System Tool 2011

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

System Tool 201131st December 2010, 11:18 pm

There is a rogue Anti-Spyware program called 'System Tool 2011' that will not allow me to open applications. It won't let me run OTL or rkill. Also, it has modified by desktop background to random warnings that my system is 'unprotected'. And, of course, it has pop ups that attempt to direct me to purchase its software, opening a credit card information page that looks like a real purchase, but is clearly a scam.

I need to be able to run OTL. Can somebody please help me?

Re: System Tool 20111st January 2011, 12:56 am

Hello.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

Place a blank CD-R disc in to your CD burning drive.
Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings

Change Drivers to Non-Microsoft
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\_OTL\MovedFiles
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
System Tool 2011 DXwU4

Re: System Tool 20111st January 2011, 6:06 pm

Sorry, but the disk boot isn't working. Even if I select for it to boot up with the disk and EVEN IF I set up the disk as the priority for booting, it completely ignores the disk as if it isn't even there, and starts up regularly, back to System Tool 2011's new computer (the one I apparently used to own).

So, I need some kind of instructions or something on how to boot using a disk, because the link you provided offered no help.

I don't know if you need this information or not.. but my computer is a Toshiba laptop from 2010 and it displays a Toshiba bios upon booting it. It also says 'F2 for Setup Utilities' and 'F12 for Boot Manager'. HOWEVER, in Setup Utilities, I already placed the disk as the priority for bootin. AND, in Boot Manager, I can highlight for the computer to boot from disk, but after pressing enter to activate CD booting, it just starts up normally, like nothing ever happened.. like the CD doesn't exist.

Re: System Tool 20111st January 2011, 10:03 pm

Disregard that last post. I was able to boot up my computer using the disk after burning it on safe mode.

BUT...

I got the blue screen of death *right after* the 'Windows XP' logo from the disk appeared to be loading.

The message on the blue screen of death basically says that it is shutting down windows to prevent damage to the computer.

So, I can't execute files AND the disk bootup is being prevented..

Re: System Tool 20111st January 2011, 10:38 pm

Ok.. I booted my computer normally, logged in, and then opened up the task manager as quickly as possible using CTRL+Shift+ESC. Once it was opened, I looked for a process with a ridiculous name, so that I could close it out before it started. Surely enough, I found a process with a ridiculous name. Well, after ending the process, my startup resumed and System Tool 2011 wasn't running anymore.

NEXT, I used Old Timer, rebooted again. After using Old Timer and rebooting, an error message appeared upon startup about being unable to open a certain dll file (probably something System Tool 2011 needs to open in order to function properly).

That wasn't all I did...

I *then* ran the newest version of Malwarbytes with a Quick Scan. After the scan was finished, it had found 28 infections, so I clicked "Remove". It got rid of those 28 infections and prompted me to reboot, so I rebooted.

Now, here I am, finally able to use my computer again. Momentarily, I will be posting an OTL log.

Re: System Tool 20111st January 2011, 10:53 pm

OTL logfile created on: 1/1/2011 4:42:41 PM - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Jeff Branhan\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.55 Gb Total Space | 158.78 Gb Free Space | 55.41% Space Free | Partition Type: NTFS

Computer Name: JEFFBRANHAN-PC | User Name: Jeff Branhan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/29 11:45:39 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff Branhan\Desktop\OTL.com
PRC - [2010/12/29 00:12:16 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/09/24 18:20:30 | 000,115,056 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/03 23:12:28 | 000,730,736 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe
PRC - [2010/04/08 15:03:10 | 000,214,480 | ---- | M] () -- C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe
PRC - [2010/03/23 19:09:25 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/02/24 02:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/12/09 03:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
PRC - [2009/11/02 18:24:58 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/08/24 16:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
PRC - [2009/04/29 19:27:30 | 001,706,496 | ---- | M] (NetZero, Inc.) -- C:\Program Files (x86)\NetZero\exec.exe

========== Modules (SafeList) ==========

MOD - [2010/12/29 11:45:39 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff Branhan\Desktop\OTL.com
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/15 10:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/25 20:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 18:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 23:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/12/12 10:58:21 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/09/24 18:20:30 | 000,115,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/09 03:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe -- (NIS)
SRV - [2009/12/03 20:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 16:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 12:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/15 11:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 10:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/22 19:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/08 22:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/01 14:45:52 | 000,717,880 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/12/03 00:08:32 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/12/03 00:08:32 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/10/02 14:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 18:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 14:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 10:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 12:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/12 23:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 23:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 23:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/03/07 13:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
DRV:64bit: - [2006/06/18 07:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/12/09 03:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\EX64.SYS -- (NAVEX15)
DRV - [2009/12/09 03:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\ENG64.SYS -- (NAVENG)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSNA&bmod=TSNA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AF1204B5-E0E4-4419-93D8-53762C686B8D}:1.9.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/11 11:17:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/11 11:17:13 | 000,000,000 | ---D | M]

[2010/09/26 15:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff Branhan\AppData\Roaming\Mozilla\Extensions
[2010/12/31 17:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff Branhan\AppData\Roaming\Mozilla\Firefox\Profiles\tipk8wz8.default\extensions
[2010/09/26 16:30:13 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Jeff Branhan\AppData\Roaming\Mozilla\Firefox\Profiles\tipk8wz8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/09/26 15:50:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/19 16:16:10 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\JEFF BRANHAN\APPDATA\LOCAL\{AF1204B5-E0E4-4419-93D8-53762C686B8D}

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe File not found
O4 - HKCU..\Run: [dvdusmon] C:\Users\JEFFBR~1\AppData\Local\Temp\fonttion.DLL File not found
O4 - HKCU..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe ()
O4 - HKCU..\Run: [NetZero_uoltray] C:\Program Files (x86)\NetZero\exec.exe (NetZero, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Jeff Branhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Display All Images with Full Quality - C:\Program Files (x86)\NetZero\qsacc\appres.dll (NetZero, Inc.)
O8:64bit: - Extra context menu item: Display Image with Full Quality - C:\Program Files (x86)\NetZero\qsacc\appres.dll (NetZero, Inc.)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files (x86)\NetZero\qsacc\appres.dll (NetZero, Inc.)
O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files (x86)\NetZero\qsacc\appres.dll (NetZero, Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX:64bit: >{939BA228-19B1-4739-894E-21DA6C230C15} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/01 16:23:44 | 000,000,000 | ---D | C] -- C:\Users\Jeff Branhan\AppData\Roaming\Malwarebytes
[2011/01/01 16:23:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/01 16:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/01 16:23:34 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/01/01 16:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/01 16:17:31 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jeff Branhan\Desktop\mbam-setup.exe
[2011/01/01 16:15:57 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jeff Branhan\Desktop\TFC.exe
[2010/12/31 19:06:50 | 098,217,771 | ---- | C] (Igor Pavlov) -- C:\Users\Jeff Branhan\Desktop\OTLPEStd.exe
[2010/12/31 17:03:25 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Jeff Branhan\Desktop\OTL.com
[2010/12/31 16:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\iPnKd06300
[2010/12/27 23:39:30 | 000,000,000 | ---D | C] -- C:\Users\Jeff Branhan\Synfig
[2010/12/27 23:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synfig
[2010/12/27 23:13:39 | 000,000,000 | ---D | C] -- C:\Users\Jeff Branhan\AppData\Roaming\Acapela Group
[2010/12/27 23:13:36 | 000,000,000 | ---D | C] -- C:\Users\Jeff Branhan\AppData\Local\Xtranormal
[2010/12/27 23:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xtranormal
[2010/12/27 23:06:52 | 000,000,000 | ---D | C] -- C:\Users\Jeff Branhan\AppData\Roaming\Xtranormal
[2010/12/24 06:26:32 | 000,000,000 | ---D | C] -- C:\Users\Jeff Branhan\Desktop\Virtual Dub Mod
[2010/12/24 06:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio
[2010/12/20 14:36:05 | 000,000,000 | ---D | C] -- C:\Users\Jeff Branhan\Documents\Dungeons and Dragons Online
[2010/12/19 19:16:28 | 000,000,000 | ---D | C] -- C:\Users\Jeff Branhan\Desktop\Tibia Auto Crap
[2010/12/19 19:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibia Auto2
[2010/12/16 07:35:21 | 000,000,000 | ---D | C] -- C:\Users\Jeff Branhan\AppData\Local\Turbine
[2010/12/16 07:34:25 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_42.dll
[2010/12/16 07:34:22 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_33.dll
[2010/12/16 07:33:43 | 000,000,000 | ---D | C] -- C:\Users\Jeff Branhan\AppData\Local\ApplicationHistory
[2010/12/16 07:31:35 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\URTTEMP
[2010/12/16 07:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine
[2010/12/16 00:21:56 | 000,000,000 | ---D | C] -- C:\Users\Jeff Branhan\Desktop\DDO High Res Install Files
[2010/12/16 00:21:29 | 000,000,000 | ---D | C] -- C:\Users\Jeff Branhan\AppData\Local\PMB Files
[2010/12/16 00:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/12/16 00:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2010/12/15 20:28:50 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2010/12/15 20:28:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeeds.dll
[2010/12/15 20:28:49 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2010/12/15 20:28:49 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2010/12/15 20:28:49 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2010/12/15 20:28:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2010/12/15 20:28:49 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2010/12/15 20:28:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2010/12/15 20:28:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2010/12/15 20:28:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2010/12/15 20:28:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2010/12/15 20:28:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2010/12/15 20:28:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2010/12/15 20:28:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2010/12/15 20:26:46 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskschd.dll
[2010/12/15 20:26:46 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskeng.exe
[2010/12/15 20:26:45 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmicmiplugin.dll
[2010/12/15 20:26:45 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\taskschd.dll
[2010/12/15 20:26:45 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskcomp.dll
[2010/12/15 20:26:45 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\taskcomp.dll
[2010/12/15 20:26:45 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\schtasks.exe
[2010/12/15 20:26:45 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\schtasks.exe
[2010/12/15 20:01:20 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2010/12/15 20:01:20 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2010/12/15 20:01:20 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2010/12/15 20:01:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2010/12/15 20:01:06 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2010/12/15 20:01:06 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2010/12/15 19:59:43 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2010/12/13 01:16:44 | 000,000,000 | ---D | C] -- C:\Users\Jeff Branhan\AppData\Roaming\Remere's Map Editor
[2010/12/13 01:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Remere's Map Editor
[2010/12/11 16:30:32 | 000,000,000 | ---D | C] -- C:\Users\Jeff Branhan\Desktop\Perfect Desires
[2010/12/08 17:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibia

Re: System Tool 20111st January 2011, 10:54 pm

========== Files - Modified Within 30 Days ==========

[2011/01/01 16:40:49 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/01 16:40:49 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/01 16:37:59 | 000,739,790 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/01/01 16:37:59 | 000,632,946 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/01/01 16:37:59 | 000,110,548 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/01/01 16:33:45 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/01 16:33:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/01/01 16:33:27 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/01 16:23:37 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/01 16:17:33 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeff Branhan\Desktop\mbam-setup.exe
[2011/01/01 16:16:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff Branhan\Desktop\TFC.exe
[2011/01/01 15:57:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/31 19:06:57 | 098,217,771 | ---- | M] (Igor Pavlov) -- C:\Users\Jeff Branhan\Desktop\OTLPEStd.exe
[2010/12/31 18:30:24 | 000,883,766 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Read This Before Posting.mht
[2010/12/29 11:45:39 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff Branhan\Desktop\OTL.com
[2010/12/28 12:40:20 | 000,008,486 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Normal Victory.mid
[2010/12/28 01:40:30 | 000,171,839 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\The Quieting.mid
[2010/12/28 01:37:21 | 000,363,286 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Her Happy Place.mid
[2010/12/27 23:38:29 | 000,000,051 | ---- | M] () -- C:\Users\Jeff Branhan\.gtkrc-2.0
[2010/12/27 23:07:16 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\State.lnk
[2010/12/27 02:15:30 | 000,172,179 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Final Fantasy VIII - The Castle.MUS
[2010/12/27 02:12:26 | 000,172,183 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Testing....bak
[2010/12/27 02:12:26 | 000,172,183 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Final Fantasy VIII - The Castle.bak
[2010/12/25 19:13:25 | 000,049,005 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\One Night Stand (rec).mid
[2010/12/25 19:03:24 | 000,009,260 | ---- | M] () -- C:\Users\Jeff Branhan\AppData\Roaming\wklnhst.dat
[2010/12/25 19:02:03 | 000,036,693 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Don't Run To Me.mid
[2010/12/25 09:27:26 | 000,000,718 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Cyanide.mid
[2010/12/24 06:25:31 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010/12/24 01:56:43 | 000,792,876 | ---- | M] () -- C:\Users\Jeff Branhan\Documents\tibiaAuto.cfg.Level 28+ Paladin Edron Goblins.xml
[2010/12/23 21:44:39 | 000,140,483 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Fighting.MUS
[2010/12/23 21:44:39 | 000,140,483 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Dark Waltz.MUS
[2010/12/23 21:44:39 | 000,140,483 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Dark Waltz.bak
[2010/12/22 19:17:30 | 000,003,064 | ---- | M] () -- C:\Users\Jeff Branhan\Documents\Character Profiles.rtf
[2010/12/22 13:41:12 | 000,780,283 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\rkill.com
[2010/12/21 15:20:29 | 001,477,125 | ---- | M] () -- C:\Users\Jeff Branhan\Documents\tibiaAuto.cfg.Trevor Perkins LB Rots.xml
[2010/12/20 20:33:41 | 000,122,570 | ---- | M] () -- C:\Users\Jeff Branhan\Documents\tibiaAuto.cfg.Level 20+ Pally Edron Goblin Training.xml
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2010/12/19 22:07:24 | 000,049,074 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\One Night Stand d2.mid
[2010/12/19 19:24:29 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk
[2010/12/19 19:18:25 | 000,001,921 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Tibia Auto.lnk
[2010/12/16 07:35:23 | 000,000,100 | ---- | M] () -- C:\Users\Jeff Branhan\AppData\Local\fusioncache.dat
[2010/12/16 07:33:24 | 000,756,022 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/12/16 07:31:45 | 000,013,490 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Attention Crazy.mid
[2010/12/16 03:24:43 | 000,361,536 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2010/12/13 01:16:45 | 000,002,601 | ---- | M] () -- C:\Users\Public\Desktop\Remere's Map Editor.lnk
[2010/12/13 01:15:09 | 004,378,112 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\RME-win-2.1.msi
[2010/12/11 15:04:14 | 000,005,172 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\World of Hunting Design.rtf
[2010/12/11 14:31:49 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/12/08 23:22:17 | 000,001,105 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Trevor's Hunting Stats.rtf
[2010/12/08 16:44:56 | 003,696,456 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\TibiaAutoSetup_2_8_0.exe
[2010/12/08 16:41:20 | 000,343,822 | ---- | M] () -- C:\ProgramData\Tibia_dat.bak
[2010/12/04 17:57:53 | 000,159,737 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Demolished Blueprints.mus
[2010/12/04 17:30:41 | 000,159,820 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\Demolished Blueprints.bak

========== Files Created - No Company Name ==========

[2011/01/01 16:23:37 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/31 18:30:19 | 000,883,766 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\Read This Before Posting.mht
[2010/12/31 17:12:07 | 000,780,283 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\rkill.com
[2010/12/28 12:43:07 | 000,140,483 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\Fighting.MUS
[2010/12/28 12:40:19 | 000,008,486 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\Normal Victory.mid
[2010/12/28 01:39:13 | 000,171,839 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\The Quieting.mid
[2010/12/28 01:37:19 | 000,363,286 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\Her Happy Place.mid
[2010/12/27 23:38:29 | 000,000,051 | ---- | C] () -- C:\Users\Jeff Branhan\.gtkrc-2.0
[2010/12/27 23:36:19 | 029,984,856 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\synfigstudio-0.62.02.exe
[2010/12/27 23:07:16 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\State.lnk
[2010/12/27 23:02:40 | 131,788,800 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\StatePackage.exe
[2010/12/27 01:29:01 | 000,172,183 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\Testing....bak
[2010/12/27 01:29:01 | 000,172,183 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\Final Fantasy VIII - The Castle.bak
[2010/12/27 01:29:01 | 000,172,179 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\Final Fantasy VIII - The Castle.MUS
[2010/12/25 19:11:42 | 000,049,005 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\One Night Stand (rec).mid
[2010/12/25 19:02:02 | 000,036,693 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\Don't Run To Me.mid
[2010/12/25 09:27:26 | 000,000,718 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\Cyanide.mid
[2010/12/24 06:25:31 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010/12/24 01:56:40 | 000,792,876 | ---- | C] () -- C:\Users\Jeff Branhan\Documents\tibiaAuto.cfg.Level 28+ Paladin Edron Goblins.xml
[2010/12/23 21:10:10 | 000,140,483 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\Dark Waltz.MUS
[2010/12/23 21:10:10 | 000,140,483 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\Dark Waltz.bak
[2010/12/21 15:20:28 | 001,477,125 | ---- | C] () -- C:\Users\Jeff Branhan\Documents\tibiaAuto.cfg.Trevor Perkins LB Rots.xml
[2010/12/21 00:25:08 | 000,003,064 | ---- | C] () -- C:\Users\Jeff Branhan\Documents\Character Profiles.rtf
[2010/12/20 20:33:39 | 000,122,570 | ---- | C] () -- C:\Users\Jeff Branhan\Documents\tibiaAuto.cfg.Level 20+ Pally Edron Goblin Training.xml
[2010/12/19 21:54:59 | 000,049,074 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\One Night Stand d2.mid
[2010/12/19 19:14:35 | 003,696,456 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\TibiaAutoSetup_2_8_0.exe
[2010/12/16 07:35:23 | 000,000,100 | ---- | C] () -- C:\Users\Jeff Branhan\AppData\Local\fusioncache.dat
[2010/12/16 07:32:10 | 000,756,022 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/12/14 19:15:09 | 000,013,490 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\Attention Crazy.mid
[2010/12/13 01:16:45 | 000,002,601 | ---- | C] () -- C:\Users\Public\Desktop\Remere's Map Editor.lnk
[2010/12/13 01:15:09 | 004,378,112 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\RME-win-2.1.msi
[2010/12/11 14:36:10 | 000,005,172 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\World of Hunting Design.rtf
[2010/12/08 20:53:49 | 000,001,105 | ---- | C] () -- C:\Users\Jeff Branhan\Desktop\Trevor's Hunting Stats.rtf
[2010/12/08 16:41:20 | 000,343,822 | ---- | C] () -- C:\ProgramData\Tibia_dat.bak
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2010/09/19 16:16:17 | 000,000,120 | ---- | C] () -- C:\Users\Jeff Branhan\AppData\Local\Esilucowoziqip.dat
[2010/09/19 16:16:17 | 000,000,000 | ---- | C] () -- C:\Users\Jeff Branhan\AppData\Local\Nwusev.bin
[2010/08/14 00:51:19 | 000,009,260 | ---- | C] () -- C:\Users\Jeff Branhan\AppData\Roaming\wklnhst.dat
[2010/06/14 20:11:58 | 000,000,054 | ---- | C] () -- C:\windows\Composer.INI
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========

< %systemroot%\Fonts\*.com >
[2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/06/13 11:53:45 | 000,000,221 | -HS- | M] () -- C:\Users\Jeff Branhan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2009/08/22 22:38:00 | 007,658,952 | ---- | M] (DT Soft Ltd.) -- C:\Users\Jeff Branhan\Desktop\daemon4304-lite.exe
[2011/01/01 16:17:33 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeff Branhan\Desktop\mbam-setup.exe
[2010/12/31 19:06:57 | 098,217,771 | ---- | M] (Igor Pavlov) -- C:\Users\Jeff Branhan\Desktop\OTLPEStd.exe
[2010/04/23 11:01:20 | 131,788,800 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\StatePackage.exe
[2010/11/20 22:43:43 | 029,984,856 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\synfigstudio-0.62.02.exe
[2011/01/01 16:16:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff Branhan\Desktop\TFC.exe
[2010/11/04 22:41:41 | 003,681,450 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\TibiaAutoSetup_2_7_2.exe
[2010/12/08 16:44:56 | 003,696,456 | ---- | M] () -- C:\Users\Jeff Branhan\Desktop\TibiaAutoSetup_2_8_0.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/12/11 11:17:11 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2010/12/11 11:17:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2010/12/11 11:17:12 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2010/12/11 11:17:12 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 18:34:29 | 000,000,402 | -HS- | M] () -- C:\Users\Jeff Branhan\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/12/08 16:41:20 | 000,343,822 | ---- | M] () -- C:\ProgramData\Tibia_dat.bak

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 19:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/13 19:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/23 18:42:06 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/09/26 19:18:48 | 000,000,975 | ---- | M] () -- C:\deltaStartup.log
[2011/01/01 16:33:27 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/01 16:33:29 | 4021,182,464 | -HS- | M] () -- C:\pagefile.sys
[2010/06/03 23:06:21 | 000,000,047 | ---- | M] () -- C:\Status.log

< %PROGRAMFILES%\*. >
[2010/06/26 08:34:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\2K Games
[2010/09/19 16:32:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-Zip
[2010/03/23 19:08:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/06/13 11:41:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/09/27 20:38:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Asprate
[2010/06/03 22:56:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2010/07/09 19:55:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bethesda Softworks
[2010/07/25 14:25:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/12/24 06:25:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CamStudio
[2010/06/03 23:01:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2010/08/06 17:40:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/06/03 23:12:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Corel
[2010/09/19 14:07:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Delta
[2010/07/18 15:16:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Diablo II
[2010/06/20 04:46:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Direct MIDI to MP3 Converter
[2010/06/13 12:49:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Finale NotePad 2010
[2010/06/13 16:46:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/07/09 19:55:44 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/12/16 07:33:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/06/03 23:19:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intuit
[2010/07/25 14:28:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iPod
[2010/07/25 14:28:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/03/23 19:05:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/01/01 16:23:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/23 19:12:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/11/16 03:01:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/06/03 22:45:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/06/03 22:53:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
[2010/09/29 18:08:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/03/23 19:12:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/12/16 03:04:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/06/26 02:01:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/12/11 11:17:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/03/23 18:08:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/06/13 17:29:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MySpace
[2010/06/03 23:03:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Netwaiting
[2010/10/13 15:31:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NetZero
[2010/06/03 23:13:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton Internet Security
[2010/06/03 23:20:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton PC Checkup
[2010/06/03 23:20:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2010/06/14 20:11:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Notation
[2010/12/16 00:21:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2010/06/13 11:49:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PdaNet for iPhone
[2010/10/03 14:05:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\psx emulation cheater
[2010/07/25 14:27:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2010/06/03 22:59:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2010/06/03 23:01:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek WLAN Driver
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/12/13 01:16:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Remere's Map Editor
[2010/09/05 12:12:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\sfArk
[2010/10/01 21:15:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files
[2011/01/01 16:34:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2010/12/27 23:38:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Synfig
[2010/12/19 19:47:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tibia
[2010/12/19 19:18:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tibia Auto
[2010/12/19 19:17:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tibia Auto2
[2010/11/11 01:08:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tibia before
[2010/11/22 20:57:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tibia76
[2010/06/12 20:02:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TOSHIBA
[2010/06/03 23:21:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TOSHIBA Corporation
[2010/06/03 23:19:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TOSHIBA Games
[2010/06/03 23:20:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Toshiba Online Backup
[2010/12/16 07:17:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Turbine
[2009/07/13 22:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/03/23 19:13:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/03/23 19:11:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/12/16 03:23:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/10/24 18:20:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/13 23:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/09/29 22:02:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\XBCD
[2010/12/27 23:07:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Xtranormal

< %appdata%\*.* >
[2010/12/25 19:03:24 | 000,009,260 | ---- | M] () -- C:\Users\Jeff Branhan\AppData\Roaming\wklnhst.dat

< MD5 for: AGP440.SYS >
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/13 18:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/13 18:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

Re: System Tool 20111st January 2011, 10:54 pm

OTL Extras logfile created on: 1/1/2011 4:42:41 PM - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Jeff Branhan\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.55 Gb Total Space | 158.78 Gb Free Space | 55.41% Space Free | Partition Type: NTFS

Computer Name: JEFFBRANHAN-PC | User Name: Jeff Branhan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5792CD64-61B4-C448-0D22-3C51DD73AB2A}" = ATI Catalyst Install Manager
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E7F45C94-1D8C-4652-A290-AD73F1E35760}" = SmartFTP Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02950E10-1AA3-DF62-FED5-42CBD4ADC5C1}" = CCC Help Dutch
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{118F5964-DA03-7B46-BDEA-7C3FA203D293}" = CCC Help Spanish
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1696C54E-599A-4BA2-9941-BB70C4727887}" = Xtranormal State - Voicepack-English-UK-Daniel
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1CF51B76-7485-410C-D06D-23D1060974D3}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21759FAC-AE5F-F171-EB4C-D2FBF66EDD04}" = CCC Help Czech
"{219B4856-468A-F0BB-8249-E630AD4E86C2}" = ccc-core-static
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23EA31D7-28CD-F7B3-024C-6EB784F1BC79}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3669F19D-D7C2-3240-C4EC-A57DECC124FC}" = CCC Help Japanese
"{38A0161D-7CD3-51AD-0ACB-F46DD34D2FF6}" = CCC Help Greek
"{39670BCD-6300-21D8-78A4-ECD68D0C4D95}" = CCC Help Chinese Standard
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{467A3BF8-4C87-4E68-835C-CE5318C157C2}" = Xtranormal State - Voicepack-English-US-Tom
"{46A46830-50AA-3326-7A57-72BB03E6B3EC}" = CCC Help Hungarian
"{47984ADB-54E9-BE8F-E39F-8B1FAAD4B192}" = CCC Help Polish
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5570C266-C606-85BC-6E23-C858566E02DB}" = CCC Help Swedish
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E620377-939F-3E6B-F328-4A69D9CA0D1B}" = CCC Help French
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65F5F454-0029-045D-82ED-126F650B5C8F}" = Catalyst Control Center Graphics Previews Vista
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero Internet
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{836775DC-DC27-BC0C-7770-68E2591F6CC6}" = CCC Help Norwegian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838A22DF-81CA-4452-9BDD-A1745224D960}" = Xtranormal State - Voicepack-English-UK-Serena
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86236CB1-023D-82B2-A706-74ECFFA91A8E}" = Catalyst Control Center Graphics Previews Common
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4BD0EF-A058-3F42-0AD8-763267A735D0}" = Catalyst Control Center Graphics Full New
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8BE504E9-0677-87AC-07D2-1A1428E17A92}" = Catalyst Control Center InstallProxy
"{8EC4F64D-92E4-4274-9495-4C887D49DEC3}" = Xtranormal State
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{912536C4-273C-416F-B42C-BBC5B72114D7}" = Xtranormal State - Voicepack-English-US-Samantha
"{91D25D3C-A6D8-78D4-CDE7-F70B93389A03}" = CCC Help Italian
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher
"{9CBEAEF3-C6BA-4F0F-8DC2-03B12BC8CF2F}" = Remere's Map Editor
"{9CD5AC28-04E5-07A5-100D-953D2B3A8747}" = Catalyst Control Center Graphics Full Existing
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD8D84C3-D43A-776D-E4A8-2A4433BCBD32}" = CCC Help Korean
"{B0402CE4-783A-773C-239B-FF45BDFB400E}" = Catalyst Control Center Localization All
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B32B60B9-C31B-3193-257A-2381305A0851}" = CCC Help German
"{B3B66630-DA7C-BD66-DFA4-F37AC82873EE}" = CCC Help Danish
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5C314F7-928B-44E3-A8A3-169648B1077D}" = Xtranormal State - SoundPack-Starter Kit
"{B8615768-6D66-5E53-C4E1-6F7EC8D9BFFE}" = CCC Help English
"{C289841E-5B5F-0198-F3FF-CB361D007DA3}" = CCC Help Thai
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C7BC4EBB-D88F-019D-8ED0-F42F89096B18}" = CCC Help Turkish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D10D079D-EFDA-9601-98F8-F935A2A411A0}" = CCC Help Chinese Traditional
"{D28CB048-A0AB-4F98-909F-69F3F25AA87D}" = Xtranormal State - Showpak-Playgoz-Preview
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DFD723B7-1762-73EC-32BC-A7D9E838808D}" = Catalyst Control Center Graphics Light
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E819AA87-4215-D35A-6872-BF97C32A9DB3}" = CCC Help Finnish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF53DD60-C4E2-11DB-3D6C-167690F54AE1}" = Notation Composer 2.6 (Trial Version)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FD1F254C-48B2-A188-0127-03855BA15D16}" = CCC Help Portuguese
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.01.801
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CamStudio" = CamStudio
"Diablo II" = Diablo II
"Direct MIDI to MP3 Converter_is1" = Direct MIDI to MP3 Converter version 6.2.2.46
"Finale NotePad 2010" = Finale NotePad 2010
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MySpaceIM" = MySpaceIM
"NIS" = Norton Internet Security
"NortonPCCheckup" = Toshiba Laptop Checkup
"PdaNet_is1" = PdaNet Desktop (64 bit) for iPhone 1.54
"sfArk" = sfArk
"SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
"synfigstudio" = Synfig Studio
"Tibia Auto" = NSIS Example2
"Tibia_is1" = Tibia
"TMIPC" = Tibia MULTI-ip changer
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WT083877" = Chuzzle Deluxe
"WT083885" = Zuma's Revenge
"WT083898" = Virtual Villagers - The Secret City
"WT083903" = Escape Rosecliff Island
"WT083929" = Bejeweled 2 Deluxe
"WT083957" = Jewel Quest 3
"WT083958" = Penguins!
"WT083959" = Polar Bowler
"WT083969" = Virtual Families
"WT084018" = FATE - The Traitor Soul
"XBCD" = XBCD 1.07

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2010 7:05:57 AM | Computer Name = JeffBranhan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1061

Error - 12/27/2010 7:05:59 AM | Computer Name = JeffBranhan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/27/2010 7:05:59 AM | Computer Name = JeffBranhan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2059

Error - 12/27/2010 7:05:59 AM | Computer Name = JeffBranhan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2059

Error - 12/27/2010 7:06:00 AM | Computer Name = JeffBranhan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/27/2010 7:06:00 AM | Computer Name = JeffBranhan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3151

Error - 12/27/2010 7:06:00 AM | Computer Name = JeffBranhan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3151

Error - 12/27/2010 2:06:28 PM | Computer Name = JeffBranhan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/27/2010 2:06:29 PM | Computer Name = JeffBranhan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 25231991

Error - 12/27/2010 2:06:29 PM | Computer Name = JeffBranhan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 25231991

[ Media Center Events ]
Error - 10/19/2010 6:52:29 PM | Computer Name = JeffBranhan-PC | Source = MCUpdate | ID = 0
Description = 5:52:29 PM - Error connecting to the internet. 5:52:29 PM - Unable
to contact server..

Error - 10/19/2010 6:52:43 PM | Computer Name = JeffBranhan-PC | Source = MCUpdate | ID = 0
Description = 5:52:34 PM - Error connecting to the internet. 5:52:34 PM - Unable
to contact server..

Error - 10/20/2010 11:36:49 AM | Computer Name = JeffBranhan-PC | Source = MCUpdate | ID = 0
Description = 10:36:49 AM - Error connecting to the internet. 10:36:49 AM - Unable
to contact server..

Error - 10/20/2010 11:36:56 AM | Computer Name = JeffBranhan-PC | Source = MCUpdate | ID = 0
Description = 10:36:54 AM - Error connecting to the internet. 10:36:54 AM - Unable
to contact server..

Error - 10/20/2010 3:43:25 PM | Computer Name = JeffBranhan-PC | Source = MCUpdate | ID = 0
Description = 2:43:25 PM - Error connecting to the internet. 2:43:25 PM - Unable
to contact server..

Error - 10/20/2010 3:43:38 PM | Computer Name = JeffBranhan-PC | Source = MCUpdate | ID = 0
Description = 2:43:30 PM - Error connecting to the internet. 2:43:31 PM - Unable
to contact server..

Error - 10/21/2010 11:05:22 PM | Computer Name = JeffBranhan-PC | Source = MCUpdate | ID = 0
Description = 10:05:21 PM - Error connecting to the internet. 10:05:21 PM - Unable
to contact server..

Error - 10/21/2010 11:05:36 PM | Computer Name = JeffBranhan-PC | Source = MCUpdate | ID = 0
Description = 10:05:27 PM - Error connecting to the internet. 10:05:27 PM - Unable
to contact server..

Error - 10/24/2010 5:59:38 PM | Computer Name = JeffBranhan-PC | Source = MCUpdate | ID = 0
Description = 4:59:37 PM - Error connecting to the internet. 4:59:38 PM - Unable
to contact server..

Error - 10/24/2010 6:00:32 PM | Computer Name = JeffBranhan-PC | Source = MCUpdate | ID = 0
Description = 5:00:18 PM - Error connecting to the internet. 5:00:18 PM - Unable
to contact server..

[ System Events ]
Error - 10/21/2010 4:48:40 PM | Computer Name = JeffBranhan-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 10/21/2010 4:48:41 PM | Computer Name = JeffBranhan-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 10/21/2010 4:48:41 PM | Computer Name = JeffBranhan-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 10/21/2010 4:48:42 PM | Computer Name = JeffBranhan-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 10/24/2010 12:13:20 AM | Computer Name = JeffBranhan-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{15F25F40-328F-4281-B530-6E58F7392CEA}
because another computer on the network has the same name. The server could not
start.

Error - 10/24/2010 6:03:23 PM | Computer Name = JeffBranhan-PC | Source = bowser | ID = 8003
Description =

Error - 10/24/2010 6:15:32 PM | Computer Name = JeffBranhan-PC | Source = bowser | ID = 8003
Description =

Error - 10/27/2010 12:15:05 AM | Computer Name = JeffBranhan-PC | Source = DCOM | ID = 10010
Description =

Error - 10/27/2010 12:15:05 AM | Computer Name = JeffBranhan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80080005: Update for Windows 7 for x64-based Systems (KB2388210).

Error - 11/20/2010 3:35:12 PM | Computer Name = JeffBranhan-PC | Source = BugCheck | ID = 1001
Description =

< End of report >

Re: System Tool 20112nd January 2011, 1:01 am

Hello.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: System Tool 20112nd January 2011, 2:35 am

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5440

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/1/2011 8:35:04 PM
mbam-log-2011-01-01 (20-35-04).txt

Scan type: Quick scan
Objects scanned: 159868
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: System Tool 20113rd January 2011, 1:49 am

Hello.

Please download ComboFix System Tool 2011 Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: System Tool 20113rd January 2011, 6:16 am

ComboFix 11-01-02.03 - Jeff Branhan 01/03/2011 0:04.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2509 [GMT -6:00]
Running from: c:\users\Jeff Branhan\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\iPnKd06300
c:\programdata\iPnKd06300\iPnKd06300
c:\programdata\iPnKd06300\iPnKd06300.exe
c:\users\Jeff Branhan\AppData\Local\{AF1204B5-E0E4-4419-93D8-53762C686B8D}
c:\users\Jeff Branhan\AppData\Local\{AF1204B5-E0E4-4419-93D8-53762C686B8D}\chrome.manifest
c:\users\Jeff Branhan\AppData\Local\{AF1204B5-E0E4-4419-93D8-53762C686B8D}\chrome\content\_cfg.js
c:\users\Jeff Branhan\AppData\Local\{AF1204B5-E0E4-4419-93D8-53762C686B8D}\chrome\content\overlay.xul
c:\users\Jeff Branhan\AppData\Local\{AF1204B5-E0E4-4419-93D8-53762C686B8D}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
.

2011-01-03 06:08 . 2011-01-03 06:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-03 04:33 . 2011-01-03 04:33 -------- d-----w- c:\windows\en
2011-01-03 04:31 . 2011-01-03 04:31 -------- d-----w- c:\program files\Windows Live
2011-01-03 04:30 . 2011-01-03 04:30 -------- d-----w- c:\program files (x86)\MSN Toolbar
2011-01-03 04:30 . 2011-01-03 04:30 -------- d-----w- c:\program files (x86)\Bing Bar Installer
2011-01-03 04:30 . 2009-09-04 23:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-01-03 04:30 . 2009-09-04 23:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-01-03 04:29 . 2011-01-03 04:29 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c8ddc3d71cbaafe2d\InstallManager_WLE_WLE.exe
2011-01-03 04:28 . 2011-01-03 04:28 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\bae40f9f1cbaafe22\MeshBetaRemover.exe
2011-01-03 04:28 . 2011-01-03 04:28 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\adb24efd1cbaafe1a\DSETUP.dll
2011-01-03 04:28 . 2011-01-03 04:28 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\adb24efd1cbaafe1a\DXSETUP.exe
2011-01-03 04:28 . 2011-01-03 04:28 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\adb24efd1cbaafe1a\dsetup32.dll
2011-01-03 04:28 . 2011-01-03 04:28 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\acea5b661cbaafe19\DSETUP.dll
2011-01-03 04:28 . 2011-01-03 04:28 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\acea5b661cbaafe19\DXSETUP.exe
2011-01-03 04:28 . 2011-01-03 04:28 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\acea5b661cbaafe19\dsetup32.dll
2011-01-03 04:27 . 2011-01-03 04:27 -------- d-----w- c:\users\Jeff Branhan\AppData\Local\Windows Live
2011-01-03 04:27 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-01-03 04:27 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-01-03 04:27 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-01-01 22:23 . 2011-01-01 22:23 -------- d-----w- c:\users\Jeff Branhan\AppData\Roaming\Malwarebytes
2011-01-01 22:23 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-01 22:23 . 2011-01-01 22:23 -------- d-----w- c:\programdata\Malwarebytes
2011-01-01 22:23 . 2011-01-02 02:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-31 16:09 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F5B7597-3114-4766-A988-8E66012CF1BA}\mpengine.dll
2010-12-28 05:39 . 2010-12-28 05:51 -------- d-----w- c:\users\Jeff Branhan\Synfig
2010-12-28 05:38 . 2010-12-28 05:38 -------- d-----w- c:\program files (x86)\Synfig
2010-12-28 05:13 . 2010-12-28 05:13 -------- d-----w- c:\users\Jeff Branhan\AppData\Roaming\Acapela Group
2010-12-28 05:13 . 2010-12-28 05:13 -------- d-----w- c:\users\Jeff Branhan\AppData\Local\Xtranormal
2010-12-28 05:07 . 2010-12-28 05:07 -------- d-----w- c:\program files (x86)\Xtranormal
2010-12-28 05:06 . 2010-12-28 05:13 -------- d-----w- c:\users\Jeff Branhan\AppData\Roaming\Xtranormal
2010-12-24 12:25 . 2010-12-24 12:25 -------- d-----w- c:\program files (x86)\CamStudio
2010-12-20 01:15 . 2010-12-20 01:17 -------- d-----w- c:\program files (x86)\Tibia Auto2
2010-12-16 13:35 . 2010-12-16 13:36 -------- d-----w- c:\users\Jeff Branhan\AppData\Local\Turbine
2010-12-16 13:34 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2010-12-16 13:34 . 2007-03-12 22:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2010-12-16 13:33 . 2010-12-27 09:54 -------- d-----w- c:\users\Jeff Branhan\AppData\Local\ApplicationHistory
2010-12-16 13:31 . 2010-12-16 13:31 -------- d-----w- c:\windows\SysWow64\URTTEMP
2010-12-16 13:17 . 2010-12-16 13:17 -------- d-----w- c:\program files (x86)\Turbine
2010-12-16 06:21 . 2010-12-16 09:22 -------- d-----w- c:\users\Jeff Branhan\AppData\Local\PMB Files
2010-12-16 06:21 . 2010-12-16 06:21 -------- d-----w- c:\programdata\PMB Files
2010-12-16 06:21 . 2010-12-16 06:21 -------- d-----w- c:\program files (x86)\Pando Networks
2010-12-16 02:26 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-16 02:26 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-16 02:26 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-16 02:26 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-12-16 02:01 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-16 02:01 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-16 02:01 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-16 02:00 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-16 02:00 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 02:00 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-13 07:16 . 2010-12-13 07:17 -------- d-----w- c:\users\Jeff Branhan\AppData\Roaming\Remere's Map Editor
2010-12-13 07:16 . 2010-12-13 07:16 -------- d-----w- c:\program files (x86)\Remere's Map Editor
2010-12-08 23:00 . 2010-12-20 01:47 -------- d-----w- c:\program files (x86)\Tibia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-25 23:54 . 2010-09-04 14:58 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-10-25 23:54 . 2010-09-04 14:56 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-10-25 23:53 . 2010-09-04 14:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-10-25 23:53 . 2010-09-04 14:04 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-10-14 07:36 . 2010-10-14 07:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll
2010-10-14 07:36 . 2010-10-14 07:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-24 39408]
"MySpaceIM"="c:\program files (x86)\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-12-12 1242448]
"NetZero_uoltray"="c:\program files (x86)\NetZero\exec.exe" [2009-04-30 1706496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files (x86)\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]

c:\users\Jeff Branhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for iPhone\PdaNetPC.exe [2010-6-13 214480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2009-12-09 126392]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-09-25 115056]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 188928]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-23 75304]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]

.
Contents of the 'Scheduled Tasks' folder

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 22:46]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 22:46]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-01-29 517176]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Display All Images with Full Quality - "c:\program files (x86)\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files (x86)\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Jeff Branhan\AppData\Roaming\Mozilla\Firefox\Profiles\tipk8wz8.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-DS3 Tool - c:\program files\MotioninJoy\ds3\DS3_Tool.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Tibia_is1 - c:\program files (x86)\Tibia87\unins000.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"=""c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe" /s "NIS" /m "c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\diMaster.dll" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"=""c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe" /s "PCCUJobMgr" /m "c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-413858954-2217586818-2745873133-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-413858954-2217586818-2745873133-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_USERS\S-1-5-21-413858954-2217586818-2745873133-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{48E0BD6F-F534-3B2A-1530-7F18C525D2F2}*]
"oalmekmfkmjakjdmenfedjgcblciph"=hex:6a,61,68,68,6a,6e,6b,6c,65,67,70,70,6f,63,
6f,66,6d,63,6f,6b,00,00
"nanbklkiangchbnmnanojfbfonno"=hex:69,61,63,6a,6f,6b,63,6a,6f,64,65,6f,67,66,
6b,61,6f,67,00,00
"oahbggijpokoidjegbkidndglddeae"=hex:63,61,6c,68,6b,6b,00,00
"eadcojcbpi"=hex:68,62,64,6d,70,70,64,61,6a,62,66,65,68,6c,69,67,65,6c,63,6d,
6c,6c,66,70,70,67,67,67,69,62,6f,67,66,68,66,6f,62,6f,6e,62,68,6f,63,64,6d,\
"caibgk"=hex:64,62,6d,62,66,6a,65,66,6f,6f,6f,64,6b,67,63,6f,70,70,6c,6c,63,63,
68,6c,6d,63,63,66,6a,62,70,6c,63,6f,65,6a,67,6b,62,6c,00,00

[HKEY_USERS\S-1-5-21-413858954-2217586818-2745873133-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-03 00:11:02
ComboFix-quarantined-files.txt 2011-01-03 06:11

Pre-Run: 169,085,829,120 bytes free
Post-Run: 168,979,488,768 bytes free

- - End Of File - - 7FC10D3D2372268E853D1D214C2009B3

Re: System Tool 20114th January 2011, 1:23 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Re: System Tool 20114th January 2011, 11:57 pm

There were 2 threats, which were both found and removed. Here is the log if needed:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

EDIT:: I forgot to mention that ComboFix wouldn't uninstall by using 'Run'.

Re: System Tool 20116th January 2011, 12:32 am

Hello.

Updating Java:

Download the latest version of Java SE Runtime Environment (JRE) 6 Update 23.
Click the "Download JRE" button to the right.
In the Window that opens, select your platform, check the "agree" box, and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on jre-6u23-windows-i586.exe that you downloaded to install the newest version.

How is the machine running now?

System Tool 2011

descriptionSystem Tool 201131st December 2010, 11:18 pm

descriptionRe: System Tool 20111st January 2011, 12:56 am

descriptionRe: System Tool 20111st January 2011, 6:06 pm

descriptionRe: System Tool 20111st January 2011, 10:03 pm

descriptionRe: System Tool 20111st January 2011, 10:38 pm

descriptionRe: System Tool 20111st January 2011, 10:53 pm

descriptionRe: System Tool 20111st January 2011, 10:54 pm

descriptionRe: System Tool 20111st January 2011, 10:54 pm

descriptionRe: System Tool 20112nd January 2011, 1:01 am

descriptionRe: System Tool 20112nd January 2011, 2:35 am

descriptionRe: System Tool 20113rd January 2011, 1:49 am

descriptionRe: System Tool 20113rd January 2011, 6:16 am

descriptionRe: System Tool 20114th January 2011, 1:23 am

descriptionRe: System Tool 20114th January 2011, 11:57 pm

descriptionRe: System Tool 20116th January 2011, 12:32 am

descriptionRe: System Tool 2011

System Tool 201131st December 2010, 11:18 pm

Re: System Tool 20111st January 2011, 12:56 am

Re: System Tool 20111st January 2011, 6:06 pm

Re: System Tool 20111st January 2011, 10:03 pm

Re: System Tool 20111st January 2011, 10:38 pm

Re: System Tool 20111st January 2011, 10:53 pm

Re: System Tool 20111st January 2011, 10:54 pm

Re: System Tool 20111st January 2011, 10:54 pm

Re: System Tool 20112nd January 2011, 1:01 am

Re: System Tool 20112nd January 2011, 2:35 am

Re: System Tool 20113rd January 2011, 1:49 am

Re: System Tool 20113rd January 2011, 6:16 am

Re: System Tool 20114th January 2011, 1:23 am

Re: System Tool 20114th January 2011, 11:57 pm

Re: System Tool 20116th January 2011, 12:32 am

Re: System Tool 2011