Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE Script Error and Audio ads start playing when no windows are open


  • This topic is locked This topic is locked

#1
okyamot

okyamot

    Member

  • Member
  • PipPip
  • 13 posts
I have recently had a virus that caused a fake virus-cleaning program pop up (I don't remember the exact name, but it was MS something) and disabled many of the actual programs. Setting my computer back to a previous restore point got rid of that, but there has been a lingering problem where an Internet Exporer Script Error box pops up referencing two different urls ("http://ui.mevio.com/...dex.js?r=38312" and "http://nearlythenews..._medium=2a316b"). Also, occasionally an audio ad starts playing even if no IE window is open.

I've run a number of differenet spyware and virus programs - Spyware S&D, MalwareBytes, Trojan Remover and Norton AntiVirus -- and removed some files, but the script error persists. Each time I run them now, they don't find anything but cookies. I've attached the Hijak This results as well. Please Help!

Dan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:13 AM, on 4/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-tyc8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [Nike+ Connect] "C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1302450681031
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...ploader_v10.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://go.gwinnett....lln01/dwa7W.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O21 - SSODL: vagayanik - {8198ede4-bf5c-4cd4-bd07-27002b39439e} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {8198ede4-bf5c-4cd4-bd07-27002b39439e} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10435 bytes
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there Hijackthis no longer provides sufficient data to work with

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Click on Scan all users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
okyamot

okyamot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-04-10 12:46:06
-----------------------------
12:46:06.515 OS Version: Windows 5.1.2600 Service Pack 3
12:46:06.515 Number of processors: 1 586 0xD08
12:46:06.515 ComputerName: SASHA UserName: Dan
12:46:07.750 Initialize success
12:46:28.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:46:28.328 Disk 0 Vendor: TOSHIBA_MK6034GSX AH101A Size: 57231MB BusType: 3
12:46:30.375 Disk 0 MBR read successfully
12:46:30.390 Disk 0 MBR scan
12:46:32.406 Disk 0 scanning sectors +117210240
12:46:32.406 Disk 0 scanning C:\WINDOWS\system32\drivers
12:46:39.390 Service scanning
12:46:43.046 Disk 0 trace - called modules:
12:46:43.062 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x896c81ed]<<
12:46:43.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8973eab8]
12:46:43.062 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8979dd98]
12:46:43.062 \Driver\atapi[0x8979f4a0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x896c81ed
12:46:43.062 Scan finished successfully



OTL logfile created on: 4/10/2011 12:55:42 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1824 3648 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.65 Gb Total Space | 3.87 Gb Free Space | 6.96% Space Free | Partition Type: NTFS

Computer Name: SASHA | User Name: Dan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Dan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\efacli.dll (Symantec Corporation)
MOD - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\bushell.dll (Symantec Corporation)
MOD - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccl90u.dll (Symantec Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()


========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110409.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110409.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110408.001\IDSXpx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (KR10N) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (VNUSB) -- C:\WINDOWS\system32\drivers\VNUSB.sys (OLYMPUS OPTICAL CO.,LTD.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-tyc8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8
IE - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/02 18:50:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/04/08 23:36:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011/04/08 07:08:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/08 18:43:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/08 18:43:44 | 000,000,000 | ---D | M]

[2009/09/11 22:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2011/04/09 09:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\stf9yuf8.default\extensions
[2010/11/24 16:13:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\stf9yuf8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/11 20:56:05 | 000,000,000 | ---D | M] ("BitDefender QuickScanner") -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\stf9yuf8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)
[2009/12/11 23:54:33 | 000,002,424 | -H-- | M] () -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\stf9yuf8.default\searchplugins\askcom.xml
[2011/04/09 09:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 11:44:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/03 22:13:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 18:47:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/08 07:08:37 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2011/04/08 23:36:36 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2010/04/05 18:48:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/17 11:49:10 | 000,428,637 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14760 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmartDefrag] File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1302450681031 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://go.gwinnett....lln01/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: vagayanik - {8198ede4-bf5c-4cd4-bd07-27002b39439e} - CLSID or File not found.
O22 - SharedTaskScheduler: {8198ede4-bf5c-4cd4-bd07-27002b39439e} - tokatiluy - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/04 22:30:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {A563AF18-40CB-B010-4B1F-0B74D86284BE} - Outlook Express
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2011/04/10 12:48:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2011/04/09 10:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/04/09 02:11:07 | 000,000,000 | ---D | C] -- C:\Rooter$
[2011/04/09 00:44:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/09 00:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/08 23:55:29 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdi.sys
[2011/04/08 23:55:29 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdiv.sys
[2011/04/08 23:55:28 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.sys
[2011/04/08 23:55:28 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.sys
[2011/04/08 23:55:28 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.sys
[2011/04/08 23:55:28 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.sys
[2011/04/08 23:55:27 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.sys
[2011/04/08 23:55:27 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\ironx86.sys
[2011/04/08 23:40:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0403000.005
[2011/04/08 07:03:25 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/04/08 07:03:25 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/04/08 07:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/08 07:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/08 07:02:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/04/08 07:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/04/08 07:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2011/04/08 07:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Suite
[2011/04/08 06:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Symantec
[2011/04/08 06:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/08 06:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/04/07 23:41:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\Recent
[2011/04/07 23:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Workshop
[2011/04/07 21:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/07 19:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/04/07 19:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/04/07 06:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/06 22:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\oCk06504jJfDl06504
[2011/04/03 23:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\BlackBerry
[2005/11/04 22:59:49 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/10 12:51:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/10 12:48:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2011/04/10 12:48:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\MBR.dat
[2011/04/09 22:11:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/09 22:08:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3C64AD9E-4F22-434B-956F-DEC59C5A5723}.job
[2011/04/09 10:23:35 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\HijackThis.lnk
[2011/04/09 09:31:38 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2011/04/09 09:30:23 | 000,651,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB
[2011/04/09 02:00:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-SASHA-Dan.job
[2011/04/09 00:44:53 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/08 07:03:24 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/04/08 07:03:24 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/04/08 07:03:24 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/04/08 07:03:24 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/04/07 23:44:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/07 06:26:51 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2011/04/07 06:25:31 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407220r
[2011/04/07 06:25:31 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407220
[2011/04/03 23:29:17 | 001,883,320 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\LoaderBackup-(2011-04-03).ipd
[2011/04/03 23:03:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011/04/03 23:03:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/04/02 09:29:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/27 21:57:33 | 000,288,538 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\pet agreement.pdf
[2011/03/24 18:36:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/18 09:03:03 | 000,364,725 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\2010 TurboTaxReturn.pdf
[2011/03/16 06:58:17 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/16 06:58:17 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/12 11:57:42 | 000,003,833 | ---- | M] () -- C:\WINDOWS\machine.ver
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/10 12:48:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\MBR.dat
[2011/04/09 10:23:35 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\HijackThis.lnk
[2011/04/09 09:29:58 | 000,651,716 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB
[2011/04/09 00:44:53 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/08 23:55:29 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.inf
[2011/04/08 23:55:28 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.cat
[2011/04/08 23:55:28 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.cat
[2011/04/08 23:55:28 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.cat
[2011/04/08 23:55:28 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.cat
[2011/04/08 23:55:28 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.cat
[2011/04/08 23:55:28 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.cat
[2011/04/08 23:55:28 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.inf
[2011/04/08 23:55:28 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.inf
[2011/04/08 23:55:28 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.inf
[2011/04/08 23:55:28 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.inf
[2011/04/08 23:55:28 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.inf
[2011/04/08 23:55:27 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.cat
[2011/04/08 23:55:27 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.cat
[2011/04/08 23:55:27 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.inf
[2011/04/08 23:55:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.inf
[2011/04/08 23:40:21 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\isolate.ini
[2011/04/08 07:03:25 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/04/08 07:03:25 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/04/08 07:03:13 | 000,002,021 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2011/04/06 23:43:15 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220r
[2011/04/06 23:43:15 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220
[2011/04/06 22:46:20 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2011/04/06 21:57:23 | 000,140,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/03 23:29:17 | 001,883,320 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\LoaderBackup-(2011-04-03).ipd
[2011/04/03 23:03:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011/04/03 23:03:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/03/27 21:57:33 | 000,288,538 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\pet agreement.pdf
[2011/03/18 09:03:01 | 000,364,725 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\2010 TurboTaxReturn.pdf
[2011/03/06 19:22:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/11 17:13:14 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2010/04/15 07:04:56 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/04/15 07:04:56 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2010/04/15 07:04:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/04/15 07:04:56 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/03/18 19:58:07 | 000,011,118 | -HS- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\EY8wI8
[2010/02/25 23:17:28 | 000,012,770 | -HS- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\621Yn0On344RP
[2010/02/10 08:30:25 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/18 00:54:25 | 000,013,961 | -HS- | C] () -- C:\WINDOWS\System32\boyokoso.dll
[2010/01/18 00:54:25 | 000,013,955 | -HS- | C] () -- C:\WINDOWS\System32\sulejere.dll
[2010/01/17 17:18:11 | 000,121,278 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2010/01/17 17:18:11 | 000,002,885 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2010/01/17 12:54:24 | 000,013,961 | -HS- | C] () -- C:\WINDOWS\System32\jukohani.dll
[2010/01/17 12:54:23 | 000,013,955 | -HS- | C] () -- C:\WINDOWS\System32\fawuruvo.dll
[2010/01/17 12:54:23 | 000,013,331 | -HS- | C] () -- C:\WINDOWS\System32\nofohogo.exe
[2010/01/17 12:54:23 | 000,013,322 | -HS- | C] () -- C:\WINDOWS\System32\sonusoya.exe
[2010/01/13 00:35:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/01/12 10:08:03 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\figalega.dll
[2009/12/18 10:51:58 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/09 21:06:53 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/12/09 19:46:20 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\housecall.guid.cache
[2009/11/19 22:39:08 | 000,033,496 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/07 17:58:52 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/09/05 14:58:07 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\fusioncache.dat
[2009/09/05 14:57:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2009/09/05 14:57:45 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2009/09/05 14:57:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009/09/05 14:57:26 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2009/09/05 14:57:26 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2009/09/05 14:53:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/29 18:52:15 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/11/29 18:22:11 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2005/11/29 18:22:11 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2005/11/29 18:22:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/29 18:22:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/11/29 18:16:48 | 000,004,528 | R--- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2005/11/11 18:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/07 13:00:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/07 12:27:47 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/11/05 00:09:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/05 00:07:42 | 000,000,363 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/05 00:03:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/05 00:03:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/05 00:03:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/05 00:03:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/05 00:03:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/05 00:03:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/04 23:31:32 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/11/04 23:27:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/11/04 22:59:49 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/11/04 22:31:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/11/04 22:28:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/04 22:26:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/04 20:56:25 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/04 20:53:47 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2005/11/04 20:53:47 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2005/11/04 20:53:47 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2005/11/04 20:53:47 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2005/11/04 20:53:47 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2005/11/04 20:53:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/11/04 20:53:10 | 000,443,034 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/11/04 20:53:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/11/04 20:53:10 | 000,072,134 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/11/04 20:53:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/11/04 20:53:08 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/11/04 20:53:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/11/04 20:53:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/11/04 20:52:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/11/04 20:52:54 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/11/04 20:52:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\notepad.dll.vir
[2005/11/04 20:52:40 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/11/04 20:52:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/11/04 14:23:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/04 14:22:17 | 003,481,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/24 19:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/06/10 19:59:16 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

========== LOP Check ==========

[2010/04/17 10:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2005/11/04 23:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2010/07/25 12:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/01/10 12:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2011/01/10 12:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/01/23 17:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/03/05 13:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nike
[2011/04/07 23:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oCk06504jJfDl06504
[2009/09/07 19:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/04/17 17:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/11/30 00:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/06 18:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/12/09 21:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011/04/08 22:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/23 18:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2005/11/05 00:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/19 09:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/15 23:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/27 09:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Amazon
[2011/04/09 18:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\BitTorrent
[2010/10/13 23:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/25 12:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\DAEMON Tools Pro
[2010/01/16 13:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\GARMIN
[2011/01/19 01:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\gtk-2.0
[2011/01/30 23:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\IObit
[2010/12/18 10:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\MyPublisher
[2009/09/08 11:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\OpenOffice.org
[2010/12/10 00:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\PriceGong
[2009/12/09 23:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\QuickScan
[2011/03/06 18:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Research In Motion
[2010/04/15 07:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Simply Super Software
[2010/11/30 00:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/03 00:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\toshiba
[2011/04/08 20:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\TuneUpMedia
[2010/01/16 18:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Uniblue
[2009/09/15 22:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Viewpoint
[2005/11/04 23:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2011/04/09 22:08:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3C64AD9E-4F22-434B-956F-DEC59C5A5723}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >



OTL Extras logfile created on: 4/10/2011 12:55:42 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1824 3648 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.65 Gb Total Space | 3.87 Gb Free Space | 6.96% Space Free | Partition Type: NTFS

Computer Name: SASHA | User Name: Dan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3310541259-1069810073-1025482198-1006\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66468F4D-BC4E-470C-9093-B3B6A1BB378C}" = MSN Toolbar Platform
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0C18BB0-32CA-4679-B422-9B9FA825378F}" = HP Deskjet Printer Driver Software 9.0
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"ATI Display Driver" = ATI Display Driver
"BitTorrent" = BitTorrent
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"CDisplayEx_is1" = CDisplayEx 1.4
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX Setup
"FileASSASSIN" = FileASSASSIN
"Foxit PDF Editor" = Foxit PDF Editor
"Free RAR Extract Frog" = Free RAR Extract Frog
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"IObit Security 360_is1" = IObit Security 360
"LG USB Drivers" = LG USB Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MyPublisher" = MyPublisher
"N360" = Norton Security Suite
"Nike+ Connect" = Nike+ Connect
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Picasa 3" = Picasa 3
"Power Saver" = TOSHIBA Power Saver
"RealPlayer 6.0" = RealPlayer Basic
"Smart Defrag_is1" = Smart Defrag
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trojan Remover_is1" = Trojan Remover 6.8.2
"TuneUpMedia" = TuneUp Companion 1.9.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3310541259-1069810073-1025482198-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/4/2011 11:35:01 PM | Computer Name = SASHA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/4/2011 11:35:01 PM | Computer Name = SASHA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 50735

Error - 4/4/2011 11:35:01 PM | Computer Name = SASHA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 50735

Error - 4/8/2011 6:20:56 PM | Computer Name = SASHA | Source = Bonjour Service | ID = 100
Description = 348: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/8/2011 6:20:56 PM | Computer Name = SASHA | Source = Bonjour Service | ID = 100
Description = 360: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/8/2011 6:20:56 PM | Computer Name = SASHA | Source = Bonjour Service | ID = 100
Description = 372: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/8/2011 9:26:55 PM | Computer Name = SASHA | Source = Application Error | ID = 1000
Description = Faulting application applemobilebackup.exe, version 17.752.8.187,
faulting module corefoundation.dll, version 1.550.36.0, fault address 0x00060daf.

Error - 4/9/2011 9:13:34 AM | Computer Name = SASHA | Source = Bonjour Service | ID = 100
Description = 348: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/9/2011 9:13:34 AM | Computer Name = SASHA | Source = Bonjour Service | ID = 100
Description = 360: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/9/2011 9:13:34 AM | Computer Name = SASHA | Source = Bonjour Service | ID = 100
Description = 372: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 4/9/2011 10:11:17 PM | Computer Name = SASHA | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 4/9/2011 10:12:45 PM | Computer Name = SASHA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86 ccHP eeCtrl Fips intelppm sptd SRTSPX SymIRON SYMTDI

Error - 4/9/2011 10:12:47 PM | Computer Name = SASHA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/10/2011 11:50:57 AM | Computer Name = SASHA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/10/2011 11:50:58 AM | Computer Name = SASHA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/10/2011 11:51:03 AM | Computer Name = SASHA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/10/2011 11:51:19 AM | Computer Name = SASHA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/10/2011 11:51:26 AM | Computer Name = SASHA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/10/2011 11:51:26 AM | Computer Name = SASHA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/10/2011 12:49:30 PM | Computer Name = SASHA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

Thanks for your help,

Dan
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once this has run can you let me know if any of the problems are resolved

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O21 - SSODL: vagayanik - {8198ede4-bf5c-4cd4-bd07-27002b39439e} - CLSID or File not found.
    O22 - SharedTaskScheduler: {8198ede4-bf5c-4cd4-bd07-27002b39439e} - tokatiluy - Reg Error: Key error. File not found
    [2011/04/06 22:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\oCk06504jJfDl06504
    [2011/04/07 06:26:51 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18407220
    [2011/04/07 06:25:31 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407220r
    [2011/04/07 06:25:31 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407220
    [2010/03/18 19:58:07 | 000,011,118 | -HS- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\EY8wI8
    [2010/02/25 23:17:28 | 000,012,770 | -HS- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\621Yn0On344RP
    [2010/01/18 00:54:25 | 000,013,961 | -HS- | C] () -- C:\WINDOWS\System32\boyokoso.dll
    [2010/01/18 00:54:25 | 000,013,955 | -HS- | C] () -- C:\WINDOWS\System32\sulejere.dll
    [2010/01/17 12:54:24 | 000,013,961 | -HS- | C] () -- C:\WINDOWS\System32\jukohani.dll
    [2010/01/17 12:54:23 | 000,013,955 | -HS- | C] () -- C:\WINDOWS\System32\fawuruvo.dll
    [2010/01/17 12:54:23 | 000,013,331 | -HS- | C] () -- C:\WINDOWS\System32\nofohogo.exe
    [2010/01/17 12:54:23 | 000,013,322 | -HS- | C] () -- C:\WINDOWS\System32\sonusoya.exe
    [2010/01/13 00:35:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
    [2010/01/12 10:08:03 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\figalega.dll
    [2011/04/07 23:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oCk06504jJfDl06504

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\All Users\Application Data\oCk06504jJfDl06504

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
okyamot

okyamot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
That didnt' work. It still has the same error messages. Does it make a difference that I was doing all of the fixes while in Safe Mode?

Here's the new OTL output
OTL logfile created on: 4/11/2011 6:51:51 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 12.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1824 3648 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.65 Gb Total Space | 2.96 Gb Free Space | 5.31% Space Free | Partition Type: NTFS

Computer Name: SASHA | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
PRC - C:\Program Files\TuneUpMedia\TuneUpApp.exe ()
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\IObit\IObit Security 360\is360.exe (IObit)
PRC - C:\Program Files\IObit\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
PRC - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS Corporation.)
PRC - C:\TOSHIBA\IVP\ISM\Ivpsvmgr.exe (TOSHIBA Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Dan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asoehook.dll (Symantec Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\IObit\IObit Security 360\is360mon.dll (IObit)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()


========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110410.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110410.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110408.001\IDSXpx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (KR10N) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (VNUSB) -- C:\WINDOWS\system32\drivers\VNUSB.sys (OLYMPUS OPTICAL CO.,LTD.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-tyc8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8
IE - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/02 18:50:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/04/08 23:36:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011/04/08 07:08:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/08 18:43:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/08 18:43:44 | 000,000,000 | ---D | M]

[2009/09/11 22:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2011/04/09 09:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\stf9yuf8.default\extensions
[2010/11/24 16:13:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\stf9yuf8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/11 20:56:05 | 000,000,000 | ---D | M] ("BitDefender QuickScanner") -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\stf9yuf8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)
[2009/12/11 23:54:33 | 000,002,424 | -H-- | M] () -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\stf9yuf8.default\searchplugins\askcom.xml
[2011/04/10 13:52:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 11:44:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/03 22:13:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 18:47:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/10 13:52:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/08 07:08:37 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2011/04/08 23:36:36 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2010/04/05 18:48:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/10 13:28:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmartDefrag] File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1302450681031 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://go.gwinnett....lln01/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/04 22:30:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3310541259-1069810073-1025482198-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/10 13:28:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/10 12:48:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2011/04/09 10:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/04/09 02:11:07 | 000,000,000 | ---D | C] -- C:\Rooter$
[2011/04/09 00:44:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/09 00:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/08 23:55:29 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdi.sys
[2011/04/08 23:55:29 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdiv.sys
[2011/04/08 23:55:28 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.sys
[2011/04/08 23:55:28 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.sys
[2011/04/08 23:55:28 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.sys
[2011/04/08 23:55:28 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.sys
[2011/04/08 23:55:27 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.sys
[2011/04/08 23:55:27 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\ironx86.sys
[2011/04/08 23:40:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0403000.005
[2011/04/08 07:03:25 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/04/08 07:03:25 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/04/08 07:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/08 07:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/08 07:02:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/04/08 07:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/04/08 07:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2011/04/08 07:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Suite
[2011/04/08 06:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Symantec
[2011/04/08 06:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/08 06:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/04/07 23:41:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\Recent
[2011/04/07 23:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Workshop
[2011/04/07 21:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/07 19:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/04/07 19:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/04/07 06:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/03 23:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\BlackBerry
[2005/11/04 22:59:49 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 30 Days ==========

[2011/04/11 06:58:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3C64AD9E-4F22-434B-956F-DEC59C5A5723}.job
[2011/04/10 13:33:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/10 13:33:09 | 1273,221,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/10 13:28:54 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/10 12:51:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/10 12:48:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2011/04/10 12:48:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\MBR.dat
[2011/04/09 10:23:35 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\HijackThis.lnk
[2011/04/09 09:31:38 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2011/04/09 09:30:23 | 000,651,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB
[2011/04/09 02:00:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-SASHA-Dan.job
[2011/04/09 00:44:53 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/08 07:03:24 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/04/08 07:03:24 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/04/08 07:03:24 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/04/08 07:03:24 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/04/07 23:44:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/03 23:29:17 | 001,883,320 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\LoaderBackup-(2011-04-03).ipd
[2011/04/03 23:03:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011/04/03 23:03:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/04/02 09:29:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/27 21:57:33 | 000,288,538 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\pet agreement.pdf
[2011/03/24 18:36:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/18 09:03:03 | 000,364,725 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\2010 TurboTaxReturn.pdf
[2011/03/16 06:58:17 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/16 06:58:17 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/12 11:57:42 | 000,003,833 | ---- | M] () -- C:\WINDOWS\machine.ver

========== Files Created - No Company Name ==========

[2011/04/10 13:33:09 | 1273,221,120 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/10 12:48:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\MBR.dat
[2011/04/09 10:23:35 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\HijackThis.lnk
[2011/04/09 09:29:58 | 000,651,716 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB
[2011/04/09 00:44:53 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/08 23:55:29 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.inf
[2011/04/08 23:55:28 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.cat
[2011/04/08 23:55:28 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.cat
[2011/04/08 23:55:28 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.cat
[2011/04/08 23:55:28 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.cat
[2011/04/08 23:55:28 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.cat
[2011/04/08 23:55:28 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.cat
[2011/04/08 23:55:28 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.inf
[2011/04/08 23:55:28 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.inf
[2011/04/08 23:55:28 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.inf
[2011/04/08 23:55:28 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.inf
[2011/04/08 23:55:28 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.inf
[2011/04/08 23:55:27 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.cat
[2011/04/08 23:55:27 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.cat
[2011/04/08 23:55:27 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.inf
[2011/04/08 23:55:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.inf
[2011/04/08 23:40:21 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\isolate.ini
[2011/04/08 07:03:25 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/04/08 07:03:25 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/04/08 07:03:13 | 000,002,021 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2011/04/06 21:57:23 | 000,140,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/03 23:29:17 | 001,883,320 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\LoaderBackup-(2011-04-03).ipd
[2011/04/03 23:03:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011/04/03 23:03:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/03/27 21:57:33 | 000,288,538 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\pet agreement.pdf
[2011/03/18 09:03:01 | 000,364,725 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\2010 TurboTaxReturn.pdf
[2011/03/06 19:22:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/11 17:13:14 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2010/04/15 07:04:56 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/04/15 07:04:56 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2010/04/15 07:04:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/04/15 07:04:56 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/02/10 08:30:25 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/17 17:18:11 | 000,121,278 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2010/01/17 17:18:11 | 000,002,885 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2009/12/18 10:51:58 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/09 21:06:53 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/12/09 19:46:20 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\housecall.guid.cache
[2009/11/19 22:39:08 | 000,033,496 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/07 17:58:52 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/09/05 14:58:07 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\fusioncache.dat
[2009/09/05 14:57:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2009/09/05 14:57:45 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2009/09/05 14:57:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009/09/05 14:57:26 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2009/09/05 14:57:26 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2009/09/05 14:53:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/29 18:52:15 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/11/29 18:22:11 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2005/11/29 18:22:11 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2005/11/29 18:22:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/29 18:22:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/11/29 18:16:48 | 000,004,528 | R--- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2005/11/11 18:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/07 13:00:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/07 12:27:47 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/11/05 00:09:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/05 00:07:42 | 000,000,363 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/05 00:03:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/05 00:03:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/05 00:03:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/05 00:03:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/05 00:03:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/05 00:03:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/04 23:31:32 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/11/04 23:27:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/11/04 22:59:49 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/11/04 22:31:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/11/04 22:28:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/04 22:26:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/04 20:56:25 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/04 20:53:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/11/04 20:53:10 | 000,443,034 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/11/04 20:53:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/11/04 20:53:10 | 000,072,134 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/11/04 20:53:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/11/04 20:53:08 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/11/04 20:53:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/11/04 20:53:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/11/04 20:52:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/11/04 20:52:54 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/11/04 20:52:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\notepad.dll.vir
[2005/11/04 20:52:40 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/11/04 20:52:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/11/04 14:23:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/04 14:22:17 | 003,481,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/24 19:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/06/10 19:59:16 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

========== LOP Check ==========

[2010/04/17 10:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2005/11/04 23:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2010/07/25 12:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/01/10 12:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2011/01/10 12:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/01/23 17:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/03/05 13:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nike
[2009/09/07 19:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/04/17 17:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/11/30 00:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/06 18:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/12/09 21:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011/04/08 22:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/23 18:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2005/11/05 00:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/19 09:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/15 23:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/27 09:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Amazon
[2011/04/09 18:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\BitTorrent
[2010/10/13 23:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/25 12:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\DAEMON Tools Pro
[2010/01/16 13:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\GARMIN
[2011/01/19 01:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\gtk-2.0
[2011/01/30 23:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\IObit
[2010/12/18 10:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\MyPublisher
[2009/09/08 11:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\OpenOffice.org
[2010/12/10 00:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\PriceGong
[2009/12/09 23:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\QuickScan
[2011/03/06 18:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Research In Motion
[2010/04/15 07:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Simply Super Software
[2010/11/30 00:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/03 00:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\toshiba
[2011/04/11 06:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\TuneUpMedia
[2010/01/16 18:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Uniblue
[2009/09/15 22:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Viewpoint
[2005/11/04 23:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2011/04/11 06:58:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3C64AD9E-4F22-434B-956F-DEC59C5A5723}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

Thanks,
Dan
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK then I will need to expand the search area for this miscreant - But, first lets get the big boy out. Do all of this in normal mode please

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

THEN

Run OTL with the following settings

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT


[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • 0

#7
okyamot

okyamot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I'm having issues even using the ComboFix. I've disabled all antivirus and anti spyware software, to the point of uninstalling Norton temporarily just to make sure the processes weren't running. After giving me the disclaimermessage at the beginning, I click Yes and a blue window with a blinking cursor pops up and that's it. It freezes up and I have to restart the computer. I've tried redownloading it and leaving it running while I was at work, but nothing chaged. The blue window was still there when I got back.

Is there another program that I could use?

Dan
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I think I know what is causing that - two programmes for you to use. The first is fairly fast - if it finds nothing then proceed to the second programme. If it finds anything related to MBR then let it fix it and try combofix again

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

IF THAT FINDS NOTHING

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#9
okyamot

okyamot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok, so the problem has gone from bad to worse.

The first program that you suggested wouldn't start at all once I downloaded it, so I tried the second one. It ran and searched about 47%, finding Virus.Win32.tdss.e, a bad file at windows/system32/drivers/udsnap.sys and MEM: Rootkit.Win32.sst.a. After only searcing that much it suggested a disenfection process that requred a reboot and now it is in a constant reboot loop, with a blue screen popping up saying something along the lines of it was restarting to protect the computer.

I'm replying now on a different computer, so please say there's something I can do about this without completely wiping the computer and losing all of my files.

Thanks,
Dan
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When the computer restarts immediately press F8 continuously to enter the safe mode menu

Once there select safe mode with networking - let me know if that stops the loop
  • 0

Advertisements


#11
okyamot

okyamot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
It actually gives me the option to start it in different modes each time it restarts. I've tried starting it in safe mode, sm w/ networking, and with the last good settings all of which came to the same blue screened result.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is obviously a new and resilient version of TDL3

Do you have access to a cd burner so that we can work outside of windows ?

If so I will use OTLPE to replace the bad file windows/system32/drivers/udsnap.sys with a clean copy

Please print these instruction out so that you know what you are doing

Latest version: v3.1.46.0

OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB

  • Download this scan.txt to a USB drive [attachment=49210:scan.txt]
  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :D

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Double click the Custom scans and fixes box
  • In the dialogue locate the scan.txt you have on the USB
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#13
okyamot

okyamot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok. I'm up to step 8 of your directions, but can't find the OTLPE icon to click on. There's nothing but my computer and my network places on the Reatogo desktop. Should I be looking on the cd?

Dan
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes have a look on the CD - I will see if anyone has come across this before
  • 0

#15
okyamot

okyamot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I was able to run OLTPE from the cd, but steps 9-12 didn't happen ...

(9.Select the Windows folder of the infected drive if it asks for a location
10.When asked "Do you wish to load the remote registry", select Yes
11.When asked "Do you wish to load remote user profile(s) for scanning", select Yes
12.Ensure the box "Automatically Load All Remaining Users" is checked and press OK)

... it seemed to only be scanning on the cd where it tried unsucsessfully to create the output text file.

Furthermore, after turning off the computer and restarting the os from the cd, an error message popped up -- Unexpected error (32768) occured at line 5199 in d:\xpsprtm\base\boot\setup\setup.c --- but it didn't stop the os from loading.

Does any of this ring a bell? Is there an options menu on OTL where I can direct it to look at the C drive?

Thanks for your help.

Dan
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP