Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

older xp laptop running too slow [Closed] [Solved]

Started by Todd von Wodd , Jul 03 2009 05:45 PM

This topic is locked

#1
Todd von Wodd

Posted 03 July 2009 - 05:45 PM

New Member

Member
3 posts

heeres my logs!

rooter:
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 13 Stepping 8, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 6.0.2900.5512
.
C:\ [Fixed-NTFS] .. ( Total:37 Go - Free:19 Go )
D:\ [CD_Rom]
.
Scan : 16:20.42
Path : C:\Documents and Settings\todd cruickshank\Desktop\Rooter.exe
User : todd cruickshank ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (580)
______ \??\C:\WINDOWS\system32\csrss.exe (640)
______ \??\C:\WINDOWS\system32\winlogon.exe (668)
______ C:\WINDOWS\system32\services.exe (712)
______ C:\WINDOWS\system32\lsass.exe (724)
______ C:\WINDOWS\system32\svchost.exe (896)
______ C:\WINDOWS\system32\svchost.exe (968)
______ C:\WINDOWS\System32\svchost.exe (1004)
______ C:\WINDOWS\system32\svchost.exe (1076)
______ C:\WINDOWS\system32\svchost.exe (1124)
______ C:\WINDOWS\Explorer.EXE (1536)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (1672)
______ C:\WINDOWS\system32\spoolsv.exe (1764)
______ C:\WINDOWS\system32\svchost.exe (1848)
______ C:\WINDOWS\system32\DVDRAMSV.exe (1880)
______ C:\WINDOWS\system32\svchost.exe (1956)
______ C:\WINDOWS\system32\wdfmgr.exe (1996)
______ C:\WINDOWS\system32\wbem\unsecapp.exe (636)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (916)
______ C:\WINDOWS\system32\wscntfy.exe (1036)
______ C:\WINDOWS\System32\alg.exe (1460)
______ C:\WINDOWS\system32\igfxtray.exe (184)
______ C:\WINDOWS\system32\hkcmd.exe (1292)
______ C:\Program Files\Apoint2K\Apoint.exe (1568)
______ C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (1524)
______ C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (1600)
______ C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (304)
______ C:\WINDOWS\system32\dla\tfswctrl.exe (1588)
______ C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (1644)
______ C:\WINDOWS\system32\ZoomingHook.exe (1112)
______ C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (1692)
______ C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe (1948)
______ C:\Program Files\Toshiba\Tvs\TvsTray.exe (2060)
______ C:\WINDOWS\system32\TCtrlIOHook.exe (2108)
______ C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (2128)
______ C:\Program Files\ltmoh\Ltmoh.exe (2144)
______ C:\WINDOWS\AGRSMMSG.exe (2156)
______ C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe (2164)
______ C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (2216)
______ C:\Program Files\Microsoft IntelliPoint\ipoint.exe (2260)
______ C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (2304)
______ C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (2340)
______ C:\Program Files\Apoint2K\Apntex.exe (2368)
______ C:\WINDOWS\system32\TPSBattM.exe (2376)
______ C:\WINDOWS\System32\svchost.exe (2380)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (2396)
______ C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (2420)
______ C:\WINDOWS\system32\ctfmon.exe (2428)
______ C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe (2564)
______ C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (2584)
______ C:\WINDOWS\system32\RAMASST.exe (2592)
______ C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (2608)
______ C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe (2652)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3288)
______ C:\Documents and Settings\todd cruickshank\Desktop\Rooter.exe (3100)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:40007729664)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Error Fix Scan.job
C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\Tasks\Registration reminder 3.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 16:21.02
.
C:\Rooter$\Rooter_1.txt - (03/07/2009 | 16:21.02)

MBAM log:

Malwarebytes' Anti-Malware 1.38
Database version: 2369
Windows 5.1.2600 Service Pack 3

7/3/2009 4:09:42 PM
mbam-log-2009-07-03 (16-09-42).txt

Scan type: Quick Scan
Objects scanned: 86631
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 38
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\abar.abarband.1 (Adware.Accoona) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asearchassist.adefaultsearch.1 (Adware.Accoona) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.amo (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.amo.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.momo (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.momo.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.ohb (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.ohb.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4a2c9def-83eb-4575-ad6c-2377fefc5122} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{56943d7c-2283-4d73-b2b1-46173b4844b4} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71c9109d-eb8d-49b9-9211-1cbe8a25a9aa} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{75f32b07-d45f-4d5b-9266-3863c65d5b29} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{84037416-6a70-46e5-9216-cdcc7e2513e7} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{94e14c33-2473-4185-9fa0-3d881bdb5c0b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{95d963d7-86e3-434e-bff6-fcddea5f9f24} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9dc10de5-5104-4554-aca0-d9f2d146cd4c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a140fe51-3136-4e0d-afda-1313b30adfef} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b41df4f9-0191-46e6-8107-16634fbc7f3c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{be1c526e-cccc-449c-a9cb-691b8c5e2769} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{be465556-f79d-476f-9457-74e49f8f400a} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8dfa789-47d3-4197-b187-23ae2d7dcf6a} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0277d0d-43c7-4eca-b8c4-545a2e71485b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ea166dbf-eac4-4d33-b48d-a40b8c8fdec1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0ed2f90-de03-46ad-97c1-709e5a49422c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{40331b9f-75e5-4e1e-b511-5aa6638b9ade} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6039e6c-bde9-4de5-bb40-768caa584fdc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\upmedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\spyshredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tppoll10 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\user32.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update loader (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rare (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\UpMedia\uninstallSE.exe (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\documents and settings\todd cruickshank\favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

aand
the OTL log:

OTL logfile created on: 7/3/2009 4:43:43 PM - Run 1
OTL by OldTimer - Version 3.0.6.4 Folder = C:\Documents and Settings\todd cruickshank\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

246.42 Mb Total Physical Memory | 78.79 Mb Available Physical Memory | 31.97% Memory free
605.15 Mb Paging File | 281.85 Mb Available in Paging File | 46.58% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 19.08 Gb Free Space | 51.20% Space Free | Partition Type: NTFS
Drive D: | 7.47 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-6210299699
Current User Name: todd cruickshank
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 7 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/06/29 09:50:11 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2003/05/22 22:38:26 | 00,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/08/04 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2004/11/01 18:03:44 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2004/11/01 17:59:42 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2003/10/30 01:46:18 | 00,192,512 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2004/11/29 22:06:26 | 00,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
PRC - [2005/01/21 22:48:50 | 00,675,840 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2004/12/16 05:09:46 | 00,933,888 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/01/14 02:05:00 | 00,122,939 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2004/09/07 15:03:20 | 01,077,301 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2004/07/14 17:07:32 | 00,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\ZoomingHook.exe
PRC - [2004/09/15 16:03:08 | 00,135,168 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2004/12/07 22:24:38 | 00,024,576 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
PRC - [2004/11/12 18:57:12 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/02/16 15:43:34 | 00,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\TCtrlIOHook.exe
PRC - [2004/11/30 22:26:34 | 00,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2004/12/06 07:53:36 | 00,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe
PRC - [2004/12/06 07:53:06 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/12/17 01:47:12 | 00,548,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2004/04/14 13:46:50 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/05/18 16:47:16 | 00,849,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2007/04/03 09:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2007/02/04 12:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2003/02/25 20:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
PRC - [2004/12/28 17:02:28 | 00,036,864 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TPSBattM.exe
PRC - [2009/06/29 09:50:14 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2004/12/30 01:32:20 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
PRC - [2001/11/02 03:22:54 | 00,311,296 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe
PRC - [2006/05/17 04:26:00 | 00,811,008 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2003/03/13 20:38:12 | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\RAMASST.exe
PRC - [2006/12/06 03:09:30 | 00,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2004/12/16 00:09:40 | 00,827,392 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
PRC - [2009/06/14 08:00:59 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/03 16:22:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\todd cruickshank\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/07/07 14:16:24 | 00,036,864 | ---- | M] () -- C:\WINDOWS\System32\ACS.exe -- (ACS [Disabled | Stopped])
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/11/30 07:05:10 | 00,425,984 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2002/04/11 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe -- (Brother XP spl Service [Disabled | Stopped])
SRV - [2004/11/09 20:14:08 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Disabled | Stopped])
SRV - [1999/12/12 18:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Disabled | Stopped])
SRV - [2003/05/22 22:38:26 | 00,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/04/13 17:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/06/29 09:50:11 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft...P...pdate&O1=b1
IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\todd cruickshank\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
IE - URLSearchHook: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\S-1-5-21-3378597288-2485911789-1589608216-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\S-1-5-21-3378597288-2485911789-1589608216-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/14 08:54:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/14 08:01:18 | 00,000,000 | ---D | M]

[2008/09/25 22:34:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\todd cruickshank\Application Data\mozilla\Extensions
[2008/09/25 22:34:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\todd cruickshank\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/08/16 07:57:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\todd cruickshank\Application Data\mozilla\Firefox\Profiles\lin1zzbv.default\extensions
[2008/09/25 22:34:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/14 08:01:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/14 08:00:57 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/14 08:00:57 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/14 08:01:03 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/05/09 06:56:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/05/09 06:56:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/09 06:56:09 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/09 06:56:09 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/05/09 06:56:09 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/09 06:56:09 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/09 06:56:09 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\todd cruickshank\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O3 - HKLM\..\Toolbar: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\todd cruickshank\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\..\Toolbar\WebBrowser: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\todd cruickshank\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe File not found
O4 - HKLM..\Run: [FaxCenterServer] File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKLM..\Run: [ZoomingHook] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006..\Run: [Error Fix] C:\Program Files\Error Fix\Error Fix.exe File not found
O4 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe File not found
O4 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\System32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\todd cruickshank\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O7 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O7 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\__c00F6CA6.dat) - C:\WINDOWS\System32\__c00F6CA6.dat File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O22 - SharedTaskScheduler: {cd0e4a1a-dbc2-48f7-9a6a-a41cac20bddc} - heterostyly - Reg Error: Key error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/11 01:16:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/08/23 18:03:25 | 00,000,041 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 7 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/07/03 16:21:58 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\todd cruickshank\Desktop\OTL.exe
[2009/07/03 16:21:02 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/03 16:20:29 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\todd cruickshank\Desktop\Rooter.exe
[2009/07/03 15:51:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\todd cruickshank\Application Data\Malwarebytes
[2009/07/03 15:51:47 | 00,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/03 15:51:42 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/03 15:51:40 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/03 15:51:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/03 15:51:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/27 10:03:55 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/06/27 10:00:03 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/27 09:49:31 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/06/27 09:49:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/06/27 09:25:03 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/06/27 09:25:01 | 00,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/06/27 09:13:53 | 00,000,452 | ---- | C] () -- C:\WINDOWS\tasks\Error Fix Scan.job
[2009/06/27 09:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\todd cruickshank\Application Data\Error Fix
[2009/06/27 08:47:40 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\todd cruickshank\Desktop\Ad-AwareAE.exe
[2009/06/27 08:37:09 | 00,000,069 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/06/27 08:23:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\todd cruickshank\Local Settings\Application Data\CyberDefender

========== Files - Modified Within 7 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/07/03 16:22:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\todd cruickshank\Desktop\OTL.exe
[2009/07/03 16:20:30 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\todd cruickshank\Desktop\Rooter.exe
[2009/07/03 16:12:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/03 16:12:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/03 16:12:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/03 16:12:01 | 25,846,1696 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/03 15:51:47 | 00,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/03 12:00:07 | 00,000,452 | ---- | M] () -- C:\WINDOWS\tasks\Error Fix Scan.job
[2009/06/29 09:51:24 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/27 09:47:32 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/06/27 09:25:01 | 00,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/06/27 09:10:08 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\todd cruickshank\Desktop\Ad-AwareAE.exe
[2009/06/27 08:37:09 | 00,000,069 | ---- | M] () -- C:\WINDOWS\st_affiliate.ini
[2009/06/27 08:23:39 | 00,000,787 | ---- | M] () -- C:\WINDOWS\win.ini
< End of report >

any and all hlp will be greatly appreciated.

#2
hammerman

Posted 04 July 2009 - 06:27 AM

Member 4k

Member
4,183 posts

Hello and welcome to GeeksToGo.
I'm hammerman and I'm going to help you fix your problem.

Please note that I am still in training and my replies need to be checked by an expert. This means there may be a small delay between my posts. Please bear with me.

I am looking through your log now and will reply as soon as possible.

Before we begin, I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.

#3
hammerman

Posted 04 July 2009 - 11:33 PM

Member 4k

Member
4,183 posts

Hi Todd von Wodd,

Can you please carry out the following steps.

-- Step 1 --

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - URLSearchHook: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\todd cruickshank\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
IE - URLSearchHook: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O2 - BHO: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\todd cruickshank\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\todd cruickshank\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O3 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\..\Toolbar\WebBrowser: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\todd cruickshank\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [FaxCenterServer] File not found
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006..\Run: [Error Fix] C:\Program Files\Error Fix\Error Fix.exe File not found
O4 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe File not found
O4 - HKLM..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\__c00F6CA6.dat) - C:\WINDOWS\System32\__c00F6CA6.dat File not found
O22 - SharedTaskScheduler: {cd0e4a1a-dbc2-48f7-9a6a-a41cac20bddc} - heterostyly - Reg Error: Key error. File not found
[2009/06/27 09:13:53 | 00,000,452 | ---- | C] () -- C:\WINDOWS\tasks\Error Fix Scan.job
[2009/06/27 09:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\todd cruickshank\Application Data\Error Fix

:Services

:Reg

:Files
C:\Program Files\eDonkey2000
C:\Program Files\Error Fix
C:\Program Files\SpyShredder
C:\Documents and Settings\todd cruickshank\Local Settings\Application Data\CyberDefender

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the log produced by this fix.

-- Step 2 --

I notice that you do not have an antivirus program running on your computer. Without this protection, you are extremely vulnerable to the ever-increasing number of viruses and malware present today. This is so important that I ask you to install an antivirus program before we proceed.

There are many free programs available for you to use. Two such programs are Avast from here or Avira from here. Please install ONE of these programs now and ensure you carry out a full update.

Please carry out a scan with your antivirus and post the results in your reply.

-- Step 3 --

Please carry out a fresh OTL scan.
Press the Run Scan, NOT the Quick Scan. Also select Use SafeList under ExtraRegistry, ensure File Age is set to 30 Days and select Minimal Output.
Post the two OTL reports in your reply.

#4
Todd von Wodd

Posted 07 July 2009 - 05:41 PM

New Member

Topic Starter
Member
3 posts

final OTL scan log:

OTL logfile created on: 7/7/2009 4:35:06 PM - Run 2
OTL by OldTimer - Version 3.0.6.4 Folder = C:\Documents and Settings\todd cruickshank\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

246.42 Mb Total Physical Memory | 45.41 Mb Available Physical Memory | 18.43% Memory free
605.25 Mb Paging File | 213.76 Mb Available in Paging File | 35.32% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 19.25 Gb Free Space | 51.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-6210299699
Current User Name: todd cruickshank
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2003/05/22 22:38:26 | 00,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/11/01 18:03:44 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2004/11/01 17:59:42 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2003/10/30 01:46:18 | 00,192,512 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2004/11/29 22:06:26 | 00,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
PRC - [2005/01/21 22:48:50 | 00,675,840 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2004/12/16 05:09:46 | 00,933,888 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/01/14 02:05:00 | 00,122,939 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2004/09/07 15:03:20 | 01,077,301 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2004/07/14 17:07:32 | 00,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\ZoomingHook.exe
PRC - [2004/09/15 16:03:08 | 00,135,168 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2004/12/07 22:24:38 | 00,024,576 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
PRC - [2004/11/12 18:57:12 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/02/16 15:43:34 | 00,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\TCtrlIOHook.exe
PRC - [2004/11/30 22:26:34 | 00,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2004/12/06 07:53:36 | 00,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe
PRC - [2004/12/06 07:53:06 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/12/17 01:47:12 | 00,548,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2004/04/14 13:46:50 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2003/02/25 20:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
PRC - [2007/05/18 16:47:16 | 00,849,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2007/04/03 09:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2007/02/04 12:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2004/12/30 01:32:20 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
PRC - [2004/12/28 17:02:28 | 00,036,864 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TPSBattM.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2001/11/02 03:22:54 | 00,311,296 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe
PRC - [2006/05/17 04:26:00 | 00,811,008 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2003/03/13 20:38:12 | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\RAMASST.exe
PRC - [2006/12/06 03:09:30 | 00,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2004/12/16 00:09:40 | 00,827,392 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
PRC - [2009/07/03 16:22:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\todd cruickshank\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/07/07 14:16:24 | 00,036,864 | ---- | M] () -- C:\WINDOWS\System32\ACS.exe -- (ACS [Disabled | Stopped])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/11/30 07:05:10 | 00,425,984 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2002/04/11 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe -- (Brother XP spl Service [Disabled | Stopped])
SRV - [2004/11/09 20:14:08 | 00,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Disabled | Stopped])
SRV - [1999/12/12 18:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Disabled | Stopped])
SRV - [2003/05/22 22:38:26 | 00,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/04/13 17:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2004/12/06 07:53:44 | 01,270,572 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2004/10/26 22:57:38 | 02,284,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2004/05/08 05:38:06 | 00,101,833 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2004/12/22 15:45:36 | 00,393,600 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running])
DRV - [2004/11/30 07:12:30 | 00,873,984 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/03/24 16:08:22 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2003/12/19 20:15:50 | 00,015,263 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
DRV - [2006/12/28 12:12:00 | 00,240,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\TP6810.sys -- (DCamUSBTP10 [On_Demand | Stopped])
DRV - [2004/08/17 04:21:00 | 00,087,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/12/23 03:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2004/11/01 18:27:20 | 00,773,565 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2003/09/11 00:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\System32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
DRV - [2005/08/26 07:23:53 | 00,015,890 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2004/01/29 19:32:32 | 00,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) -- C:\WINDOWS\System32\Drivers\meiudf.sys -- (meiudf [System | Running])
DRV - [2008/06/27 07:08:40 | 00,207,656 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2008/06/20 06:41:38 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2003/01/28 23:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2005/08/15 08:27:24 | 00,010,368 | R--- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
DRV - [2007/05/23 11:44:34 | 00,031,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/11/02 15:57:04 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/06/27 19:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/03 15:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2005/10/14 14:25:56 | 00,055,168 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\System32\drivers\sdcplh.sys -- (sdcplh [System | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2004/07/30 16:05:04 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\System32\drivers\EPIOMngr.sys -- (SerTVOutCtlr [System | Running])
DRV - [2004/06/16 12:19:58 | 00,046,080 | ---- | M] (SMSC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
DRV - [2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2004/07/30 00:05:04 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\System32\Drivers\EKIoMngr.sys -- (SrvcEKIOMngr [System | Running])
DRV - [2004/07/30 00:05:08 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\System32\Drivers\SSIoMngr.sys -- (SrvcSSIOMngr [System | Running])
DRV - [2004/12/02 12:04:20 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2004/12/02 12:04:10 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2002/01/24 14:43:40 | 00,006,528 | ---- | M] () -- C:\WINDOWS\System32\Drivers\Tbiosdrv.sys -- (TBiosDrv [On_Demand | Stopped])
DRV - [2005/01/14 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,087,706 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,099,098 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2005/01/14 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2005/02/10 18:52:36 | 00,157,056 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Stopped])
DRV - [2005/02/25 20:08:26 | 00,008,704 | ---- | M] (TOSHIBA ) -- C:\WINDOWS\System32\Drivers\TPwSav.sys -- (TPwSav [System | Running])
DRV - [2005/01/08 01:11:42 | 00,029,184 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft...P...pdate&O1=b1
IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - Reg Error: Key error. File not found
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - URLSearchHook: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\S-1-5-21-3378597288-2485911789-1589608216-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\S-1-5-21-3378597288-2485911789-1589608216-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/14 08:54:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/14 08:01:18 | 00,000,000 | ---D | M]

[2008/09/25 22:34:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\todd cruickshank\Application Data\mozilla\Extensions
[2008/09/25 22:34:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\todd cruickshank\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/08/16 07:57:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\todd cruickshank\Application Data\mozilla\Firefox\Profiles\lin1zzbv.default\extensions
[2008/09/25 22:34:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/14 08:01:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/14 08:00:57 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/14 08:00:57 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/14 08:01:03 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/05/09 06:56:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/05/09 06:56:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/09 06:56:09 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/09 06:56:09 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/05/09 06:56:09 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/09 06:56:09 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/09 06:56:09 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (316719 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10868 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ZoomingHook] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006..\Run: [Google Update] C:\Documents and Settings\todd cruickshank\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\System32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\todd cruickshank\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O7 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O7 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3378597288-2485911789-1589608216-1006\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/11 01:16:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/07 14:24:12 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/07 14:11:53 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/07 14:11:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/07/06 18:44:30 | 00,975,446 | ---- | C] () -- C:\Documents and Settings\todd cruickshank\My Documents\cc_20090706_184421.reg
[2009/07/06 18:37:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/07/06 18:37:14 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/07/06 18:26:23 | 00,001,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/07/06 18:25:36 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/07/06 18:25:36 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/07/06 18:25:36 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/07/06 18:25:36 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/07/06 18:25:35 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/07/06 18:25:23 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/07/06 18:25:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/07/06 17:56:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\todd cruickshank\My Documents\Downloads
[2009/07/06 17:55:35 | 00,002,438 | ---- | C] () -- C:\Documents and Settings\todd cruickshank\Desktop\Google Chrome.lnk
[2009/07/06 17:45:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\todd cruickshank\Local Settings\Application Data\Temp
[2009/07/06 17:45:49 | 00,001,022 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3378597288-2485911789-1589608216-1006UA.job
[2009/07/06 17:45:47 | 00,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3378597288-2485911789-1589608216-1006Core.job
[2009/07/03 19:05:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\todd cruickshank\Desktop\RealTemp_3.00
[2009/07/03 16:46:54 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/03 16:21:58 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\todd cruickshank\Desktop\OTL.exe
[2009/07/03 16:21:02 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/03 16:20:29 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\todd cruickshank\Desktop\Rooter.exe
[2009/07/03 15:51:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\todd cruickshank\Application Data\Malwarebytes
[2009/07/03 15:51:47 | 00,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/03 15:51:42 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/03 15:51:40 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/03 15:51:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/03 15:51:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/27 10:00:03 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/27 09:49:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/06/27 09:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\todd cruickshank\Application Data\Error Fix
[2009/06/27 08:37:09 | 00,000,069 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/06/23 15:34:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2007/11/21 18:20:05 | 00,000,012 | ---- | C] () -- C:\WINDOWS\EZMediaBox2.ini
[2007/11/21 18:17:16 | 00,000,012 | ---- | C] () -- C:\WINDOWS\EZLiveMonitor2.1.ini
[2007/11/21 18:17:15 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/11/21 18:17:15 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/11/21 18:10:48 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\CamLib10.Dll
[2007/06/09 20:28:36 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/05/07 12:09:24 | 00,000,070 | ---- | C] () -- C:\WINDOWS\A648F2AB.ini
[2007/05/06 18:37:23 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/02/18 20:03:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2006/10/14 18:08:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2006/01/20 19:40:45 | 00,000,626 | ---- | C] () -- C:\WINDOWS\NWDECDU.INI
[2005/09/12 08:22:33 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2005/09/12 08:22:33 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2005/08/30 03:41:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2005/08/30 03:23:11 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2005/08/30 03:22:28 | 00,000,234 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2005/08/30 03:22:28 | 00,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2005/08/30 03:22:27 | 00,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2005/08/30 03:22:27 | 00,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/08/30 03:16:53 | 00,027,404 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/08/26 07:46:12 | 00,000,191 | ---- | C] () -- C:\WINDOWS\WinHelp.ini
[2005/08/26 07:10:14 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/08/26 07:10:14 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/08/26 07:10:14 | 00,010,167 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/08/26 07:10:14 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/08/26 07:09:32 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2005/03/12 22:03:25 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/11 02:49:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/11 02:29:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/03/11 02:27:15 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/03/11 02:27:15 | 00,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/03/11 02:22:14 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/11 02:21:13 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/03/11 02:21:13 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/03/11 02:21:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/03/11 02:21:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/03/11 02:21:13 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/03/11 02:21:13 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/03/11 02:11:38 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.dll
[2005/03/11 02:07:48 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/03/11 01:19:47 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/03/10 23:58:45 | 00,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/10 23:58:25 | 00,000,787 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/03/10 23:58:23 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/03/02 22:02:32 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/03/01 16:36:58 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/02/17 16:51:56 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/02/16 15:37:56 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/02/16 15:36:30 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2004/12/07 02:40:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/13 12:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/11/17 23:37:20 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 09:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== Files - Modified Within 30 Days ==========

[2009/07/07 16:28:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/07 16:22:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/07 16:22:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/07 16:22:35 | 25,846,1696 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/07 14:59:51 | 00,316,719 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/07/07 14:50:13 | 00,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3378597288-2485911789-1589608216-1006UA.job
[2009/07/06 18:44:40 | 00,975,446 | ---- | M] () -- C:\Documents and Settings\todd cruickshank\My Documents\cc_20090706_184421.reg
[2009/07/06 18:26:23 | 00,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/07/06 17:55:35 | 00,002,438 | ---- | M] () -- C:\Documents and Settings\todd cruickshank\Desktop\Google Chrome.lnk
[2009/07/06 17:50:01 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3378597288-2485911789-1589608216-1006Core.job
[2009/07/03 16:22:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\todd cruickshank\Desktop\OTL.exe
[2009/07/03 16:20:30 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\todd cruickshank\Desktop\Rooter.exe
[2009/07/03 15:51:47 | 00,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/29 09:51:24 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/27 08:37:09 | 00,000,069 | ---- | M] () -- C:\WINDOWS\st_affiliate.ini
[2009/06/27 08:23:39 | 00,000,787 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/06/26 10:54:03 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/26 10:54:03 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/11 12:37:42 | 00,126,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
< End of report >

thanks again!

#5
hammerman

Posted 08 July 2009 - 02:24 PM

Member 4k

Member
4,183 posts

Hi Todd von Wodd,

Nice work and good choice of AV (same as mine

). We have a bit more to do though.

I should point out that 246Mb Physical Memory is a bit low for an XP system and this may explain some of your speed problems.

-- Step 1 --

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - URLSearchHook: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - Reg Error: Key error. File not found

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
This fix will produce a report. Please add this to your reply.

-- Step 2 --

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

-- Step 3 --

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

-- Step 4 --

Download and run Auslogics Disc Defragmenter

Please reply with
1. The OTL report from the fix carried out in Step 1
2. The Kaspersky scan report.
3. How is your computer running now?

#6
Essexboy

Posted 13 July 2009 - 12:32 PM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#7
hammerman

Posted 18 July 2009 - 12:40 AM

Member 4k

Member
4,183 posts

Hi Todd von Wodd,

Can you please post the logs. Thanks

#8
Todd von Wodd

Posted 19 July 2009 - 06:17 PM

New Member

Topic Starter
Member
3 posts

alright here are my logs:

OTL:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: todd cruickshank
->Temp folder emptied: 489071 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 31937258 bytes
->Google Chrome cache emptied: 24609048 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 148996 bytes

RecycleBin emptied: 0 bytes

---------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 15, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 16, 2009 00:09:34
Records in database: 2472541
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 53833
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 02:39:07

No malware has been detected. The scan area is clean.
The selected area was scanned.

computer is definitely running happier, a gig of ram is in the mail for it. haha.

#9
hammerman

Posted 20 July 2009 - 02:58 PM

Member 4k

Member
4,183 posts

Hi Todd von Wodd,

Congratulations, your computer is now clean

We now need to remove the tools we've been using.

-- Step 1 --

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

-- Step 2 --

Your backup files in the System Restore points may be infected and need to be cleared. The only way to do this is to turn off System Restore and then turn it back on again. This will delete all your backup files in the System Restore points, including any that are infected. You can then create a new restore point containing your clean files. Please follow these instructions.

Right-click on My Computer and select Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply then click Yes to confirm. This will remove all your System Restore points and infected files.
Now uncheck the Turn off System Restore, click Apply then OK.

A new Restore Point has now been created containing backup files for your computer that are clean. You can create additional Restore Points at any time. Click here for instructions.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.

Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

Adobe Updates

Your Adobe Reader needs updating. You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.

#10
Essexboy

Posted 24 July 2009 - 11:30 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.