Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

Malware (from fake adobe flashplayer update download) removal help nee


  • This topic is locked This topic is locked

#1
hilljamie94

hilljamie94

    Member

  • Member
  • PipPip
  • 10 posts
Hello,

I recently tried to watch a video on a website, when I pressed play a small screen popped up telling me that I needed to update my Adobe Flash Player. It looked like the proper update screen so I saved the file and installed it into my computer, I noticed during the installation that the file had no mention of "Adobe" in it and looked more like rfgtc.exe (or something similar, it may not have been .exe on the end). After the installation, the file dissapeared from view, and from my downloads folder, and I started to hear a video playing (completely unrelated to the video I had tried to play previously). I couldnt find this video and it wasn't on any of my internet screens that were loaded. Then internet explorer would try to pop up (even though I use firefox) with what looked like malware websites, my Kaspersky (free version, it ran out a few months ago) tried to block both internet explorer and firefox from starting up. I selected the option 'skip' so I could access my internet (though a few times before I did press the 'terminate process' option).

I tried to scan my computer with Kaspersky, but it was taking too long so I rebooted my computer and entered safe mode. I used system restore and everything seemed to be okay. However, after a while my kaspersky tried to block my internet again, and I kept hearing clicks, the sort of clicks that you can hear if you press to use something on the internet. Then when I tried to access my Tumblr account, I typed Tumblr into google and pressed on the link that appeared and it redirected me to some other website (what I can again suspect was malware or adware), not all links did the same, and sometimes if I typed in a specific web address into the address bar, it would go straight to the intended website.

I came onto this website looking for help and I followed the steps described here on this thread: http://www.geekstogo...ogle-redirects/

However, I skipped the first step (as somewhere on a reply stated that the first step wasn't necessary, as it was back up) and on step 2 I couldnt find the 'clipboard' so I didnt copy and paste anything into a clipboard. However I followed all the other steps completely, but they found no trace of malware or a virus or whatever. So I'm at a bit of a loss at what to do, I'll include any extra notes at the bottom of what I think may be helpful to you to figure out what's wrong and I'll also include my OTL log.

Notes:

Whenever Kaspersky tries to block the internet from working, it refers to a file/process with "WINDOWS.EXPLORER" (or something similar) in the title.

OTL Log:

OTL logfile created on: 30/04/2011 12:12:38 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\blake owen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 336.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 900 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 24.68 Gb Free Space | 44.17% Space Free | Partition Type: NTFS

Computer Name: JAMIE | User Name: blake owen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 12:10:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTL.exe
PRC - [2011/04/29 18:35:59 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/08 10:17:30 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/12/09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/02/23 19:22:09 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/26 16:53:12 | 000,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
PRC - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2006/04/12 16:31:20 | 000,638,976 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2005/12/21 13:52:56 | 001,077,330 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/12/20 12:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2005/12/05 13:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/28 12:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 12:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/04/11 11:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 12:10:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/06/26 16:53:26 | 000,091,400 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/02/23 19:22:09 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/06/26 16:53:12 | 000,218,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP)
SRV - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2005/12/20 12:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - [2011/04/13 21:40:18 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys -- (RapportCerberus_25973)
DRV - [2011/04/08 10:17:38 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/04/08 10:17:36 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/05/12 13:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlashUSB.sys -- (FlashUSB)
DRV - [2009/08/12 14:45:04 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/12 14:45:03 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2007/09/02 09:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/04/04 14:58:26 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 13:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/03/14 10:57:56 | 000,449,024 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2006/09/05 20:09:26 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex)
DRV - [2006/09/05 19:07:00 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
DRV - [2006/05/23 11:59:09 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/04/25 09:01:48 | 000,043,776 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/04/25 01:00:46 | 000,083,584 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/04/25 01:00:46 | 000,083,584 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2006/04/18 15:12:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/04/18 00:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/23 17:59:36 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/03/23 17:59:32 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/03/23 17:59:28 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/03/18 15:36:42 | 001,155,584 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 18:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/01/05 16:31:20 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/12/05 09:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/28 13:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/11/16 00:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 18:36:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 18:36:17 | 000,000,000 | ---D | M]

[2010/02/17 01:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\blake owen\Application Data\Mozilla\Extensions
[2011/04/29 16:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\blake owen\Application Data\Mozilla\Firefox\Profiles\v9zc86vd.default\extensions
[2010/02/17 02:44:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\blake owen\Application Data\Mozilla\Firefox\Profiles\v9zc86vd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/17 19:09:30 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\blake owen\Application Data\Mozilla\Firefox\Profiles\v9zc86vd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/29 16:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 16:30:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/29 21:38:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/25 11:39:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/01 16:43:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/14 17:15:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/01/10 16:29:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/23 14:52:30 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 14:52:30 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 14:52:30 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 14:52:31 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/30 11:19:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKCU..\Run: [ares] File not found
O4 - HKCU..\Run: [GHWAUC6NNZ] File not found
O4 - HKCU..\Run: [msnmsgr] File not found
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\blake owen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\blake owen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/23 08:39:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 12:10:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTL.exe
[2011/04/30 11:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\blake owen\Desktop\tdsskiller
[2011/04/30 11:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\blake owen\Desktop\GooredFix Backups
[2011/04/30 11:19:34 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/04/30 11:16:10 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\blake owen\Desktop\GooredFix.exe
[2011/04/30 11:15:43 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTM.exe
[2011/04/29 17:31:29 | 000,136,704 | ---- | C] (videosoft) -- C:\WINDOWS\Mnyjaa.exe
[2011/04/29 15:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Essentials Codec Pack
[2011/04/29 15:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\blake owen\Start Menu\Programs\Essentials Codec Pack
[2011/04/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\blake owen\Local Settings\Application Data\Trusteer
[2011/04/18 09:19:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\blake owen\Recent
[2011/04/08 10:17:38 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 12:16:29 | 000,722,208 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/04/30 12:13:08 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/04/30 12:10:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTL.exe
[2011/04/30 12:03:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/30 11:44:03 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 11:39:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/30 11:36:16 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/30 11:36:10 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/04/30 11:36:08 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\Ztfe.job
[2011/04/30 11:35:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 11:35:38 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/30 11:34:30 | 001,040,416 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2011/04/30 11:34:30 | 000,093,188 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2011/04/30 11:19:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/30 11:16:52 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\blake owen\Desktop\tdsskiller.zip
[2011/04/30 11:16:10 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\blake owen\Desktop\GooredFix.exe
[2011/04/30 11:15:44 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTM.exe
[2011/04/30 08:17:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2011/04/29 17:31:18 | 000,136,704 | ---- | M] (videosoft) -- C:\WINDOWS\Mnyjaa.exe
[2011/04/29 17:31:18 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\dosxp.dll
[2011/04/29 16:53:29 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\blake owen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/29 15:49:36 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\blake owen\Desktop\Media Player Classic.lnk
[2011/04/26 10:31:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/15 10:44:05 | 000,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 03:17:21 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 03:17:21 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/08 10:17:38 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/04/07 15:21:14 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\blake owen\Desktop\Microsoft Office Word 2007.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/30 11:16:49 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\blake owen\Desktop\tdsskiller.zip
[2011/04/29 18:30:25 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/29 17:31:54 | 000,000,298 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/04/29 17:31:38 | 000,000,298 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/29 17:31:22 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/29 17:31:18 | 000,135,168 | RHS- | C] () -- C:\WINDOWS\System32\dosxp.dll
[2011/04/29 17:31:18 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\Ztfe.job
[2011/04/29 15:49:53 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2011/04/29 15:49:36 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\blake owen\Desktop\Media Player Classic.lnk
[2011/03/14 00:08:16 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2011/01/06 20:31:25 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/01/06 20:31:25 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/09/14 01:46:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2010/07/19 00:54:08 | 000,157,452 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2010/07/19 00:54:07 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2010/03/05 01:21:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/17 01:43:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/29 16:50:12 | 000,000,180 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2010/01/24 17:40:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/11/15 18:07:52 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX400DEFGIPS.ini
[2009/08/12 14:22:56 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/08/12 14:22:56 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/08/12 14:21:55 | 001,040,416 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/12 14:21:55 | 000,390,688 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/12 12:42:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\regclear.INI
[2009/08/12 12:40:15 | 000,000,048 | ---- | C] () -- C:\WINDOWS\BTW.INI
[2009/02/20 18:54:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/02/04 18:27:44 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\blake owen\Application Data\wklnhst.dat
[2008/09/10 17:26:52 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\blake owen\Local Settings\Application Data\fusioncache.dat
[2008/09/10 16:24:37 | 000,000,392 | ---- | C] () -- C:\WINDOWS\WebEye.ini
[2008/09/10 16:21:04 | 000,032,345 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2008/02/25 18:03:04 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2007/11/12 20:19:00 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\blake owen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/19 12:58:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/08/19 12:58:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/06/26 16:52:48 | 000,022,457 | ---- | C] () -- C:\WINDOWS\System32\drivers\klop.dat
[2007/01/31 14:48:36 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP7311.ini
[2007/01/19 18:03:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2007/01/15 17:14:33 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/01/15 17:14:33 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/01/15 17:14:33 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/01/15 17:14:33 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/01/15 17:14:33 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/01/15 17:14:33 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/01/15 17:14:33 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/01/15 17:14:33 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/01/15 17:14:33 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/01/15 17:14:33 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/01/15 17:14:33 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/01/15 17:14:33 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/01/15 17:14:33 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/01/15 17:14:33 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/01/15 17:14:33 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/01/15 17:14:33 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/01/15 17:14:33 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/01/15 17:14:33 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/01/15 17:14:33 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/01/15 17:08:47 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4000DEFGIPS.ini
[2006/05/24 06:47:37 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/05/23 12:34:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/23 12:27:49 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/05/23 12:27:49 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/05/23 11:56:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/23 11:42:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/05/23 11:41:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/23 11:41:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/23 11:41:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/23 11:41:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/23 11:41:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/23 11:41:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/23 09:38:39 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006/05/23 09:35:33 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2006/05/23 09:32:19 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/05/23 09:32:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/05/23 09:32:19 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/05/23 09:32:19 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/05/23 09:32:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/23 09:31:25 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/23 09:27:51 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2006/05/23 09:19:19 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2006/05/23 09:19:19 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2006/05/23 09:19:19 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2006/05/23 09:19:17 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/23 09:19:17 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/05/23 08:42:41 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/23 08:41:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/23 08:37:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/23 07:26:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2006/05/23 07:26:34 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/05/23 07:26:34 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/23 07:26:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/05/23 07:26:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/05/23 07:26:07 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/05/23 07:26:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/05/23 07:26:07 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/05/23 07:26:07 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/05/23 07:26:07 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/05/23 07:26:06 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/05/23 07:26:05 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/05/23 07:26:05 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/05/23 07:26:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/05/23 07:25:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/01/05 18:49:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2006/01/05 17:36:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2006/01/04 10:59:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/12/09 14:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/23 13:55:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2002/05/28 02:52:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\japi.dll
[2001/06/24 10:32:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll
[1999/03/23 14:46:24 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1999/03/22 02:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/02/28 20:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/01/08 03:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2009/02/08 20:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/07/01 09:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/03/10 14:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/07/01 09:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/12/25 14:53:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
[2009/12/25 14:52:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C472ACE4-B620-4236-9212-2822A5A9355F}
[2011/04/23 14:02:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2009/02/08 20:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\DriverCure
[2006/12/26 08:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\InterVideo
[2008/06/01 10:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\Leadertech
[2007/04/06 07:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\MSNInstaller
[2009/12/22 02:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\Teleca
[2008/11/16 19:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\temp
[2009/04/01 18:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\Template
[2006/06/13 18:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\toshiba
[2010/03/10 14:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\Trusteer
[2011/04/30 08:17:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Codec Update Service.job
[2011/04/30 11:36:08 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\Tasks\Ztfe.job
[2011/04/30 11:39:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/30 12:03:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/30 11:36:10 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



< End of report >

OTL extras logfile:

OTL Extras logfile created on: 30/04/2011 12:12:38 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\blake owen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 336.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 900 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 24.68 Gb Free Space | 44.17% Space Free | Partition Type: NTFS

Computer Name: JAMIE | User Name: blake owen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus -- (Kaspersky Lab)
"C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe" = C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Disabled:Football Manager 2009
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)
"C:\Documents and Settings\blake owen\Local Settings\Temp\Update_16a2.exe" = C:\Documents and Settings\blake owen\Local Settings\Temp\Update_16a2.exe:*:Enabled:InstallCore™


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI/PCIe card Driver
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 24
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Manuals
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}" = Kaspersky Anti-Virus 7.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{4FADE58A-52F8-4FB5-A864-508385F5454C}" = PC VGA Camera
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58899526-5DD9-4AC2-9BC8-0BEB0DA9D461}" = ConnectGoUpdate31g
"{59FDFDFB-52FE-45B1-8A2A-A00079B07FF0}" = TOSHIBA Power Saver Driver
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls Driver
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCE19796-1ADF-42DF-81D8-3563867FC2C2}" = TOSHIBA Zooming Hook
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner (remove only)
"Creative Centrale" = Creative Centrale
"DivX Setup.divx.com" = DivX Setup
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallWIX_{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}" = Kaspersky Anti-Virus 7.0
"InterActual Player" = InterActual Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"Rapport_msi" = Rapport
"Shop for HP Supplies" = Shop for HP Supplies
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.4 [32-Bit]
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZENMozaicEZUG" = Creative ZEN Mozaic EZ Series Documentation

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/10/2010 17:37:21 | Computer Name = JAMIE | Source = Application Hang | ID = 1001
Description = Fault bucket 337816799.

Error - 24/10/2010 18:31:10 | Computer Name = JAMIE | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8089.726, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 24/10/2010 18:31:10 | Computer Name = JAMIE | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8089.726, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 24/10/2010 18:31:30 | Computer Name = JAMIE | Source = Application Hang | ID = 1001
Description = Fault bucket 1420879796.

Error - 24/10/2010 18:31:31 | Computer Name = JAMIE | Source = Application Hang | ID = 1001
Description = Fault bucket 1420879796.

Error - 25/10/2010 21:17:32 | Computer Name = JAMIE | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/10/2010 21:17:49 | Computer Name = JAMIE | Source = Application Hang | ID = 1001
Description = Fault bucket 337816799.

Error - 26/10/2010 12:41:11 | Computer Name = JAMIE | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 100.0.170.0, faulting module
ole32.dll, version 5.1.2600.6010, fault address 0x0001d7ce.

Error - 30/11/2010 10:12:55 | Computer Name = JAMIE | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 10/12/2010 21:34:51 | Computer Name = JAMIE | Source = ESENT | ID = 490
Description = wlcomm (616) An attempt to open the file "C:\Documents and Settings\blake
owen\Local Settings\Application Data\Microsoft\Windows Live Contacts\{eb420908-0b59-4c74-939b-e695becbc2a6}\DBStore\contacts.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 30/04/2011 06:19:37 | Computer Name = JAMIE | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 30/04/2011 06:19:37 | Computer Name = JAMIE | Source = Service Control Manager | ID = 7034
Description = The ConfigFree Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 30/04/2011 06:19:37 | Computer Name = JAMIE | Source = Service Control Manager | ID = 7034
Description = The CT Device Query service service terminated unexpectedly. It has
done this 1 time(s).

Error - 30/04/2011 06:19:37 | Computer Name = JAMIE | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 30/04/2011 06:19:37 | Computer Name = JAMIE | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 30/04/2011 06:19:39 | Computer Name = JAMIE | Source = Service Control Manager | ID = 7034
Description = The TOSHIBA Optical Disc Drive Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 30/04/2011 06:19:39 | Computer Name = JAMIE | Source = Service Control Manager | ID = 7034
Description = The Symantec Core LC service terminated unexpectedly. It has done
this 1 time(s).

Error - 30/04/2011 06:19:41 | Computer Name = JAMIE | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 30/04/2011 06:36:54 | Computer Name = JAMIE | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%2

Error - 30/04/2011 06:37:34 | Computer Name = JAMIE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >


Thank you to whoever reads and helps with this post, I'm sorry I couldn't be any clearer on the issue. Thank you for your time.
  • 0

Advertisement


#2
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,820 posts
Hi lets see if we can get you sorted. On completion of this run can you let me know what problems you still have

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
    O4 - HKCU..\Run: [ares] File not found
    O4 - HKCU..\Run: [GHWAUC6NNZ] File not found
    O4 - HKCU..\Run: [msnmsgr] File not found
    [2011/04/29 17:31:29 | 000,136,704 | ---- | C] (videosoft) -- C:\WINDOWS\Mnyjaa.exe
    [2011/04/29 15:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Essentials Codec Pack
    [2011/04/29 15:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\blake owen\Start Menu\Programs\Essentials Codec Pack
    [2011/04/30 12:03:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
    [2011/04/30 11:39:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2011/04/30 11:36:10 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
    [2011/04/30 11:36:08 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\Ztfe.job
    [2011/04/30 08:17:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
    [2011/04/29 17:31:18 | 000,136,704 | ---- | M] (videosoft) -- C:\WINDOWS\Mnyjaa.exe
    [2011/04/29 17:31:18 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\dosxp.dll
    [2011/04/29 15:49:36 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\blake owen\Desktop\Media Player Classic.lnk
    [2011/04/23 14:02:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

FINALLY

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
hilljamie94

hilljamie94

    Member

  • Member
  • PipPip
  • 10 posts
Hello,

Thank you for replying so soon. Here is the log that appeared automatically after my laptop rebooted:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ares deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GHWAUC6NNZ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
C:\WINDOWS\Mnyjaa.exe moved successfully.
C:\Program Files\Essentials Codec Pack\MPC folder moved successfully.
C:\Program Files\Essentials Codec Pack\Haali folder moved successfully.
C:\Program Files\Essentials Codec Pack\FFDShow\languages folder moved successfully.
C:\Program Files\Essentials Codec Pack\FFDShow\custom matrices folder moved successfully.
C:\Program Files\Essentials Codec Pack\FFDShow folder moved successfully.
C:\Program Files\Essentials Codec Pack folder moved successfully.
C:\Documents and Settings\blake owen\Start Menu\Programs\Essentials Codec Pack folder moved successfully.
C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job moved successfully.
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully.
C:\WINDOWS\tasks\Ztfe.job moved successfully.
C:\WINDOWS\tasks\Windows Codec Update Service.job moved successfully.
File C:\WINDOWS\Mnyjaa.exe not found.
C:\WINDOWS\system32\dosxp.dll moved successfully.
C:\Documents and Settings\blake owen\Desktop\Media Player Classic.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\~0 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\blake owen\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\blake owen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: blake owen
->Temp folder emptied: 3340 bytes
->Temporary Internet Files folder emptied: 22922701 bytes
->Java cache emptied: 14620 bytes
->FireFox cache emptied: 289347572 bytes
->Flash cache emptied: 2406 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: Intel

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 13196279 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: TEMP
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 41 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1871641 bytes
%systemroot%\System32 .tmp files removed: 3709969 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 283493261 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 104174560 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 686.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: blake owen
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Intel

User: LocalService

User: NetworkService

User: TEMP
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 04302011_155009

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





Here is the log after I ran a quick scan on OTL:

OTL logfile created on: 30/04/2011 16:02:39 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\blake owen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 387.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 900 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 25.11 Gb Free Space | 44.92% Space Free | Partition Type: NTFS

Computer Name: JAMIE | User Name: blake owen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 12:10:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTL.exe
PRC - [2011/04/29 18:35:59 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/08 10:17:30 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/12/09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/02/23 19:22:09 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/26 16:53:12 | 000,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
PRC - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2006/04/12 16:31:20 | 000,638,976 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2005/12/21 13:52:56 | 001,077,330 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/12/20 12:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2005/12/05 13:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/28 12:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 12:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/04/11 11:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 12:10:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/06/26 16:53:26 | 000,091,400 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/02/23 19:22:09 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/06/26 16:53:12 | 000,218,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP)
SRV - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2005/12/20 12:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - [2011/04/13 21:40:18 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys -- (RapportCerberus_25973)
DRV - [2011/04/08 10:17:38 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/04/08 10:17:36 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/05/12 13:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlashUSB.sys -- (FlashUSB)
DRV - [2009/08/12 14:45:04 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/12 14:45:03 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2007/09/02 09:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/04/04 14:58:26 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 13:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/03/14 10:57:56 | 000,449,024 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2006/09/05 20:09:26 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex)
DRV - [2006/09/05 19:07:00 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
DRV - [2006/05/23 11:59:09 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/04/25 09:01:48 | 000,043,776 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/04/25 01:00:46 | 000,083,584 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/04/25 01:00:46 | 000,083,584 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2006/04/18 15:12:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/04/18 00:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/23 17:59:36 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/03/23 17:59:32 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/03/23 17:59:28 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/03/18 15:36:42 | 001,155,584 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 18:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/01/05 16:31:20 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/12/05 09:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/28 13:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/11/16 00:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 18:36:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 18:36:17 | 000,000,000 | ---D | M]

[2010/02/17 01:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\blake owen\Application Data\Mozilla\Extensions
[2011/04/29 16:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\blake owen\Application Data\Mozilla\Firefox\Profiles\v9zc86vd.default\extensions
[2010/02/17 02:44:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\blake owen\Application Data\Mozilla\Firefox\Profiles\v9zc86vd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/17 19:09:30 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\blake owen\Application Data\Mozilla\Firefox\Profiles\v9zc86vd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/29 16:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 16:30:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/29 21:38:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/25 11:39:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/01 16:43:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/14 17:15:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/01/10 16:29:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/23 14:52:30 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 14:52:30 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 14:52:30 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 14:52:31 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/30 15:50:41 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\blake owen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\blake owen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/23 08:39:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 16:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/30 16:05:08 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\blake owen\Desktop\mbam-setup.exe
[2011/04/30 15:50:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/30 12:10:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTL.exe
[2011/04/30 11:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\blake owen\Desktop\tdsskiller
[2011/04/30 11:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\blake owen\Desktop\GooredFix Backups
[2011/04/30 11:19:34 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/04/30 11:16:10 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\blake owen\Desktop\GooredFix.exe
[2011/04/30 11:15:43 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTM.exe
[2011/04/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\blake owen\Local Settings\Application Data\Trusteer
[2011/04/18 09:19:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\blake owen\Recent
[2011/04/08 10:17:38 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

========== Files - Modified Within 30 Days ==========

[2011/04/30 16:07:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 16:06:41 | 000,222,240 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/04/30 16:06:17 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/04/30 16:05:25 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\blake owen\Desktop\mbam-setup.exe
[2011/04/30 15:54:36 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/30 15:54:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 15:54:13 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/30 15:53:04 | 001,040,416 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2011/04/30 15:53:04 | 000,093,380 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2011/04/30 15:50:41 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/30 15:44:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 12:10:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTL.exe
[2011/04/30 11:16:52 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\blake owen\Desktop\tdsskiller.zip
[2011/04/30 11:16:10 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\blake owen\Desktop\GooredFix.exe
[2011/04/30 11:15:44 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTM.exe
[2011/04/29 16:53:29 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\blake owen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/26 10:31:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/15 10:44:05 | 000,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 03:17:21 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 03:17:21 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/08 10:17:38 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/04/07 15:21:14 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\blake owen\Desktop\Microsoft Office Word 2007.lnk

========== Files Created - No Company Name ==========

[2011/04/30 11:16:49 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\blake owen\Desktop\tdsskiller.zip
[2011/04/29 18:30:25 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/14 00:08:16 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2011/01/06 20:31:25 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/01/06 20:31:25 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/09/14 01:46:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2010/07/19 00:54:08 | 000,157,452 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2010/07/19 00:54:07 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2010/03/05 01:21:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/17 01:43:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/29 16:50:12 | 000,000,180 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2010/01/24 17:40:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/11/15 18:07:52 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX400DEFGIPS.ini
[2009/08/12 14:22:56 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/08/12 14:22:56 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/08/12 14:21:55 | 001,040,416 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/12 14:21:55 | 000,396,064 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/12 12:42:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\regclear.INI
[2009/08/12 12:40:15 | 000,000,048 | ---- | C] () -- C:\WINDOWS\BTW.INI
[2009/02/20 18:54:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/02/04 18:27:44 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\blake owen\Application Data\wklnhst.dat
[2008/09/10 17:26:52 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\blake owen\Local Settings\Application Data\fusioncache.dat
[2008/09/10 16:24:37 | 000,000,392 | ---- | C] () -- C:\WINDOWS\WebEye.ini
[2008/09/10 16:21:04 | 000,032,345 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2008/02/25 18:03:04 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2007/11/12 20:19:00 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\blake owen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/19 12:58:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/08/19 12:58:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/06/26 16:52:48 | 000,022,457 | ---- | C] () -- C:\WINDOWS\System32\drivers\klop.dat
[2007/01/31 14:48:36 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP7311.ini
[2007/01/19 18:03:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2007/01/15 17:14:33 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/01/15 17:14:33 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/01/15 17:14:33 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/01/15 17:14:33 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/01/15 17:14:33 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/01/15 17:14:33 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/01/15 17:14:33 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/01/15 17:14:33 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/01/15 17:14:33 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/01/15 17:14:33 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/01/15 17:14:33 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/01/15 17:14:33 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/01/15 17:14:33 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/01/15 17:14:33 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/01/15 17:14:33 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/01/15 17:14:33 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/01/15 17:14:33 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/01/15 17:14:33 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/01/15 17:14:33 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/01/15 17:08:47 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4000DEFGIPS.ini
[2006/05/24 06:47:37 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/05/23 12:34:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/23 12:27:49 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/05/23 12:27:49 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/05/23 11:56:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/23 11:42:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/05/23 11:41:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/23 11:41:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/23 11:41:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/23 11:41:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/23 11:41:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/23 11:41:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/23 09:38:39 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006/05/23 09:35:33 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2006/05/23 09:32:19 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/05/23 09:32:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/05/23 09:32:19 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/05/23 09:32:19 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/05/23 09:32:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/23 09:31:25 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/23 09:27:51 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2006/05/23 09:19:19 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2006/05/23 09:19:19 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2006/05/23 09:19:19 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2006/05/23 09:19:17 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/23 09:19:17 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/05/23 08:42:41 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/23 08:41:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/23 08:37:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/23 07:26:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2006/05/23 07:26:34 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/05/23 07:26:34 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/23 07:26:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/05/23 07:26:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/05/23 07:26:07 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/05/23 07:26:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/05/23 07:26:07 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/05/23 07:26:07 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/05/23 07:26:07 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/05/23 07:26:06 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/05/23 07:26:05 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/05/23 07:26:05 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/05/23 07:26:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/05/23 07:25:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/01/05 18:49:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2006/01/05 17:36:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2006/01/04 10:59:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/12/09 14:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/23 13:55:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2002/05/28 02:52:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\japi.dll
[2001/06/24 10:32:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll
[1999/03/23 14:46:24 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1999/03/22 02:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/02/28 20:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/01/08 03:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2009/02/08 20:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/07/01 09:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/03/10 14:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/07/01 09:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/12/25 14:53:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
[2009/12/25 14:52:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C472ACE4-B620-4236-9212-2822A5A9355F}
[2009/02/08 20:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\DriverCure
[2006/12/26 08:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\InterVideo
[2008/06/01 10:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\Leadertech
[2007/04/06 07:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\MSNInstaller
[2009/12/22 02:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\Teleca
[2008/11/16 19:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\temp
[2009/04/01 18:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\Template
[2006/06/13 18:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\toshiba
[2010/03/10 14:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\Trusteer

========== Purity Check ==========



< End of report >




Here is the Mbam log after the scan:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6478

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30/04/2011 16:19:54
mbam-log-2011-04-30 (16-19-54).txt

Scan type: Quick scan
Objects scanned: 161093
Time elapsed: 8 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GHWAUC6NNZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Value: {C5428486-50A0-4A02-9D20-520B59A9F9B2} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Value: {C5428486-50A0-4A02-9D20-520B59A9F9B3} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Value: {C5428486-50A0-4a02-9D20-520B59A9F9B3} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Value: {C5428486-50A0-4a02-9D20-520B59A9F9B2} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\blake owen\my documents\downloads\aressetup(2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\blake owen\my documents\downloads\aressetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.




Here is the aswMBR log:

aswMBR version 0.9.5 Copyright© 2011 AVAST Software
Run date: 2011-04-30 16:29:59
-----------------------------
16:29:59.734 OS Version: Windows 5.1.2600 Service Pack 3
16:29:59.734 Number of processors: 2 586 0xE08
16:29:59.734 ComputerName: JAMIE UserName:
16:30:25.421 Initialize success
16:30:28.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:30:28.890 Disk 0 Vendor: HTS541060G9SA00 MB3OC60R Size: 57231MB BusType: 3
16:30:31.109 Disk 0 MBR read successfully
16:30:31.109 Disk 0 MBR scan
16:30:33.125 Disk 0 scanning sectors +117210240
16:30:33.312 Disk 0 scanning C:\WINDOWS\system32\drivers
16:30:44.468 Service scanning
16:30:48.546 Disk 0 trace - called modules:
16:30:48.578 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:30:48.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873531f0]
16:30:48.593 3 CLASSPNP.SYS[f777cfd7] -> nt!IofCallDriver -> \Device\00000080[0x87352510]
16:30:48.593 5 ACPI.sys[f76c3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87326940]
16:30:48.593 Scan finished successfully
16:31:04.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\blake owen\Desktop\MBR.dat"
16:31:04.203 The log file has been saved successfully to "C:\Documents and Settings\blake owen\Desktop\aswMBR.txt"




Thank you for your assistance so far. After my laptop rebooted after the Malwarebytes' Anti Malware scan, my Kaspersky still tried to block the internet from running, so I think something may still be wrong.

I hope you can figure out everything! Thank you again.

Edited by hilljamie94, 30 April 2011 - 09:41 AM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,820 posts
You missed the ASWmbr log - could you post that please - it should be on the desktop
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,820 posts
OOps I see you added it

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#6
hilljamie94

hilljamie94

    Member

  • Member
  • PipPip
  • 10 posts
Thank you, I'm going out for a while so I'll probably not be able to post till tomorrow. If I can then I'll complete your recommended actions later on tonight.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,820 posts
Time is not a problem :)
  • 0

#8
hilljamie94

hilljamie94

    Member

  • Member
  • PipPip
  • 10 posts
I tried using Combofix three times, the first two times it wouldnt save automatically to my desktop (and my computer gave me no option to change it) so I had to move it there manually after it saved to my download file. And both times my whole computer just seemed to crash whilst the scan was running (I left the first scan to complete overnight). So they didn't work out. When I finally learnt how to change where it saves to, I saved it straight to my desktop and tried to scan for the third time but it was still taking forever and hadn't even begun stage 1 (I read the combofix manual online for help).

So shall I try running it again overnight tonight? I'm really worried now that my laptop is that rubbish it wont even allow this scan to happen properly haha. I'm sorry that both me and my laptop are being awkward, I hope this whole thing gets resolved soon!
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,820 posts
OK lets run an AV from safe mode and see if we can get that to run

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that
  • 0

#10
hilljamie94

hilljamie94

    Member

  • Member
  • PipPip
  • 10 posts
I did what you said and ran the Dr web on safe mode. It found nothing, but said something about the 'host' being changed? and it asked me if I wanted to restore it back to its original state (it advised to do so) so I selected yes. However, there was no log generated after the scan. I must note that for the past 24 hours my google has stop being redirected elsewhere, but whenever my Kaspersky is activated it tries to block my internet browser from starting up.

I'll happily try the dr web scan again tomorrow, and for tonight I'll try the combofix scan again and leave it on overnight.
  • 0
<

Advertisement


#11
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,820 posts
Yes retry Combofix, if it fails could you run a fresh OTL please but this time use this script

  • Run OTL
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post the resultant log

  • 0

#12
hilljamie94

hilljamie94

    Member

  • Member
  • PipPip
  • 10 posts
I ran Dr web again and Combofix but Dr web failed to give me a log again and Combofix just crashed my laptop once more. I've ran the OTL with that script and here's the log:

OTL logfile created on: 02/05/2011 20:38:54 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\blake owen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 129.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 900 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 24.55 Gb Free Space | 43.92% Space Free | Partition Type: NTFS

Computer Name: JAMIE | User Name: blake owen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 12:10:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTL.exe
PRC - [2011/04/29 18:35:59 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/08 10:17:30 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/12/09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/02/23 19:22:09 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/26 16:53:12 | 000,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
PRC - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2006/04/12 16:31:20 | 000,638,976 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2005/12/21 13:52:56 | 001,077,330 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/12/20 12:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2005/12/05 13:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/28 12:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 12:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/04/11 11:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 12:10:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/06/26 16:53:26 | 000,091,400 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/02/23 19:22:09 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/06/26 16:53:12 | 000,218,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP)
SRV - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2005/12/20 12:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - [2011/05/02 13:38:25 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys -- (RapportCerberus_26169)
DRV - [2011/04/08 10:17:38 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/04/08 10:17:36 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/05/12 13:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlashUSB.sys -- (FlashUSB)
DRV - [2009/08/12 14:45:04 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/12 14:45:03 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2007/09/02 09:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/04/04 14:58:26 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 13:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/03/14 10:57:56 | 000,449,024 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2006/09/05 20:09:26 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex)
DRV - [2006/09/05 19:07:00 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
DRV - [2006/05/23 11:59:09 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/04/25 09:01:48 | 000,043,776 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/04/25 01:00:46 | 000,083,584 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/04/25 01:00:46 | 000,083,584 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2006/04/18 15:12:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/04/18 00:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/23 17:59:36 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/03/23 17:59:32 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/03/23 17:59:28 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/03/18 15:36:42 | 001,155,584 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 18:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/01/05 16:31:20 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/12/05 09:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/28 13:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/11/16 00:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1846288401-4276234734-4138864716-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-1846288401-4276234734-4138864716-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-1846288401-4276234734-4138864716-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1846288401-4276234734-4138864716-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1846288401-4276234734-4138864716-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 18:36:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 18:36:17 | 000,000,000 | ---D | M]

[2010/02/17 01:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\blake owen\Application Data\Mozilla\Extensions
[2011/05/02 16:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\blake owen\Application Data\Mozilla\Firefox\Profiles\v9zc86vd.default\extensions
[2010/02/17 02:44:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\blake owen\Application Data\Mozilla\Firefox\Profiles\v9zc86vd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/17 19:09:30 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\blake owen\Application Data\Mozilla\Firefox\Profiles\v9zc86vd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/01 16:15:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 16:30:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/29 21:38:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/25 11:39:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/01 16:43:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/14 17:15:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/01/10 16:29:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/23 14:52:30 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 14:52:30 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 14:52:30 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 14:52:31 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/02 03:11:06 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1846288401-4276234734-4138864716-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1846288401-4276234734-4138864716-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1846288401-4276234734-4138864716-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\blake owen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\blake owen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/23 08:39:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/02 03:36:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/05/02 02:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\blake owen\DoctorWeb
[2011/05/01 02:33:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/01 02:31:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/01 02:31:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/01 02:31:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/01 02:31:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/01 02:30:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/01 02:29:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/30 16:29:33 | 000,574,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\blake owen\Desktop\aswMBR.exe
[2011/04/30 16:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\blake owen\Application Data\Malwarebytes
[2011/04/30 16:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/30 16:07:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/30 16:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/30 16:06:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/30 16:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/30 16:05:08 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\blake owen\Desktop\mbam-setup.exe
[2011/04/30 15:50:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/30 12:10:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTL.exe
[2011/04/30 11:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\blake owen\Desktop\tdsskiller
[2011/04/30 11:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\blake owen\Desktop\GooredFix Backups
[2011/04/30 11:19:34 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/04/30 11:16:10 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\blake owen\Desktop\GooredFix.exe
[2011/04/30 11:15:43 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTM.exe
[2011/04/21 18:06:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\blake owen\Local Settings\Application Data\Trusteer
[2011/04/18 09:19:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\blake owen\Recent
[2011/04/08 10:17:38 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

========== Files - Modified Within 30 Days ==========

[2011/05/02 20:44:02 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/02 20:42:30 | 000,043,040 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/05/02 20:41:45 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/05/02 19:44:02 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/02 16:04:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/02 16:04:07 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/02 03:35:32 | 004,334,470 | R--- | M] () -- C:\Documents and Settings\blake owen\Desktop\ComboFix.exe
[2011/05/02 03:11:06 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/02 01:57:23 | 001,040,416 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2011/05/02 01:57:23 | 000,094,268 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2011/05/02 01:55:58 | 061,066,584 | ---- | M] () -- C:\Documents and Settings\blake owen\Desktop\da6xkgrq.exe
[2011/05/01 02:34:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/30 16:31:04 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\blake owen\Desktop\MBR.dat
[2011/04/30 16:29:35 | 000,574,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\blake owen\Desktop\aswMBR.exe
[2011/04/30 16:07:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 16:05:25 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\blake owen\Desktop\mbam-setup.exe
[2011/04/30 12:10:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTL.exe
[2011/04/30 11:16:52 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\blake owen\Desktop\tdsskiller.zip
[2011/04/30 11:16:10 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\blake owen\Desktop\GooredFix.exe
[2011/04/30 11:15:44 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\blake owen\Desktop\OTM.exe
[2011/04/29 16:53:29 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\blake owen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/26 10:31:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/15 10:44:05 | 000,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 03:17:21 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 03:17:21 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/08 10:17:38 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/04/07 15:21:14 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\blake owen\Desktop\Microsoft Office Word 2007.lnk

========== Files Created - No Company Name ==========

[2011/05/02 16:04:07 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/02 01:49:56 | 061,066,584 | ---- | C] () -- C:\Documents and Settings\blake owen\Desktop\da6xkgrq.exe
[2011/05/01 12:48:49 | 004,334,470 | R--- | C] () -- C:\Documents and Settings\blake owen\Desktop\ComboFix.exe
[2011/05/01 02:34:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/01 02:34:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/01 02:31:43 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/01 02:31:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/01 02:31:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/01 02:31:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/01 02:31:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/30 16:31:04 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\blake owen\Desktop\MBR.dat
[2011/04/30 16:07:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 11:16:49 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\blake owen\Desktop\tdsskiller.zip
[2011/03/14 00:08:16 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2011/01/06 20:31:25 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/01/06 20:31:25 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/09/14 01:46:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2010/07/19 00:54:08 | 000,157,452 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2010/07/19 00:54:07 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2010/03/05 01:21:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/17 01:43:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/29 16:50:12 | 000,000,180 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2010/01/24 17:40:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/11/15 18:07:52 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX400DEFGIPS.ini
[2009/08/12 14:22:56 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/08/12 14:22:56 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/08/12 14:21:55 | 001,040,416 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/12 14:21:55 | 000,037,664 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/12 12:42:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\regclear.INI
[2009/08/12 12:40:15 | 000,000,048 | ---- | C] () -- C:\WINDOWS\BTW.INI
[2009/02/20 18:54:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/02/04 18:27:44 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\blake owen\Application Data\wklnhst.dat
[2008/09/10 17:26:52 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\blake owen\Local Settings\Application Data\fusioncache.dat
[2008/09/10 16:24:37 | 000,000,392 | ---- | C] () -- C:\WINDOWS\WebEye.ini
[2008/09/10 16:21:04 | 000,032,345 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2008/02/25 18:03:04 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2007/11/12 20:19:00 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\blake owen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/19 12:58:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/08/19 12:58:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/06/26 16:52:48 | 000,022,457 | ---- | C] () -- C:\WINDOWS\System32\drivers\klop.dat
[2007/01/31 14:48:36 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP7311.ini
[2007/01/19 18:03:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2007/01/15 17:14:33 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/01/15 17:14:33 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/01/15 17:14:33 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/01/15 17:14:33 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/01/15 17:14:33 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/01/15 17:14:33 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/01/15 17:14:33 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/01/15 17:14:33 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/01/15 17:14:33 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/01/15 17:14:33 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/01/15 17:14:33 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/01/15 17:14:33 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/01/15 17:14:33 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/01/15 17:14:33 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/01/15 17:14:33 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/01/15 17:14:33 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/01/15 17:14:33 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/01/15 17:14:33 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/01/15 17:14:33 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/01/15 17:08:47 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4000DEFGIPS.ini
[2006/05/24 06:47:37 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/05/23 12:34:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/23 12:27:49 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/05/23 12:27:49 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/05/23 11:56:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/23 11:42:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/05/23 11:41:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/23 11:41:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/23 11:41:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/23 11:41:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/23 11:41:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/23 11:41:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/23 09:38:39 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006/05/23 09:35:33 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2006/05/23 09:32:19 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/05/23 09:32:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/05/23 09:32:19 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/05/23 09:32:19 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/05/23 09:32:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/23 09:31:25 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/23 09:27:51 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2006/05/23 09:19:19 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2006/05/23 09:19:19 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2006/05/23 09:19:19 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2006/05/23 09:19:17 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/23 09:19:17 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/05/23 08:42:41 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/23 08:41:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/23 08:37:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/23 07:26:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2006/05/23 07:26:34 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/05/23 07:26:34 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/23 07:26:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/05/23 07:26:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/05/23 07:26:07 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/05/23 07:26:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/05/23 07:26:07 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/05/23 07:26:07 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/05/23 07:26:07 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/05/23 07:26:06 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/05/23 07:26:05 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/05/23 07:26:05 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/05/23 07:26:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/05/23 07:25:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/01/05 18:49:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2006/01/05 17:36:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2006/01/04 10:59:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/12/09 14:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/23 13:55:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2002/05/28 02:52:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\japi.dll
[2001/06/24 10:32:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll
[1999/03/23 14:46:24 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1999/03/22 02:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2006/06/13 18:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2009/02/28 20:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/01/08 03:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2009/02/08 20:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/07/01 09:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/03/10 14:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/07/01 09:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/12/25 14:53:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
[2009/12/25 14:52:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C472ACE4-B620-4236-9212-2822A5A9355F}
[2009/02/08 20:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\DriverCure
[2006/12/26 08:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\InterVideo
[2008/06/01 10:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\Leadertech
[2007/04/06 07:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\MSNInstaller
[2009/12/22 02:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\Teleca
[2008/11/16 19:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\temp
[2009/04/01 18:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\Template
[2006/06/13 18:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\toshiba
[2010/03/10 14:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blake owen\Application Data\Trusteer
[2006/06/13 18:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2010/03/20 13:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2010/05/09 14:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Trusteer
[2010/03/10 15:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2006/06/13 18:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Application Data\toshiba

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2008/09/10 17:14:38 | 002,400,784 | ---- | M] (Microsoft Corporation) -- C:\WLinstaller.exe


< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/29 18:36:06 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/29 18:36:06 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/29 18:36:06 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/29 18:35:59 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/29 18:35:59 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/29 18:35:59 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >


Thanks :)
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,820 posts
It looks like you have one of the few systems that combofix will not run on no matter what

What are your current problems ?

Could you run a Kaspersky investigation for me please - should take no more than 10 minutes - details of how to get it are on this page http://support.kaspe...r?qid=208282257

If you could attach the AVZ zip file on completion
  • 0

#14
hilljamie94

hilljamie94

    Member

  • Member
  • PipPip
  • 10 posts
My only problem remaining was the fact that my Kaspersky was trying to block my internet browser from running (it kept calling it an invader). However, when I went to run a Kaspersky investigation I noticed that my version of Kaspersky was 7.0 and not the 2011 version required to run the investigation. So I've uninstalled my 7.0 version (the license had run out last year) and installed the 2011 trial version. This version hasn't tried to stop my internet from running so maybe the remaining problem was just with the 7.0 version I had? I'm guessing that the malware I had corrupted it or something?

Anyway, I've ran the investigation, and attached the file you requested.

Attached Files


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,820 posts
I love those logs they are so easy to read... Well it is showing no apparent malware at all

Could you run your system for a few hours to ensure there are no problems .. If all is well I will remove my tools and tidy you up
  • 0

Advertisement




Similar Topics: Malware (from fake adobe flashplayer update download) removal help nee     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured