symantec Extended File Attributes; C:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [2010-04-21 221232]
R0 Thpdrv;TOSHIBA HDD Protection Driver; C:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver; C:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-01-14 953904]
R1 ccHP;Symantec Hash Provider; C:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [2010-02-25 615040]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2011-01-24 475696]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110218.003\IDSvia64.sys [2010-12-01 476792]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\windows\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS [2010-04-21 32304]
R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [2010-04-29 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [2010-05-05 451120]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R2 rimspci;rimspci; C:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
R2 risdpcie;risdpcie; C:\windows\system32\DRIVERS\risdpe64.sys [2009-07-28 81408]
R2 rixdpcie;rixdpcie; C:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-01-24 132656]
R3 FwLnk;FwLnk Driver; C:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2009-08-27 7369600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2009-07-29 1966624]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\windows\system32\DRIVERS\rtl8192se.sys [2009-09-09 943616]
R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [2011-01-24 173104]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-07-20 274480]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2009-06-19 1394688]
S3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-13 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-13 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2009-07-13 551936]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-13 79360]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110219.002\ENG64.SYS [2011-02-18 117880]
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110219.002\EX64.SYS [2011-02-18 1791096]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-13 158720]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-07-13 109056]
S3 SRTSP;Symantec Real Time Storage Protection x64; C:\windows\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS [2010-04-21 505392]
S3 usb_rndisx;USB RNDIS Adapter; C:\windows\system32\DRIVERS\usb8023x.sys [2009-07-13 19968]
S3 USBAAPL64;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys [2010-09-28 51712]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-13 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-25 126392]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\windows\system32\svchost.exe [2009-07-13 27136]
R2 Thpsrv;TOSHIBA HDD Protection; C:\windows\system32\ThpSrv.exe [2009-07-08 531520]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-08-05 488800]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\windows\system32\svchost.exe [2009-07-13 27136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe []
S2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 CouponAlert_2pService;Coupon Alert Service; C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe []
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2009-05-22 250616]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 932640]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE []
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE []
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-07-21 51512]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-03-12 1255736]

-----------------EOF-----------------

Corrine

#16
February 19, 2011, 09:05:34 PM
Code Select
[code]Hi, Stephanie.  Great job.  Now, let's let ComboFix clean up the remains.  Please do the following, disabling Norton and Windows Defender as you did before. 

[b][u] Custom CFScript[/u][/b]
[size=11pt]
[i][color=darkred][b]Note:[/b] The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.[/color][/i][/size]

[list]
[li] Please open [b]Notepad[/b] (Click Start -> Run -> type [b]notepad[/b] in the Open field -> OK).  Copy/Paste all of the text present [b]inside[/b] the code box below (Note the scroll bar.  There is a lot to copy so be sure to get it all.):[/li]

[/list][code]Folder::
c:\program files (x86)\Swag_Bucks

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"=--
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"=-
[-HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
R3 - URLSearchHook: (no name) -
R3 - URLSearchHook: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} -
O2 - BHO: Toolbar BHO - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} -
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} -
O2 - BHO: Search Assistant BHO - {60e91567-ef8a-4520-bce2-83aba5256799} -
O2 - BHO: FCTBPos00Pos - {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} -
O2 - BHO: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} -
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -
O3 - Toolbar: InboxDollars - {47980628-3844-42AA-A0DD-E2D86BBA9600} -
O3 - Toolbar: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} -
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]


  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.





  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

[/code][/code]


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

slkohlmeier

#17
February 19, 2011, 09:55:46 PM
ComboFix 11-02-19.01 - Owner 02/19/2011  16:39:28.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3964.2735 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((   Files Created from 2011-01-19 to 2011-02-19  )))))))))))))))))))))))))))))))
.

2011-02-19 21:43 . 2011-02-19 21:43   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-02-18 17:17 . 2011-02-18 17:17   --------   d-----w-   c:\users\Owner\AppData\Roaming\Malwarebytes
2011-02-18 17:17 . 2011-02-18 17:17   --------   d-----w-   c:\programdata\Malwarebytes
2011-02-18 17:17 . 2010-12-20 23:09   38224   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-18 17:17 . 2011-02-18 17:17   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-18 17:17 . 2010-12-20 23:08   24152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-18 03:25 . 2011-02-18 03:25   --------   d-----w-   c:\program files (x86)\Common Files\Adobe
2011-02-17 17:35 . 2011-02-19 20:13   --------   d-----w-   c:\program files\trend micro
2011-02-17 17:35 . 2011-02-17 17:35   --------   d-----w-   C:\rsit
2011-02-11 04:25 . 2011-02-11 04:25   --------   d-----w-   c:\programdata\MFAData
2011-02-09 14:38 . 2010-12-18 06:11   714752   ----a-w-   c:\windows\system32\kerberos.dll
2011-02-06 20:27 . 2000-10-19 19:05   25088   ----a-w-   c:\windows\SysWow64\msxml3a.dll
2011-02-04 17:49 . 2011-02-04 17:49   --------   d-----w-   c:\users\Owner\AppData\Local\CrashDumps
2011-02-03 17:46 . 2011-02-03 17:46   --------   d-----w-   c:\program files (x86)\CouponAlert_2p
2011-01-29 04:11 . 2011-02-18 02:23   --------   d-----w-   c:\program files (x86)\Upromise
2011-01-29 04:11 . 2011-01-29 04:11   --------   d-----w-   c:\users\Owner\AppData\Roaming\upromise
2011-01-28 03:12 . 2011-01-28 03:12   --------   d-----w-   c:\users\Owner\AppData\Local\The Weather Channel
2011-01-28 03:12 . 2011-01-28 03:12   --------   d-----w-   c:\program files (x86)\The Weather Channel FW
2011-01-27 13:10 . 2011-01-27 13:10   --------   d-----w-   c:\users\Default\AppData\Local\Microsoft Help
2011-01-27 08:00 . 2011-01-27 08:00   --------   d-----w-   C:\de185e76be59bfa7efb3d9b418ed50
2011-01-26 20:24 . 2011-01-26 20:25   --------   d-----w-   c:\users\Owner\AppData\Roaming\Template
2011-01-25 03:43 . 2009-05-18 21:17   34152   ----a-r-   c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-25 03:43 . 2008-04-17 20:12   126312   ----a-r-   c:\windows\system32\GEARAspi64.dll
2011-01-25 03:43 . 2008-04-17 20:12   107368   ----a-r-   c:\windows\SysWow64\GEARAspi.dll
2011-01-25 03:43 . 2011-01-25 03:43   --------   d-----w-   c:\program files\Symantec
2011-01-25 03:43 . 2011-01-25 03:43   173104   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-01-25 03:43 . 2011-01-25 03:43   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2011-01-25 03:41 . 2011-02-02 21:46   --------   d-----w-   c:\windows\system32\drivers\N360x64
2011-01-25 03:41 . 2011-01-25 03:41   --------   d-----w-   c:\program files (x86)\Norton 360
2011-01-25 03:00 . 2011-01-25 03:00   --------   d-----w-   c:\users\Owner\AppData\Roaming\ConsumerSoft
2011-01-24 16:05 . 2011-01-24 16:06   --------   d-----w-   c:\program files (x86)\Windows Live Safety Center
2011-01-24 01:56 . 2011-01-24 01:56   --------   d-----w-   c:\users\Owner\AppData\Local\Avanquest North America
2011-01-21 21:22 . 2011-01-21 21:22   --------   d-----w-   c:\programdata\Cadsoft
2011-01-21 19:17 . 2011-01-21 19:17   0   ----a-w-   c:\programdata\_r_a_p_.tmp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:38 . 2010-11-29 22:38   94208   ----a-w-   c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38   69632   ----a-w-   c:\windows\SysWow64\QuickTime.qts
2002-07-27 07:02 . 2010-10-09 03:21   153088   ------w-   c:\program files (x86)\UNWISE.EXE
.

(((((((((((((((((((((((((((((   SnapShot@2011-02-19_19.56.30   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-02-19 21:47   49868              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-02-19 19:57   49868              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-29 14:48 . 2011-02-19 21:47   13264              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1123536799-2189535732-3961697104-1000_UserData.bin
- 2009-12-05 01:04 . 2011-02-19 19:56   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-05 01:04 . 2011-02-19 21:46   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-05 01:04 . 2011-02-19 21:46   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-05 01:04 . 2011-02-19 19:56   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-05 01:04 . 2011-02-19 21:46   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-05 01:04 . 2011-02-19 19:56   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-29 12:54 . 2011-02-19 19:56   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-29 12:54 . 2011-02-19 21:46   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-29 12:54 . 2011-02-19 19:56   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-29 12:54 . 2011-02-19 21:46   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-19 21:45 . 2011-02-19 21:45   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-19 19:55 . 2011-02-19 19:55   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-19 19:55 . 2011-02-19 19:55   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-19 21:45 . 2011-02-19 21:45   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-02-19 19:53   404396              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-02-19 21:43   404396              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2011-02-19 20:10   10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-02-19 14:39   10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3462c343-be19-4143-af70-cefb56f46fc6}"= "c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{3462c343-be19-4143-af70-cefb56f46fc6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"Upromise Tray"="c:\program files (x86)\Upromise\UpromiseTray.exe" [2010-08-06 237264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TUSBSleepChargeSrv"="c:\program files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-07-21 1293624]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CouponAlert_2pService;Coupon Alert Service;c:\progra~2\COUPON~2\bar\1.bin\2pbarsvc.exe

  • R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe

  • R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-07-21 51512]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-12 1255736]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [2010-02-04 433200]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [2010-04-22 221232]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-01-14 953904]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [2010-02-26 615040]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110218.003\IDSvia64.sys [2010-12-01 476792]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [2010-04-29 150064]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [2010-05-06 451120]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
    S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
    S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
    S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-29 81408]
    S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 252272]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-01-24 132656]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-09-09 943616]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
    S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
    2009-08-06 16:15   264048   ----a-w-   c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1815848]
    "ThpSrv"="c:\windows\system32\ThpSrv.exe" [2009-07-08 531520]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 497504]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 508216]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 909624]
    "Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-12 1482080]
    "TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-04 711000]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
    mStart Page = hxxp://www.startsearcher.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -
    DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.opinionguru.com/CopyGuardIE.cab
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-19  16:51:32 - machine was rebooted
    ComboFix-quarantined-files.txt  2011-02-19 21:51
    ComboFix2.txt  2011-02-19 20:01

    Pre-Run: 431,480,016,896 bytes free
    Post-Run: 431,425,830,912 bytes free

    - - End Of File - - 7D00666BA2B5E5B7A024220EF981F62D

Corrine

#18
February 19, 2011, 11:04:16 PM
Hi, Stephanie. 

Once again, great job! Now, let's tie up loose ends.

1.  You can start by deleting "SecurityCheck" that you downloaded previously.  It won't be needed any longer.  Now that you have Malwarebytes installed, I suggest updating and doing a fresh scan every week or so.  You can keep TFC if you wish and run it periodically.  It does a great job at cleaning out temp files.

2.  Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.


3.  See if you can install Java now.  Be sure to select the Windows x64 version:  https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u24-oth-JPR@CDS-CDS_Developer

4.  After you updated Adobe Reader, you mentioned Shockwave being outdated.  Yes, if you need Shockwave installed on your computer, you should update it.  That said, I don't recall ever needing it installed on any of my computers. 

5.  You had asked about antivirus software.  If you want a licensed software suite, my favorite is ESET Smart Security.  However, if you are looking for an antivirus software that is free for personal use, my favorite is Microsoft Security Essentials (MSE).  In my opinion, MSE, combined with the Windows 7 Firewall provide an excellent combination. 

Notes:  If you elect to replace the Norton trial rather than paying for a license, you will need to do the following:

  • Disable Norton as you did when you ran ComboFix.
  • Start the Windows 7 Firewall.  Simply type firewall in the search box or go to Control Panel > All Control Panel Items > Action Center > Security.
  • Uninstall Norton and Download and run the Norton Removal Tool to remove your Norton 2006 product or later version
  • Download and install the antivirus software you wish to use.  (If you select MSE, it will automatically disable Windows Defender because MSE incorporates the Windows Defender anti-spyware engine.)

If you would rather a different antivirus software program instead of MSE, the following are other programs that are free for personal use that you might consider:

avast! 5 Home Edition
Avira AntiVir PersonalEdition Classic

6.  Having a firewall, anti-virus and anti-malware software are not enough.  You also need to stay current with security updates.  If you don't have your computer set to automatically install the Microsoft Security Updates, please check for updates now.  For additional information, see my blog post Understanding Microsoft Updates

7.  To check if your system is missing security updates or has insecure applications, install Secunia Personal Software Inspector or, alternatively, visit http://secunia.com/software_inspector/ .  The Secunia Software Inspector runs through your browser with no installation or download required and does the following:

  • Detects insecure versions of applications installed
  • Verifies that all Microsoft patches are applied
  • Assists you in updating your system and applications
8.  Install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html

9.  My favorite security software is WinPatrol which includes some of the features described at http://www.winpatrol.com/features.html and more.

Please let me know if you have any questions.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages 1 2
User actions