Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Multiple Issues

Started by KCTIM , Apr 30 2011 02:37 AM

This topic is locked

#1
KCTIM

Posted 30 April 2011 - 02:37 AM

Member

Member
27 posts

Hi guys,
Been a long time since I've had to come here, usually I can remove things fairly easy, but I've gotten into a Bee's nest this time it would appear. Been fighting this for 3 days now and after looking on multiple sites (including here) I can't figure out how to get rid of this blasted thing. It started off as one of those fake Windows anti whatever 2011. It hid my entire desk top and all my programs in my start menu. I thought I had terminated the malware registries because i was able to unhide my desktop, but my start menu programs are still basically hidden and I can't figure out how to get them back. It'll show Microsoft Office, but show's empty to the right of that and same for nearly all my programs in the Start Menu. I know they're still on my hard drive because I can access Word off my tray.

Now My Internet Explorer and Firefox are both hijacked and redirecting whenever I do a search. My Auto Updates are also diabled and i can't re-enable them. I tried some suggestions I read on here, but TDSSKiller won't work on my computer even if I rename it and give it a .com extension.

I've run malwarebytes clean like 4 times and my SAV 3 times, both coming clean, but symptoms persist.

If you could help me get this blasted thing off my laptop, I will be grateful!

I'm desperate and have finals on Monday.

-Tim

OTL Report is as follows:

OTL logfile created on: 4/30/2011 3:10:53 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jamie Heinemann\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 150.00 Mb Available Physical Memory | 15.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.29 Gb Total Space | 2.41 Gb Free Space | 7.03% Space Free | Partition Type: NTFS
Drive D: | 8.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOBILEBEAST | User Name: Jamie Heinemann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 03:09:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jamie Heinemann\Desktop\OTL.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/01/24 16:51:28 | 000,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\TCtrlIOHook.exe
PRC - [2004/12/25 22:11:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\TDuPHook.exe
PRC - [2004/12/15 20:07:30 | 000,110,592 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Toshiba\Bay Service\BaySrvis.exe
PRC - [2004/12/07 08:24:38 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe
PRC - [2004/12/07 00:54:28 | 000,081,920 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
PRC - [2004/12/07 00:52:46 | 000,077,824 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMEEJME.exe
PRC - [2004/11/29 12:10:22 | 000,667,648 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\E-KEY\CeEKey.exe
PRC - [2004/11/11 13:43:56 | 000,126,976 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.exe
PRC - [2004/11/11 10:37:28 | 000,090,112 | R--- | M] (Prolific Technology Inc.) -- C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
PRC - [2004/11/10 14:14:08 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/10/25 18:23:10 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2004/10/15 13:27:56 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/10/15 13:27:38 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/10/15 13:23:12 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/09/15 18:03:08 | 000,135,168 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2004/07/14 19:07:32 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe
PRC - [2004/06/01 23:43:10 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2004/05/13 16:46:02 | 000,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2003/12/01 09:39:18 | 000,106,496 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_run.exe
PRC - [2003/12/01 09:38:08 | 000,172,032 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe
PRC - [2003/11/11 22:19:04 | 000,159,744 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe
PRC - [2003/09/05 06:24:46 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2003/08/05 02:43:04 | 000,045,056 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\HotFixQ0306270.exe
PRC - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe

========== Modules (SafeList) ==========

MOD - [2011/04/30 03:09:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jamie Heinemann\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 19:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
MOD - [2008/04/13 19:12:10 | 000,264,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wow32.dll
MOD - [2004/08/04 07:00:00 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tsappcmp.dll
MOD - [2003/12/01 09:38:50 | 000,110,592 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_dll.dll

========== Win32 Services (SafeList) ==========

SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/08/25 12:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/11/11 13:43:56 | 000,126,976 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2004/11/10 14:14:08 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/05/13 16:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 03:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110428.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110428.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/29 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/29 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (usb_rndis)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/03/20 07:33:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2005/01/08 16:52:16 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/12/15 17:22:08 | 000,010,240 | ---- | M] (Dritek System Inc.) [Kernel | Auto | Running] -- C:\Program Files\Toshiba\Bay Service\DPortIO.sys -- (DritekPortIO)
DRV - [2004/12/14 05:29:28 | 000,016,128 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2004/12/11 17:12:00 | 000,006,144 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\Program Files\Toshiba\Windows Utilities\spDispatch.sys -- (SPCtl)
DRV - [2004/12/11 17:12:00 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\HWS_IoDispatch.sys -- (HWSCtrl)
DRV - [2004/12/11 08:24:28 | 000,006,144 | ---- | M] (TOAHIBA, ) [Kernel | System | Running] -- C:\Program Files\Toshiba\DualPointUtility\DualPointDev.sys -- (DualPointDev)
DRV - [2004/12/11 05:52:14 | 000,006,144 | ---- | M] (TOSHIBA ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TCtrlIO.sys -- (TCtrlIO)
DRV - [2004/12/10 17:00:44 | 000,006,144 | ---- | M] (TOSHIBA) [Kernel | System | Running] -- C:\Program Files\Toshiba\Accessibility\StickyMesger.sys -- (StickyMesger)
DRV - [2004/12/10 11:29:50 | 000,006,144 | ---- | M] (TOAHIBA, ) [Kernel | System | Running] -- C:\Program Files\Toshiba\E-KEY\EKECioCtl.sys -- (EKECioCtl)
DRV - [2004/11/26 10:29:00 | 000,224,000 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/11/17 13:30:00 | 000,147,840 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/11/15 19:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/29 21:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/28 17:37:50 | 001,270,572 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/27 16:57:38 | 002,284,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/10/15 13:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/09/03 14:02:40 | 000,095,616 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2004/08/12 10:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/04 19:34:08 | 000,048,512 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2004/08/03 10:13:06 | 000,049,070 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2004/07/30 18:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SerTVOutCtlr)
DRV - [2004/07/30 02:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\Program Files\Toshiba\E-KEY\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 02:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\Program Files\Toshiba\E-KEY\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/07/16 03:24:34 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/07/09 12:07:34 | 000,036,531 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2004/06/16 14:19:58 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004/06/16 14:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/06/15 15:15:00 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALG.SYS -- (TVALG)
DRV - [2004/06/04 06:45:22 | 000,057,344 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2004/05/18 10:18:26 | 000,008,573 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2004/05/07 09:35:10 | 000,018,308 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/04/20 07:02:50 | 000,062,959 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2004/01/30 13:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/12/08 06:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 06:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2003/12/01 09:54:36 | 000,090,496 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_SYS.sys -- (KMW_SYS)
DRV - [2003/12/01 09:53:22 | 000,005,248 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_KBD.sys -- (KMW_KBD)
DRV - [2003/12/01 09:53:06 | 000,009,984 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2003/10/22 23:15:02 | 000,067,024 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/10/22 23:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/10/06 03:29:08 | 000,007,424 | R--- | M] (Prolific Technology Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PLFF.sys -- (PLFF)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A E3 F8 B3 DC 06 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 21:10:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/29 23:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jamie Heinemann\Application Data\Mozilla\Extensions
[2011/04/29 21:10:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/30 02:24:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (IEHlprObjClass) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Bay Service] C:\Program Files\TOSHIBA\Bay Service\BaySrvis.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe (Prolific Technology Inc.)
O4 - HKLM..\Run: [DPED] C:\WINDOWS\System32\TDuPHook.exe ()
O4 - HKLM..\Run: [DpUtil] C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe (PureEdge Solutions Inc.)
O4 - HKLM..\Run: [MSWheel] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PLFFAP] C:\WINDOWS\system32\HotFixQ0306270.exe (Prolific Technology Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TOSHIBA Accessibility] C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoomingHook] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\Jamie Heinemann\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - File not found
O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f55066b5-6c46-11e0-9229-0012f07c9ce1}\Shell - "" = AutoRun
O33 - MountPoints2\{f55066b5-6c46-11e0-9229-0012f07c9ce1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f55066b5-6c46-11e0-9229-0012f07c9ce1}\Shell\AutoRun\command - "" = E:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 03:09:50 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jamie Heinemann\Desktop\OTL.exe
[2011/04/30 02:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jamie Heinemann\Desktop\GooredFix Backups
[2011/04/30 01:45:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/30 01:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/30 01:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/30 01:44:50 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jamie Heinemann\Desktop\mbam-setup.exe
[2011/04/30 00:08:52 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/04/30 00:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jamie Heinemann\My Documents\Downloads
[2011/04/29 23:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\Mozilla
[2011/04/29 21:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/28 18:26:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jamie Heinemann\Recent
[2011/04/28 18:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jamie Heinemann\Application Data\Malwarebytes
[2011/04/28 18:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/21 14:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2011/04/21 11:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\Downloaded Installations
[2 C:\Documents and Settings\Jamie Heinemann\Desktop\*.tmp files -> C:\Documents and Settings\Jamie Heinemann\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 03:09:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jamie Heinemann\Desktop\OTL.exe
[2011/04/30 02:29:40 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/30 02:27:24 | 000,017,549 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/30 02:27:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/30 02:26:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 02:26:21 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/30 01:45:27 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 01:33:27 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jamie Heinemann\Desktop\mbam-setup.exe
[2011/04/30 01:32:46 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Jamie Heinemann\Desktop\eXplorer.exe
[2011/04/29 21:10:10 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Jamie Heinemann\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/29 21:10:10 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/29 20:40:17 | 000,006,132 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4
[2011/04/29 20:40:16 | 000,006,132 | -HS- | M] () -- C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4
[2011/04/28 22:24:29 | 000,009,216 | -HS- | M] () -- C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\m1dj00v761qom4ai5t3j52u8uojj8as03fy75t5
[2011/04/28 22:24:29 | 000,009,216 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\m1dj00v761qom4ai5t3j52u8uojj8as03fy75t5
[2011/04/28 18:18:02 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/28 18:17:42 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19390260r
[2011/04/28 18:17:42 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19390260
[2011/04/28 18:17:33 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\19390260
[2011/04/21 16:20:27 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/04/20 18:10:38 | 000,385,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/20 18:10:38 | 000,054,682 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/17 20:42:29 | 000,285,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/16 20:32:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/10 00:41:33 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Jamie Heinemann\Desktop\Microsoft Office Word 2003.lnk
[2011/04/09 17:45:10 | 000,000,096 | ---- | M] () -- C:\Documents and Settings\Jamie Heinemann\default.pls
[2011/04/09 17:45:07 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2 C:\Documents and Settings\Jamie Heinemann\Desktop\*.tmp files -> C:\Documents and Settings\Jamie Heinemann\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/30 01:45:27 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 01:43:26 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Jamie Heinemann\Desktop\eXplorer.exe
[2011/04/29 21:10:10 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Jamie Heinemann\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/29 21:10:10 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/29 21:10:10 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/29 20:39:18 | 000,006,132 | -HS- | C] () -- C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4
[2011/04/29 20:39:18 | 000,006,132 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4
[2011/04/28 22:23:27 | 000,009,216 | -HS- | C] () -- C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\m1dj00v761qom4ai5t3j52u8uojj8as03fy75t5
[2011/04/28 22:23:27 | 000,009,216 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\m1dj00v761qom4ai5t3j52u8uojj8as03fy75t5
[2011/04/28 22:09:23 | 1072,156,672 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/28 18:17:42 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260r
[2011/04/28 18:17:42 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260
[2011/04/28 18:17:20 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19390260
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2007/11/09 10:10:08 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/10 22:58:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/05/06 01:52:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2007/02/22 14:45:31 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/02/14 18:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2006/08/30 18:08:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/02/23 06:37:53 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/01/25 13:06:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\PureEdgeAPI.ini
[2006/01/25 13:06:51 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MSQOLE.DLL
[2006/01/17 15:49:01 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Jamie Heinemann\Application Data\wklnhst.dat
[2005/09/20 16:22:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2005/09/08 22:27:55 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2005/08/30 17:27:23 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/08/09 17:13:59 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 17:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/07/30 18:53:36 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\kmw_show.exe
[2005/07/24 17:09:28 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/23 20:58:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/07/23 03:24:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/07/06 11:40:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/06 11:30:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/07/06 11:30:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/07/06 11:30:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/07/06 11:30:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/07/06 11:30:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/07/06 11:30:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/07/06 11:26:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/07/06 11:26:31 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/07/06 11:26:28 | 000,001,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/07/06 11:26:28 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxhweq.dat
[2005/02/05 15:04:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2005/01/08 16:50:56 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/08 16:42:01 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/08 15:42:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/01/08 15:27:59 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/01/08 15:27:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/01/08 15:27:59 | 000,010,167 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/01/08 15:27:59 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/01/08 15:25:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/01/08 15:25:34 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/01/08 03:04:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/08 02:59:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/08 02:52:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/08 02:51:36 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/08 01:30:05 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/08 01:27:46 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/08 01:27:43 | 000,385,164 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/08 01:27:43 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/08 01:27:43 | 000,054,682 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/08 01:27:43 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/08 01:27:41 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/08 01:27:40 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/08 01:27:38 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/08 01:27:32 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/08 01:27:32 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/08 01:27:21 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/08 01:27:14 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/07 18:46:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/07 18:45:02 | 000,285,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/12/29 18:09:52 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2004/12/25 22:11:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\TDuPHook.exe
[2004/12/15 01:23:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TEDApi.dll
[2004/12/14 10:40:16 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2004/08/12 10:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/04 11:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/07/21 12:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/06/18 05:54:18 | 001,527,808 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll
[2004/06/18 05:47:48 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll
[2004/06/18 05:11:44 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/01/16 09:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 21:46:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/07/30 10:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/05 04:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2006/03/15 13:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2007/01/18 14:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/01/29 09:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/01/25 13:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2005/01/08 16:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/21 14:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2006/01/01 16:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\Datalayer
[2005/01/08 15:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\InterTrust
[2005/07/23 15:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\InterVideo
[2005/07/30 18:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\Kensington
[2009/07/25 21:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\Leadertech
[2007/06/09 17:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\MSNInstaller
[2006/01/01 16:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\Nokia
[2006/01/25 13:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\PureEdge
[2007/10/25 22:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\SecondLife
[2006/01/17 15:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\Template
[2005/11/30 05:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\toshiba
[2011/04/30 02:29:40 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

#2
Essexboy

Posted 30 April 2011 - 07:09 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there I can see multiple problems, which may entail you uninstalling AVG at some stage. This initiall fix may take a fair few minutes as I try to unhide all your files

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
[2011/04/29 20:40:17 | 000,006,132 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4
[2011/04/29 20:40:16 | 000,006,132 | -HS- | M] () -- C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4
[2011/04/28 22:24:29 | 000,009,216 | -HS- | M] () -- C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\m1dj00v761qom4ai5t3j52u8uojj8as03fy75t5
[2011/04/28 22:24:29 | 000,009,216 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\m1dj00v761qom4ai5t3j52u8uojj8as03fy75t5
[2011/04/28 18:17:42 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19390260r
[2011/04/28 18:17:42 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19390260
[2011/04/28 18:17:33 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\19390260

:Files
attrib -H c:\*.* /s /d /c
ipconfig /flushdns /c
C:\Documents and Settings\All Users\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4
C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\ge75n4sv4s6wc15a2mb56fem6cm642xx4
C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\m1dj00v761qom4ai5t3j52u8uojj8as03fy75t5
C:\Documents and Settings\All Users\Application Data\m1dj00v761qom4ai5t3j52u8uojj8as03fy75t5

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

FINALLY

Run OTL
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
KCTIM

Posted 30 April 2011 - 08:02 AM

Member

Topic Starter
Member
27 posts

Thanks for the quick response. My start menu items are still not back. It show's the first layer of items, but when you go beyond that it says empty. i.e. Microsoft office is showing there, but when you try to go one layer to the right, it show's empty instead of my software.

Here's the aswMBR.txt:

swMBR version 0.9.5 Copyright© 2011 AVAST Software
Run date: 2011-04-30 08:43:13
-----------------------------
08:43:13.296 OS Version: Windows 5.1.2600 Service Pack 3
08:43:13.296 Number of processors: 1 586 0xD08
08:43:13.296 ComputerName: MOBILEBEAST UserName:
08:43:14.531 Initialize success
08:43:31.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:43:31.671 Disk 0 Vendor: TOSHIBA_MK4026GAX PA100U Size: 38154MB BusType: 3
08:43:33.703 Disk 0 MBR read successfully
08:43:33.703 Disk 0 MBR scan
08:43:35.718 Disk 0 scanning sectors +78140160
08:43:35.718 Disk 0 scanning C:\WINDOWS\system32\drivers
08:43:45.765 Service scanning
08:43:46.968 Disk 0 trace - called modules:
08:43:47.015 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x872d11ed]<<
08:43:47.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872b4ab8]
08:43:47.031 3 CLASSPNP.SYS[f7543fd7] -> nt!IofCallDriver -> \Device\0000009b[0x872cdf18]
08:43:47.046 5 ACPI.sys[f749a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x872f1940]
08:43:47.062 \Driver\atapi[0x873438e8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x872d11ed
08:43:47.062 Scan finished successfully
08:44:00.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jamie Heinemann\Desktop\MBR.dat"
08:44:00.859 The log file has been saved successfully to "C:\Documents and Settings\Jamie Heinemann\Desktop\aswMBR.txt"

aswMBR version 0.9.5 Copyright© 2011 AVAST Software
Run date: 2011-04-30 08:43:13
-----------------------------
08:43:13.296 OS Version: Windows 5.1.2600 Service Pack 3
08:43:13.296 Number of processors: 1 586 0xD08
08:43:13.296 ComputerName: MOBILEBEAST UserName:
08:43:14.531 Initialize success
08:43:31.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:43:31.671 Disk 0 Vendor: TOSHIBA_MK4026GAX PA100U Size: 38154MB BusType: 3
08:43:33.703 Disk 0 MBR read successfully
08:43:33.703 Disk 0 MBR scan
08:43:35.718 Disk 0 scanning sectors +78140160
08:43:35.718 Disk 0 scanning C:\WINDOWS\system32\drivers
08:43:45.765 Service scanning
08:43:46.968 Disk 0 trace - called modules:
08:43:47.015 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x872d11ed]<<
08:43:47.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872b4ab8]
08:43:47.031 3 CLASSPNP.SYS[f7543fd7] -> nt!IofCallDriver -> \Device\0000009b[0x872cdf18]
08:43:47.046 5 ACPI.sys[f749a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x872f1940]
08:43:47.062 \Driver\atapi[0x873438e8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x872d11ed
08:43:47.062 Scan finished successfully
08:44:00.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jamie Heinemann\Desktop\MBR.dat"
08:44:00.859 The log file has been saved successfully to "C:\Documents and Settings\Jamie Heinemann\Desktop\aswMBR.txt"
08:44:59.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jamie Heinemann\Desktop\MBR.dat"
08:44:59.703 The log file has been saved successfully to "C:\Documents and Settings\Jamie Heinemann\Desktop\aswMBR.txt"

Here's the OTL, it only opened one notepad after running:

OTL logfile created on: 4/30/2011 8:47:55 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jamie Heinemann\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 346.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.29 Gb Total Space | 2.42 Gb Free Space | 7.06% Space Free | Partition Type: NTFS

Computer Name: MOBILEBEAST | User Name: Jamie Heinemann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 03:09:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jamie Heinemann\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/01/24 16:51:28 | 000,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\TCtrlIOHook.exe
PRC - [2004/12/25 22:11:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\TDuPHook.exe
PRC - [2004/12/15 20:07:30 | 000,110,592 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Toshiba\Bay Service\BaySrvis.exe
PRC - [2004/12/07 08:24:38 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe
PRC - [2004/12/07 00:54:28 | 000,081,920 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
PRC - [2004/12/07 00:52:46 | 000,077,824 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMEEJME.exe
PRC - [2004/11/29 12:10:22 | 000,667,648 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\E-KEY\CeEKey.exe
PRC - [2004/11/11 13:43:56 | 000,126,976 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.exe
PRC - [2004/11/11 10:37:28 | 000,090,112 | R--- | M] (Prolific Technology Inc.) -- C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
PRC - [2004/11/10 14:14:08 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/10/25 18:23:10 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2004/10/15 13:27:56 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/10/15 13:27:38 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/10/15 13:23:12 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/09/15 18:03:08 | 000,135,168 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2004/07/14 19:07:32 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe
PRC - [2004/06/01 23:43:10 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2004/05/13 16:46:02 | 000,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2003/12/01 09:39:18 | 000,106,496 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_run.exe
PRC - [2003/12/01 09:38:08 | 000,172,032 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe
PRC - [2003/11/11 22:19:04 | 000,159,744 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe
PRC - [2003/09/05 06:24:46 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2003/08/05 02:43:04 | 000,045,056 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\HotFixQ0306270.exe
PRC - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe

========== Modules (SafeList) ==========

MOD - [2011/04/30 03:09:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jamie Heinemann\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 19:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
MOD - [2008/04/13 19:12:10 | 000,264,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wow32.dll
MOD - [2004/08/04 07:00:00 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tsappcmp.dll
MOD - [2003/12/01 09:38:50 | 000,110,592 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_dll.dll

========== Win32 Services (SafeList) ==========

SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/08/25 12:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/11/11 13:43:56 | 000,126,976 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2004/11/10 14:14:08 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/05/13 16:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 03:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110428.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110428.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/29 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/29 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (usb_rndis)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/03/20 07:33:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2005/01/08 16:52:16 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/12/15 17:22:08 | 000,010,240 | ---- | M] (Dritek System Inc.) [Kernel | Auto | Running] -- C:\Program Files\Toshiba\Bay Service\DPortIO.sys -- (DritekPortIO)
DRV - [2004/12/14 05:29:28 | 000,016,128 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2004/12/11 17:12:00 | 000,006,144 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\Program Files\Toshiba\Windows Utilities\spDispatch.sys -- (SPCtl)
DRV - [2004/12/11 17:12:00 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\HWS_IoDispatch.sys -- (HWSCtrl)
DRV - [2004/12/11 08:24:28 | 000,006,144 | ---- | M] (TOAHIBA, ) [Kernel | System | Running] -- C:\Program Files\Toshiba\DualPointUtility\DualPointDev.sys -- (DualPointDev)
DRV - [2004/12/11 05:52:14 | 000,006,144 | ---- | M] (TOSHIBA ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TCtrlIO.sys -- (TCtrlIO)
DRV - [2004/12/10 17:00:44 | 000,006,144 | ---- | M] (TOSHIBA) [Kernel | System | Running] -- C:\Program Files\Toshiba\Accessibility\StickyMesger.sys -- (StickyMesger)
DRV - [2004/12/10 11:29:50 | 000,006,144 | ---- | M] (TOAHIBA, ) [Kernel | System | Running] -- C:\Program Files\Toshiba\E-KEY\EKECioCtl.sys -- (EKECioCtl)
DRV - [2004/11/26 10:29:00 | 000,224,000 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/11/17 13:30:00 | 000,147,840 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/11/15 19:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/29 21:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/28 17:37:50 | 001,270,572 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/27 16:57:38 | 002,284,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/10/15 13:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/09/03 14:02:40 | 000,095,616 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2004/08/12 10:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/04 19:34:08 | 000,048,512 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2004/08/03 10:13:06 | 000,049,070 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2004/07/30 18:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SerTVOutCtlr)
DRV - [2004/07/30 02:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\Program Files\Toshiba\E-KEY\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 02:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\Program Files\Toshiba\E-KEY\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/07/16 03:24:34 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/07/09 12:07:34 | 000,036,531 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2004/06/16 14:19:58 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004/06/16 14:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/06/15 15:15:00 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALG.SYS -- (TVALG)
DRV - [2004/06/04 06:45:22 | 000,057,344 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2004/05/18 10:18:26 | 000,008,573 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2004/05/07 09:35:10 | 000,018,308 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/04/20 07:02:50 | 000,062,959 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2004/01/30 13:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/12/08 06:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 06:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2003/12/01 09:54:36 | 000,090,496 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_SYS.sys -- (KMW_SYS)
DRV - [2003/12/01 09:53:22 | 000,005,248 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_KBD.sys -- (KMW_KBD)
DRV - [2003/12/01 09:53:06 | 000,009,984 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2003/10/22 23:15:02 | 000,067,024 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/10/22 23:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/10/06 03:29:08 | 000,007,424 | R--- | M] (Prolific Technology Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PLFF.sys -- (PLFF)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A E3 F8 B3 DC 06 CC 01 [binary data]
IE - HKU\S-1-5-21-3361997368-2367576671-3140262136-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 21:10:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/29 23:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jamie Heinemann\Application Data\Mozilla\Extensions
[2011/04/29 21:10:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/30 08:36:29 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (IEHlprObjClass) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3361997368-2367576671-3140262136-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Bay Service] C:\Program Files\TOSHIBA\Bay Service\BaySrvis.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe (Prolific Technology Inc.)
O4 - HKLM..\Run: [DPED] C:\WINDOWS\System32\TDuPHook.exe ()
O4 - HKLM..\Run: [DpUtil] C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe (PureEdge Solutions Inc.)
O4 - HKLM..\Run: [MSWheel] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PLFFAP] C:\WINDOWS\system32\HotFixQ0306270.exe (Prolific Technology Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TOSHIBA Accessibility] C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoomingHook] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3361997368-2367576671-3140262136-1005..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-3361997368-2367576671-3140262136-1005..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\Jamie Heinemann\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - File not found
O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f55066b5-6c46-11e0-9229-0012f07c9ce1}\Shell - "" = AutoRun
O33 - MountPoints2\{f55066b5-6c46-11e0-9229-0012f07c9ce1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f55066b5-6c46-11e0-9229-0012f07c9ce1}\Shell\AutoRun\command - "" = E:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183528496136192)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 08:42:39 | 000,574,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jamie Heinemann\Desktop\aswMBR.exe
[2011/04/30 08:22:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/30 03:09:50 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jamie Heinemann\Desktop\OTL.exe
[2011/04/30 02:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jamie Heinemann\Desktop\GooredFix Backups
[2011/04/30 01:45:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/30 01:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/30 01:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/30 01:44:50 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jamie Heinemann\Desktop\mbam-setup.exe
[2011/04/30 00:08:52 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/04/30 00:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jamie Heinemann\My Documents\Downloads
[2011/04/29 23:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\Mozilla
[2011/04/29 21:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/28 18:26:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jamie Heinemann\Recent
[2011/04/28 18:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jamie Heinemann\Application Data\Malwarebytes
[2011/04/28 18:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/21 14:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2011/04/21 11:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\Downloaded Installations
[2 C:\Documents and Settings\Jamie Heinemann\Desktop\*.tmp files -> C:\Documents and Settings\Jamie Heinemann\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 08:44:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jamie Heinemann\Desktop\MBR.dat
[2011/04/30 08:44:25 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\Jamie Heinemann\default.pls
[2011/04/30 08:44:21 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/30 08:42:40 | 000,574,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jamie Heinemann\Desktop\aswMBR.exe
[2011/04/30 08:41:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/30 08:40:13 | 000,017,549 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/30 08:40:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/30 08:38:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 08:38:29 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/30 08:36:29 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/30 03:09:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jamie Heinemann\Desktop\OTL.exe
[2011/04/30 01:45:27 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 01:33:27 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jamie Heinemann\Desktop\mbam-setup.exe
[2011/04/30 01:32:46 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Jamie Heinemann\Desktop\eXplorer.exe
[2011/04/29 21:10:10 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Jamie Heinemann\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/29 21:10:10 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Jamie Heinemann\Desktop\Mozilla Firefox.lnk
[2011/04/28 18:18:02 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/21 16:20:27 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/04/20 18:10:38 | 000,385,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/20 18:10:38 | 000,054,682 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/17 20:42:29 | 000,285,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/16 20:32:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/10 00:41:33 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Jamie Heinemann\Desktop\Microsoft Office Word 2003.lnk
[2 C:\Documents and Settings\Jamie Heinemann\Desktop\*.tmp files -> C:\Documents and Settings\Jamie Heinemann\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/30 08:44:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jamie Heinemann\Desktop\MBR.dat
[2011/04/30 01:45:27 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 01:43:26 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Jamie Heinemann\Desktop\eXplorer.exe
[2011/04/29 21:10:10 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Jamie Heinemann\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/29 21:10:10 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/29 21:10:10 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Jamie Heinemann\Desktop\Mozilla Firefox.lnk
[2011/04/28 22:09:23 | 1072,156,672 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2007/11/09 10:10:08 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/10 22:58:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/05/06 01:52:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2007/02/22 14:45:31 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/02/14 18:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2006/08/30 18:08:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/02/23 06:37:53 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/01/25 13:06:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\PureEdgeAPI.ini
[2006/01/25 13:06:51 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MSQOLE.DLL
[2006/01/17 15:49:01 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Jamie Heinemann\Application Data\wklnhst.dat
[2005/09/20 16:22:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2005/09/08 22:27:55 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2005/08/30 17:27:23 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/08/09 17:13:59 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 17:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/07/30 18:53:36 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\kmw_show.exe
[2005/07/24 17:09:28 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/23 20:58:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/07/23 03:24:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/07/06 11:40:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/06 11:30:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/07/06 11:30:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/07/06 11:30:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/07/06 11:30:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/07/06 11:30:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/07/06 11:30:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/07/06 11:26:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/07/06 11:26:31 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/07/06 11:26:28 | 000,001,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/07/06 11:26:28 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxhweq.dat
[2005/02/05 15:04:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2005/01/08 16:50:56 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/08 16:42:01 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/08 15:42:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/01/08 15:27:59 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/01/08 15:27:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/01/08 15:27:59 | 000,010,167 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/01/08 15:27:59 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/01/08 15:25:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/01/08 15:25:34 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/01/08 03:04:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/08 02:59:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/08 02:52:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/08 02:51:36 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/08 01:30:05 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/08 01:27:46 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/08 01:27:43 | 000,385,164 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/08 01:27:43 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/08 01:27:43 | 000,054,682 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/08 01:27:43 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/08 01:27:41 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/08 01:27:40 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/08 01:27:38 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/08 01:27:32 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/08 01:27:32 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/08 01:27:21 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/08 01:27:14 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/07 18:46:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/07 18:45:02 | 000,285,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/12/29 18:09:52 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2004/12/25 22:11:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\TDuPHook.exe
[2004/12/15 01:23:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TEDApi.dll
[2004/12/14 10:40:16 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2004/08/12 10:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/04 11:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/07/21 12:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/06/18 05:54:18 | 001,527,808 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll
[2004/06/18 05:47:48 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll
[2004/06/18 05:11:44 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/01/16 09:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 21:46:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/07/30 10:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/05 04:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2005/01/08 15:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2005/02/05 15:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2006/03/15 13:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2007/01/18 14:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/01/29 09:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/01/25 13:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2005/01/08 16:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/21 14:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2005/01/08 15:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2005/02/05 15:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2006/01/01 16:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\Datalayer
[2005/01/08 15:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\InterTrust
[2005/07/23 15:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\InterVideo
[2005/07/30 18:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\Kensington
[2009/07/25 21:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\Leadertech
[2007/06/09 17:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\MSNInstaller
[2006/01/01 16:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\Nokia
[2006/01/25 13:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\PureEdge
[2007/10/25 22:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\SecondLife
[2006/01/17 15:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\Template
[2005/11/30 05:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Heinemann\Application Data\toshiba
[2011/04/30 08:41:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2011/04/30 01:32:46 | 001,006,778 | ---- | M] () MD5=1429FFF7A09B103E43613273C24B7781 -- C:\Documents and Settings\Jamie Heinemann\Desktop\eXplorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\backup\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\backup\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\backup\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\backup\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/04/28 04:05:56 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/04/28 04:05:56 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/04/28 04:05:56 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/04/28 04:05:56 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/04/28 04:05:56 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/04/28 04:05:56 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< End of report >

#4
Essexboy

Posted 30 April 2011 - 08:06 AM

GeekU Moderator

Retired Staff
69,964 posts

There may be an attachment to your explorer so we will check that out

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 6 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

THEN

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#5
KCTIM

Posted 30 April 2011 - 08:53 AM

Member

Topic Starter
Member
27 posts

I'm trying to run the ComboFix right now on the infected PC, but it opens up what looks like a normal command prompt window, except the inside is a dark blue instead of black. The cmd prompt screen is blank except for the blinking text cursor in the top left and a C:\ Icon in the window title bar.

Doesn't appear to be running, when I try to close it the system freezes up and can't open or close anything.

Does ComboFix usually take a long time to run, or is it just not running right on my system?

#6
KCTIM

Posted 30 April 2011 - 09:22 AM

Member

Topic Starter
Member
27 posts

I tried running Combofix again and same thing. My Symantac Corporate is turned off, my windows defender is off. The blank blue command prompt window opens and just freezes and doesnt do anything else.

Here's the Rouge Killer report, it also created an RK Quarantine Folder on my desktop:

RogueKiller V5.0.0 [04/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Jamie Heinemann [Admin rights]
Mode: Shortcuts HJfix -- Date : 04/30/2011 09:29:25

Bad processes: 0

File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 9 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 3 / Fail 0

Finished : << RKreport[1].txt >>
RKreport[1].txt

#7
Essexboy

Posted 30 April 2011 - 09:24 AM

GeekU Moderator

Retired Staff
69,964 posts

Nope it is the malware stopping it - so lets use another programme - have your files/folders returned ?

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image

#8
KCTIM

Posted 30 April 2011 - 09:45 AM

Member

Topic Starter
Member
27 posts

It'll let me download the setup file for that one, and it'll let me install, but when I try to run it, it gives me the "encountered an error and needs to shut down click here for error report"

My programs haven't returned to the start menu yet either, still just the titles, but empty beyond that.

#9
KCTIM

Posted 30 April 2011 - 09:52 AM

Member

Topic Starter
Member
27 posts

my Windows automatic updates still won't enable either

#10
Essexboy

Posted 30 April 2011 - 09:59 AM

GeekU Moderator

Retired Staff
69,964 posts

Looks like we will have to work outside of windows... Can you burn programmes to disc ?

But first just give this a run - if it fails we will use the live cd version

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

#11
KCTIM

Posted 30 April 2011 - 11:19 AM

Member

Topic Starter
Member
27 posts

Ok, I was able to scan it in safe mode with the Dr. Web. It found one threat that it eradicated and cured a trojan. after the scan when I tried to save the log, it froze up a little, but when I rebooted in normal mode, there was a Dr. Web Excel. Here's the log it saved:

Process in memory: C:\WINDOWS\Explorer.EXE:1116;;BackDoor.Tdss.565;Eradicated.;
volsnap.sys;C:\WINDOWS\system32\drivers;Trojan.Tdlbase.1;Cured.;

I've tried google in both Internet Explorer and Firefox and I haven't had any redirects yet so I think we're on to something. However, my programs in the start menu are still not showing up and my auto update is still disabled.

#12
Essexboy

Posted 30 April 2011 - 11:23 AM

GeekU Moderator

Retired Staff
69,964 posts

OK I know what that one was now

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 6 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

THEN

Could you now try combofix

#13
KCTIM

Posted 30 April 2011 - 11:47 AM

Member

Topic Starter
Member
27 posts

I'm doing the Rouge killer and Combofix right now, but I think I spoke to soon. I tried using Internet Explorer and it kept forcing me to shut it down so Mozilla only. I'll post the logs when completed.

#14
Essexboy

Posted 30 April 2011 - 11:57 AM

GeekU Moderator

Retired Staff
69,964 posts

No we only killed part of it so far I am afraid - but Combofix should let em see the rest

#15
KCTIM

Posted 30 April 2011 - 12:15 PM

Member

Topic Starter
Member
27 posts

Ok on the Combo Fix it started running and got to the point where it downloads the Windows Extract tool, i clicked yes to accept the license agreement and a window popped up with the title "Windows XP Profession SP2 CD Boot Floppies and inside it said, "Extracting filed failed. It is most likely caused by low memory (Low disk space for swapping file) or corrupted cabinet file.

How much hard drive space do I need to download the extracting? I do have a small hard drive, but still have like 4G available.