Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Major Errors: CPU always maxed out, laptop stays locked up besides saf


  • This topic is locked This topic is locked

#1
blakeisamped

blakeisamped

    Member

  • Member
  • PipPip
  • 17 posts
Hey,

I was recommended to this forum by a friend because I'm having major problems with my laptop. I share this laptop with my wife so I cannot pinpoint exactly where the problem began but I just noticed it a few days ago. I've tried several antivirus programs, the guide this site recommend and nothing seems to change. The problems are:

-locks up when the desktop loads and though after a long time I can start to do stuff but every action makes it lock up longer.
-When I can manage to get to the task manager open it always says the CPU is at 100%, but when I count everything listed and the idle time it leaves a large chunk unaccounted for.
-Norton 11 was on the laptop but crashes before it can finish a scan; even in safe mode.
-Spybot and Malware Bytes crash but both completed in safe mode. Spybot found nothing and Malware Bytes found several trojans, removed them but nothing changed.
-The screen saver can't be disabled. It will accept a change but just revert back after you close out. The screen saver is that traditional bubbles one but it now also won't run and instead brings up a black screen that mentions an issue with the video card being unable to run it and this also many times permanently locks up the computer or crashes any programs running (originally discovered the problem from it killing a malware bytes scan in safe mode)
-When the desktop comes up normally it says that "Windows Help fails to load."
-Internet won't work unless it is in safe mode with networking.
-iTunes won't recognize files.
-There is a program on there called CA Security Suite and it cannot be removed.
-All the system restore points have vanished/been deleted. I've used this in the past so I know they existed.

Just hoping someone can give some insight on how to fix this. I can't system restore due to the restore points vanishing. I considered resetting to factory default but the was either never a backup image or it too vanished and we no longer have the discs that came with the laptop so trying to fix it myself or taking it in for repair are the only real options. Big thanks in advance to any help that can be offered.

====

OTL logfile created on: 4/30/2011 11:52:40 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kasey Lamb\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 479.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 36.04 Gb Free Space | 32.67% Space Free | Partition Type: NTFS

Computer Name: KASEYLAMB-PC | User Name: Kasey Lamb | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 23:51:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kasey Lamb\Desktop\OTL.exe
PRC - [2011/04/30 23:39:39 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 23:51:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kasey Lamb\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe -- (NAV)
SRV - [2010/04/12 19:15:00 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 17:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/30 03:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () [Auto | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/10/18 10:24:46 | 000,801,296 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2007/10/18 10:24:44 | 000,145,936 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UMxFwHlp)
SRV - [2007/09/28 20:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/24 21:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/06/25 22:17:04 | 000,537,840 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dlbkcoms.exe -- (dlbk_device)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/12 04:22:34 | 000,537,480 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dlcqcoms.exe -- (dlcq_device)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2004/03/25 10:12:48 | 000,024,657 | ---- | M] (Marimba, Inc.) [Auto | Stopped] -- c:\Program Files\Marimba\Castanet Tuner\Tuner.exe -- (MarimbaClient)


========== Driver Services (SafeList) ==========

DRV - [2011/04/16 11:49:26 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/15 01:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110415.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/15 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/04/15 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/15 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110415.035\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/01 01:23:59 | 000,330,360 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/11/23 00:21:16 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/23 00:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\system32\drivers\NAV\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/23 00:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 22:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/10 21:46:29 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/20 22:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/12/23 03:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/24 19:16:18 | 000,103,952 | ---- | M] (CA) [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\kmxfw.sys -- (KmxFw)
DRV - [2008/06/24 19:16:08 | 000,138,744 | ---- | M] (CA) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2008/06/24 19:08:56 | 000,066,576 | ---- | M] (CA) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2008/06/24 19:08:46 | 000,045,584 | ---- | M] (CA) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2008/06/24 19:08:42 | 000,088,816 | ---- | M] (CA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2008/06/24 19:08:36 | 000,063,504 | ---- | M] (CA) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2008/01/21 18:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/02 15:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/08/31 20:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/23 20:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/10 23:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/10/04 22:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 22:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/08/30 12:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/07/28 20:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.highed.aleks.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "jZip Web Search"
FF - prefs.js..browser.search.order.1: "jZip Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-i3752"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-i3752"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/09 21:31:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn\ [2011/04/16 11:57:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 23:39:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 23:39:45 | 000,000,000 | ---D | M]

[2009/07/19 23:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Extensions
[2009/07/19 23:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/30 23:50:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions
[2010/04/26 22:38:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/16 17:28:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/26 22:38:08 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2008/12/11 22:44:24 | 000,000,000 | ---D | M] (ToneThis) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\[email protected]
[2010/04/30 11:17:22 | 000,000,000 | ---D | M] ("Minnesota Wild Boom") -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\[email protected]
[2008/12/11 22:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\[email protected]\chrome
[2011/02/28 11:00:57 | 000,000,000 | ---- | M] () -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\searchplugins\ask-1.xml
[2011/01/18 12:13:21 | 000,000,000 | ---- | M] () -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\searchplugins\ask.xml
[2010/07/30 14:03:39 | 000,000,000 | ---- | M] () -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\searchplugins\bing.xml
[2010/03/05 19:38:47 | 000,000,526 | ---- | M] () -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\searchplugins\yahoo.xml
[2011/04/30 23:50:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/28 10:21:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/05 17:37:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/11/09 21:31:15 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/04/16 11:57:05 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPLGN
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/12/16 13:29:40 | 000,000,839 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jZipWebSearch.xml

O1 HOSTS File: ([2011/04/18 19:07:01 | 000,432,286 | R--- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14880 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 76.85.229.110 76.85.229.111
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\Windows\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Users\Kasey Lamb\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kasey Lamb\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{02ae08f5-7700-11dd-b9cc-001eec337f22}\Shell - "" = AutoRun
O33 - MountPoints2\{02ae08f5-7700-11dd-b9cc-001eec337f22}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{456b0e0c-2e92-11de-9bcd-001eec337f22}\Shell - "" = Autorun
O33 - MountPoints2\{456b0e0c-2e92-11de-9bcd-001eec337f22}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\RECYCLER\S-2-4-20-100001542-100014547-100025202-4125.com i:\
O33 - MountPoints2\{456b0e0c-2e92-11de-9bcd-001eec337f22}\Shell\Open\command - "" = E:\RECYCLER\S-2-4-20-100001542-100014547-100025202-4125.com i:\
O33 - MountPoints2\{456b0e0f-2e92-11de-9bcd-001eec337f22}\Shell - "" = AutoRun
O33 - MountPoints2\{456b0e0f-2e92-11de-9bcd-001eec337f22}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a3addf9a-5480-11df-8cc2-001eec337f22}\Shell\Auto\command - "" = E:\dds.exe
O33 - MountPoints2\{a3addf9a-5480-11df-8cc2-001eec337f22}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\dds.exe
O33 - MountPoints2\{ac720752-af85-11dd-bb28-001eec337f22}\Shell - "" = AutoRun
O33 - MountPoints2\{ac720752-af85-11dd-bb28-001eec337f22}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\sources\sperr32.exe x64
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 23:51:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Kasey Lamb\Desktop\OTL.exe
[2011/04/30 11:24:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/21 17:33:38 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\Desktop\Torrents
[2011/04/17 09:06:36 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\AppData\Local\CrashDumps
[2011/04/16 20:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/16 20:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/16 18:12:02 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\AppData\Roaming\Malwarebytes
[2011/04/16 18:11:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/16 18:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/16 18:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/16 18:11:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/16 18:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/16 16:59:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/04/16 16:59:11 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\AppData\Roaming\Tific
[2011/04/16 16:17:17 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\Documents\Symantec
[2011/04/16 12:02:17 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\AppData\Local\Symantec
[2011/04/16 11:49:26 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/16 11:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/16 11:49:08 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\SymEFA.sys
[2011/04/16 11:49:08 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\SymDS.sys
[2011/04/16 11:49:08 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symtdiv.sys
[2011/04/16 11:49:08 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symnets.sys
[2011/04/16 11:49:08 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.sys
[2011/04/16 11:49:07 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.sys
[2011/04/16 11:49:07 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\Ironx86.sys
[2011/04/16 11:48:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2011/04/16 11:48:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1205000.07D
[2011/04/16 11:48:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2011/04/16 11:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011/04/16 11:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/04/16 11:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/16 11:29:43 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/04/16 11:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/04/16 11:24:10 | 000,397,880 | ---- | C] (Symantec Corporation) -- C:\Users\Kasey Lamb\Desktop\NAVDownloader.exe
[2011/04/16 01:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\eHg06511pGcBe06511
[2011/04/14 03:01:42 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2008/12/01 23:25:02 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBKhcp.dll
[2008/12/01 23:25:00 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbkcu.dll
[2008/12/01 23:23:55 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomm.dll
[2008/08/26 19:53:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcqinpa.dll
[2008/08/26 19:53:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLCQhcp.dll
[2008/08/26 19:53:43 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcqiesc.dll
[2008/08/26 19:53:42 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcqserv.dll
[2008/08/26 19:53:42 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcqusb1.dll
[2008/08/26 19:53:41 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcqpmui.dll
[2008/08/26 19:53:41 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcqlmpm.dll
[2008/08/26 19:53:41 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcqprox.dll
[2008/08/26 19:53:41 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcqpplc.dll
[2008/08/26 19:53:39 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcqhbn3.dll
[2008/08/26 19:53:39 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcqih.exe
[2008/08/26 19:53:37 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcqcomc.dll
[2008/08/26 19:53:37 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcqcoms.exe
[2008/08/26 19:53:37 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcqcomm.dll
[2008/08/26 19:53:36 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcqcfg.exe
[2007/06/25 22:17:06 | 000,386,288 | ---- | C] ( ) -- C:\Windows\System32\dlbkih.exe
[2007/06/25 22:17:04 | 000,537,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkcoms.exe
[2007/06/25 22:17:00 | 000,382,192 | ---- | C] ( ) -- C:\Windows\System32\dlbkcfg.exe
[2007/01/30 15:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbkpmui.dll
[2007/01/30 15:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbkserv.dll
[2007/01/30 15:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbklmpm.dll
[2007/01/30 15:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbkiesc.dll
[2007/01/30 15:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbkpplc.dll
[2007/01/30 15:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomc.dll
[2007/01/30 15:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkprox.dll
[2007/01/30 15:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbkinpa.dll
[2007/01/30 15:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbkusb1.dll
[2007/01/30 15:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbkhbn3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 23:51:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kasey Lamb\Desktop\OTL.exe
[2011/04/30 23:37:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/30 22:36:35 | 000,001,356 | ---- | M] () -- C:\Users\Kasey Lamb\AppData\Local\d3d9caps.dat
[2011/04/30 21:11:10 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/30 21:11:10 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/28 12:55:53 | 000,019,501 | ---- | M] () -- C:\Users\Kasey Lamb\Desktop\canceled check.pdf
[2011/04/25 14:13:12 | 000,078,279 | ---- | M] () -- C:\Users\Kasey Lamb\Desktop\Unit4Outline.pdf
[2011/04/20 11:34:55 | 000,000,859 | ---- | M] () -- C:\Users\Kasey Lamb\Desktop\Norton Installation Files.lnk
[2011/04/18 23:17:00 | 000,102,528 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2011/04/18 23:17:00 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2011/04/18 23:17:00 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2011/04/18 23:17:00 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2011/04/18 23:17:00 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2011/04/18 23:17:00 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2011/04/18 23:17:00 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2011/04/18 23:17:00 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2011/04/18 22:13:39 | 000,002,613 | ---- | M] () -- C:\Users\Kasey Lamb\Desktop\Microsoft Word 2010.lnk
[2011/04/18 19:07:01 | 000,432,286 | R--- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/04/17 20:30:59 | 000,432,286 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110418-190700.backup
[2011/04/17 19:04:01 | 144,412,557 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/17 18:33:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/17 18:28:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/17 18:28:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/17 18:24:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/16 23:00:14 | 000,432,286 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110417-203059.backup
[2011/04/16 20:40:56 | 000,001,090 | ---- | M] () -- C:\Users\Kasey Lamb\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/16 20:40:56 | 000,001,066 | ---- | M] () -- C:\Users\Kasey Lamb\Desktop\Spybot - Search & Destroy.lnk
[2011/04/16 20:35:41 | 000,495,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/16 18:11:54 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/16 11:55:01 | 002,327,008 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Cat.DB
[2011/04/16 11:49:26 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/16 11:49:26 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/16 11:49:26 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/16 11:49:14 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/04/16 11:20:33 | 000,397,880 | ---- | M] (Symantec Corporation) -- C:\Users\Kasey Lamb\Desktop\NAVDownloader.exe
[2011/04/09 20:11:45 | 000,000,954 | ---- | M] () -- C:\Users\Kasey Lamb\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/09 17:14:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/09 17:14:55 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/09 17:13:41 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/28 12:55:53 | 000,019,501 | ---- | C] () -- C:\Users\Kasey Lamb\Desktop\canceled check.pdf
[2011/04/25 14:13:12 | 000,078,279 | ---- | C] () -- C:\Users\Kasey Lamb\Desktop\Unit4Outline.pdf
[2011/04/24 19:32:16 | 000,163,706 | ---- | C] () -- C:\Windows\hpoins36.dat.temp
[2011/04/24 19:32:16 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2011/04/18 23:16:40 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/04/16 20:40:56 | 000,001,090 | ---- | C] () -- C:\Users\Kasey Lamb\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/16 20:40:56 | 000,001,066 | ---- | C] () -- C:\Users\Kasey Lamb\Desktop\Spybot - Search & Destroy.lnk
[2011/04/16 18:11:54 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/16 11:53:07 | 002,327,008 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Cat.DB
[2011/04/16 11:49:26 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/16 11:49:26 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/16 11:49:14 | 000,002,147 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/04/16 11:48:49 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\SymEFA.inf
[2011/04/16 11:48:49 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\SymDS.inf
[2011/04/16 11:48:49 | 000,001,474 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\SymNetV.inf
[2011/04/16 11:48:49 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\SymNet.inf
[2011/04/16 11:48:49 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.inf
[2011/04/16 11:48:49 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.inf
[2011/04/16 11:48:49 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Iron.inf
[2011/04/16 11:48:48 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symnetv.cat
[2011/04/16 11:48:48 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\iron.cat
[2011/04/16 11:48:48 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\SymNet.cat
[2011/04/16 11:48:48 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\SymEFA.cat
[2011/04/16 11:48:48 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.cat
[2011/04/16 11:48:48 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\SymDS.cat
[2011/04/16 11:48:48 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.cat
[2011/04/16 11:48:48 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\isolate.ini
[2011/04/16 11:29:43 | 000,000,859 | ---- | C] () -- C:\Users\Kasey Lamb\Desktop\Norton Installation Files.lnk
[2011/04/09 17:13:41 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/04/27 13:48:19 | 000,001,356 | ---- | C] () -- C:\Users\Kasey Lamb\AppData\Local\d3d9caps.dat
[2009/11/09 21:11:30 | 000,163,706 | ---- | C] () -- C:\Windows\hpoins36.dat
[2009/08/18 21:42:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/18 21:42:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/24 05:40:36 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2009/01/06 00:47:01 | 000,000,097 | ---- | C] () -- C:\Users\Kasey Lamb\AppData\Roaming\SSTracePrefs.xml
[2008/12/01 23:25:02 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbkutil.dll
[2008/12/01 23:25:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBKinst.dll
[2008/12/01 23:25:01 | 000,462,848 | ---- | C] () -- C:\Windows\System32\dlbkjswr.dll
[2008/12/01 23:25:00 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbkinsb.dll
[2008/12/01 23:25:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbkcur.dll
[2008/11/30 13:37:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbkvs.dll
[2008/11/30 00:17:40 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/11/29 23:59:48 | 000,000,203 | ---- | C] () -- C:\Windows\dellstat.ini
[2008/09/01 21:48:06 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcqcoin.dll
[2008/09/01 21:41:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2008/09/01 21:41:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2008/08/26 19:53:45 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLCQinst.dll
[2008/08/26 19:53:43 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcqutil.dll
[2008/08/26 19:53:40 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcqinsb.dll
[2008/08/26 19:53:40 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcqins.dll
[2008/08/26 19:53:40 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcqjswr.dll
[2008/08/26 19:53:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcqinsr.dll
[2008/08/26 19:53:39 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcqgrd.dll
[2008/08/26 19:53:38 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcqcub.dll
[2008/08/26 19:53:38 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcqcur.dll
[2008/08/26 19:53:37 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcqcu.dll
[2008/08/26 19:53:36 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DLCQcfg.dll
[2008/08/08 03:01:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/03 23:24:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/05/03 21:49:43 | 000,007,168 | ---- | C] () -- C:\Users\Kasey Lamb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/03 16:56:51 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/05/03 16:56:50 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/20 15:16:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/20 15:16:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/20 15:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/20 15:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/20 15:16:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/20 15:16:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/20 15:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2008/02/20 15:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2008/02/20 15:03:54 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/02/18 22:43:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/18 22:36:45 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2008/02/18 22:33:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/18 22:33:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/18 22:33:34 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/18 22:33:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/18 21:31:59 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2007/12/21 20:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/02/07 23:58:00 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,495,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 17:32:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcqcaps.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcqdrs.dll
[2006/05/09 10:10:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcqcnv4.dll
[2006/04/25 03:11:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcqvs.dll
[2006/03/09 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 18:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/09/13 22:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv5.dll
[2005/09/13 22:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv4.dll
[2005/07/23 01:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003/06/02 13:13:42 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbkcoin.dll
[2003/01/07 17:15:26 | 000,000,255 | ---- | C] () -- C:\Windows\System32\dlbkcoin.ini

========== LOP Check ==========

[2009/06/29 09:59:14 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\Common Files
[2011/03/13 20:06:03 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\FrostWire
[2010/12/20 14:57:18 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\Leadertech
[2009/07/19 23:12:32 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\LimeWire
[2008/10/14 16:05:36 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\Marimba
[2009/06/29 09:59:14 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\MDSelfPlay
[2008/12/01 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\Opera
[2011/04/18 18:48:19 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\Ringtone Expressions
[2011/04/16 16:59:11 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\Tific
[2008/05/03 17:31:01 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\TOSHIBA
[2008/05/03 20:28:14 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\Ulead Systems
[2011/04/22 12:31:36 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\uTorrent
[2008/05/03 21:02:40 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\WildTangent
[2008/05/03 17:10:32 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\WinBatch
[2011/04/17 02:33:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi blakeisamped,

Sorry for the delay.

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

=====================================

Some reminders on Torrent:

You may consider that P2P downloads are one of the most common way to geting infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using P2P programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware.

You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

======================================


What happens when you try to remove CA in the Control Panel > Add-Remove Programs?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/02/28 11:00:57 | 000,000,000 | ---- | M] () -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\searchplugins\ask-1.xml
    [2011/01/18 12:13:21 | 000,000,000 | ---- | M] () -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\searchplugins\ask.xml
    [2010/07/30 14:03:39 | 000,000,000 | ---- | M] () -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\searchplugins\bing.xml
    O4 - HKLM..\Run: [] File not found
    O33 - MountPoints2\{02ae08f5-7700-11dd-b9cc-001eec337f22}\Shell - "" = AutoRun
    O33 - MountPoints2\{02ae08f5-7700-11dd-b9cc-001eec337f22}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{456b0e0c-2e92-11de-9bcd-001eec337f22}\Shell - "" = Autorun
    O33 - MountPoints2\{456b0e0c-2e92-11de-9bcd-001eec337f22}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\RECYCLER\S-2-4-20-100001542-100014547-100025202-4125.com i:\
    O33 - MountPoints2\{456b0e0c-2e92-11de-9bcd-001eec337f22}\Shell\Open\command - "" = E:\RECYCLER\S-2-4-20-100001542-100014547-100025202-4125.com i:\
    O33 - MountPoints2\{456b0e0f-2e92-11de-9bcd-001eec337f22}\Shell - "" = AutoRun
    O33 - MountPoints2\{456b0e0f-2e92-11de-9bcd-001eec337f22}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{a3addf9a-5480-11df-8cc2-001eec337f22}\Shell\Auto\command - "" = E:\dds.exe
    O33 - MountPoints2\{a3addf9a-5480-11df-8cc2-001eec337f22}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\dds.exe
    O33 - MountPoints2\{ac720752-af85-11dd-bb28-001eec337f22}\Shell - "" = AutoRun
    O33 - MountPoints2\{ac720752-af85-11dd-bb28-001eec337f22}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\sources\sperr32.exe x64
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
blakeisamped

blakeisamped

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you so much, Salagubang. Don't worry about the delay. My friend told me about how his experience with this forum went so I knew to be patient about a reply. I totally understand about the torrents. However, the fact of the matter is this is a family laptop and I'm not entirely aware of everything that goes on with using it; it is a conversation I will be having with the others who use this laptop.

When I try to uninstall CA a window pops up telling me this:

"Error E9011: You do not have sufficient privleges to install or uninstall CA Personal Fireweall.

Unable to update registry key: HKEY_LOCAL_MACHINE\SOFTWARE\CA\HIPSEngine\PolicyStorage

Try logging on as Administrator."

I'm not sure why it said that because I was on the Administrator account.

====

I ran the custom fix as you said and then this is the log from OTL with the quick scan afterward:

OTL logfile created on: 5/6/2011 11:24:56 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kasey Lamb\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 663.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 36.77 Gb Free Space | 33.33% Space Free | Partition Type: NTFS

Computer Name: KASEYLAMB-PC | User Name: Kasey Lamb | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 23:51:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kasey Lamb\Desktop\OTL.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 23:51:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kasey Lamb\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe -- (NAV)
SRV - [2010/04/12 19:15:00 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 17:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/30 03:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () [Auto | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/10/18 10:24:46 | 000,801,296 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2007/10/18 10:24:44 | 000,145,936 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UMxFwHlp)
SRV - [2007/09/28 20:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/24 21:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/06/25 22:17:04 | 000,537,840 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dlbkcoms.exe -- (dlbk_device)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/12 04:22:34 | 000,537,480 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dlcqcoms.exe -- (dlcq_device)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2004/03/25 10:12:48 | 000,024,657 | ---- | M] (Marimba, Inc.) [Auto | Stopped] -- c:\Program Files\Marimba\Castanet Tuner\Tuner.exe -- (MarimbaClient)


========== Driver Services (SafeList) ==========

DRV - [2011/04/16 11:49:26 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/15 01:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110415.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/15 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/04/15 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/15 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110415.035\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/01 01:23:59 | 000,330,360 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/11/23 00:21:16 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/23 00:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\system32\drivers\NAV\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/23 00:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 22:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/10 21:46:29 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/20 22:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/12/23 03:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/24 19:16:18 | 000,103,952 | ---- | M] (CA) [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\kmxfw.sys -- (KmxFw)
DRV - [2008/06/24 19:16:08 | 000,138,744 | ---- | M] (CA) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2008/06/24 19:08:56 | 000,066,576 | ---- | M] (CA) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2008/06/24 19:08:46 | 000,045,584 | ---- | M] (CA) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2008/06/24 19:08:42 | 000,088,816 | ---- | M] (CA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2008/06/24 19:08:36 | 000,063,504 | ---- | M] (CA) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2008/01/21 18:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/02 15:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/08/31 20:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/23 20:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/10 23:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/10/04 22:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 22:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/08/30 12:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/07/28 20:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.highed.aleks.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "jZip Web Search"
FF - prefs.js..browser.search.order.1: "jZip Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-i3752"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-i3752"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/09 21:31:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn\ [2011/04/16 11:57:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 23:39:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 23:39:45 | 000,000,000 | ---D | M]

[2009/07/19 23:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Extensions
[2009/07/19 23:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/06 23:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions
[2010/04/26 22:38:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/16 17:28:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/26 22:38:08 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2008/12/11 22:44:24 | 000,000,000 | ---D | M] (ToneThis) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\[email protected]
[2010/04/30 11:17:22 | 000,000,000 | ---D | M] ("Minnesota Wild Boom") -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\[email protected]
[2008/12/11 22:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\[email protected]\chrome
[2010/03/05 19:38:47 | 000,000,526 | ---- | M] () -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\searchplugins\yahoo.xml
[2011/05/06 23:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/28 10:21:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/05 17:37:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/11/09 21:31:15 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/04/16 11:57:05 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPLGN
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/12/16 13:29:40 | 000,000,839 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jZipWebSearch.xml

O1 HOSTS File: ([2011/05/06 23:19:27 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O4 - HKLM..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 76.85.229.110 76.85.229.111
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\Windows\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Users\Kasey Lamb\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kasey Lamb\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 23:19:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/02 21:12:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2011/04/30 23:51:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Kasey Lamb\Desktop\OTL.exe
[2011/04/30 11:24:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/21 17:33:38 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\Desktop\Torrents
[2011/04/17 09:06:36 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\AppData\Local\CrashDumps
[2011/04/16 20:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/16 20:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/16 18:12:02 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\AppData\Roaming\Malwarebytes
[2011/04/16 18:11:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/16 18:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/16 18:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/16 18:11:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/16 18:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/16 16:59:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/04/16 16:59:11 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\AppData\Roaming\Tific
[2011/04/16 16:17:17 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\Documents\Symantec
[2011/04/16 12:02:17 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\AppData\Local\Symantec
[2011/04/16 11:49:26 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/16 11:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/16 11:49:08 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\SymEFA.sys
[2011/04/16 11:49:08 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\SymDS.sys
[2011/04/16 11:49:08 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symtdiv.sys
[2011/04/16 11:49:08 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symnets.sys
[2011/04/16 11:49:08 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.sys
[2011/04/16 11:49:07 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.sys
[2011/04/16 11:49:07 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\Ironx86.sys
[2011/04/16 11:48:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2011/04/16 11:48:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1205000.07D
[2011/04/16 11:48:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2011/04/16 11:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011/04/16 11:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/04/16 11:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/16 11:29:43 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/04/16 11:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/04/16 11:24:10 | 000,397,880 | ---- | C] (Symantec Corporation) -- C:\Users\Kasey Lamb\Desktop\NAVDownloader.exe
[2011/04/16 01:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\eHg06511pGcBe06511
[2011/04/14 03:01:42 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2008/12/01 23:25:02 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBKhcp.dll
[2008/12/01 23:25:00 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbkcu.dll
[2008/12/01 23:23:55 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomm.dll
[2008/08/26 19:53:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcqinpa.dll
[2008/08/26 19:53:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLCQhcp.dll
[2008/08/26 19:53:43 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcqiesc.dll
[2008/08/26 19:53:42 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcqserv.dll
[2008/08/26 19:53:42 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcqusb1.dll
[2008/08/26 19:53:41 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcqpmui.dll
[2008/08/26 19:53:41 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcqlmpm.dll
[2008/08/26 19:53:41 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcqprox.dll
[2008/08/26 19:53:41 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcqpplc.dll
[2008/08/26 19:53:39 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcqhbn3.dll
[2008/08/26 19:53:39 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcqih.exe
[2008/08/26 19:53:37 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcqcomc.dll
[2008/08/26 19:53:37 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcqcoms.exe
[2008/08/26 19:53:37 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcqcomm.dll
[2008/08/26 19:53:36 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcqcfg.exe
[2007/06/25 22:17:06 | 000,386,288 | ---- | C] ( ) -- C:\Windows\System32\dlbkih.exe
[2007/06/25 22:17:04 | 000,537,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkcoms.exe
[2007/06/25 22:17:00 | 000,382,192 | ---- | C] ( ) -- C:\Windows\System32\dlbkcfg.exe
[2007/01/30 15:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbkpmui.dll
[2007/01/30 15:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbkserv.dll
[2007/01/30 15:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbklmpm.dll
[2007/01/30 15:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbkiesc.dll
[2007/01/30 15:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbkpplc.dll
[2007/01/30 15:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomc.dll
[2007/01/30 15:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkprox.dll
[2007/01/30 15:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbkinpa.dll
[2007/01/30 15:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbkusb1.dll
[2007/01/30 15:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbkhbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/05/06 23:22:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/06 23:19:27 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/06 23:14:35 | 004,342,980 | ---- | M] () -- C:\Users\Kasey Lamb\Desktop\ComboFix.exe
[2011/05/02 21:20:36 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/02 21:20:36 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/02 21:14:00 | 000,102,528 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2011/05/02 21:14:00 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2011/05/02 21:14:00 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2011/05/02 21:14:00 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2011/05/02 21:14:00 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2011/05/02 21:14:00 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2011/05/02 21:14:00 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2011/05/02 21:14:00 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2011/04/30 23:51:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kasey Lamb\Desktop\OTL.exe
[2011/04/30 22:36:35 | 000,001,356 | ---- | M] () -- C:\Users\Kasey Lamb\AppData\Local\d3d9caps.dat
[2011/04/28 12:55:53 | 000,019,501 | ---- | M] () -- C:\Users\Kasey Lamb\Desktop\canceled check.pdf
[2011/04/25 14:13:12 | 000,078,279 | ---- | M] () -- C:\Users\Kasey Lamb\Desktop\Unit4Outline.pdf
[2011/04/20 11:34:55 | 000,000,859 | ---- | M] () -- C:\Users\Kasey Lamb\Desktop\Norton Installation Files.lnk
[2011/04/18 22:13:39 | 000,002,613 | ---- | M] () -- C:\Users\Kasey Lamb\Desktop\Microsoft Word 2010.lnk
[2011/04/18 19:07:01 | 000,432,286 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110502-183557.backup
[2011/04/17 20:30:59 | 000,432,286 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110418-190700.backup
[2011/04/17 19:04:01 | 144,412,557 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/17 18:33:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/17 18:28:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/17 18:28:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/17 18:24:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/16 23:00:14 | 000,432,286 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110417-203059.backup
[2011/04/16 20:40:56 | 000,001,090 | ---- | M] () -- C:\Users\Kasey Lamb\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/16 20:40:56 | 000,001,066 | ---- | M] () -- C:\Users\Kasey Lamb\Desktop\Spybot - Search & Destroy.lnk
[2011/04/16 20:35:41 | 000,495,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/16 18:11:54 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/16 11:55:01 | 002,327,008 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Cat.DB
[2011/04/16 11:49:26 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/16 11:49:26 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/16 11:49:26 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/16 11:49:14 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/04/16 11:20:33 | 000,397,880 | ---- | M] (Symantec Corporation) -- C:\Users\Kasey Lamb\Desktop\NAVDownloader.exe
[2011/04/09 20:11:45 | 000,000,954 | ---- | M] () -- C:\Users\Kasey Lamb\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/09 17:14:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/09 17:14:55 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/09 17:13:41 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

========== Files Created - No Company Name ==========

[2011/05/06 23:14:33 | 004,342,980 | ---- | C] () -- C:\Users\Kasey Lamb\Desktop\ComboFix.exe
[2011/04/28 12:55:53 | 000,019,501 | ---- | C] () -- C:\Users\Kasey Lamb\Desktop\canceled check.pdf
[2011/04/25 14:13:12 | 000,078,279 | ---- | C] () -- C:\Users\Kasey Lamb\Desktop\Unit4Outline.pdf
[2011/04/24 19:32:16 | 000,163,706 | ---- | C] () -- C:\Windows\hpoins36.dat.temp
[2011/04/24 19:32:16 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2011/04/18 23:16:40 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/04/16 20:40:56 | 000,001,090 | ---- | C] () -- C:\Users\Kasey Lamb\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/16 20:40:56 | 000,001,066 | ---- | C] () -- C:\Users\Kasey Lamb\Desktop\Spybot - Search & Destroy.lnk
[2011/04/16 18:11:54 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/16 11:53:07 | 002,327,008 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Cat.DB
[2011/04/16 11:49:26 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/16 11:49:26 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/16 11:49:14 | 000,002,147 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/04/16 11:48:49 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\SymEFA.inf
[2011/04/16 11:48:49 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\SymDS.inf
[2011/04/16 11:48:49 | 000,001,474 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\SymNetV.inf
[2011/04/16 11:48:49 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\SymNet.inf
[2011/04/16 11:48:49 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.inf
[2011/04/16 11:48:49 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.inf
[2011/04/16 11:48:49 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Iron.inf
[2011/04/16 11:48:48 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symnetv.cat
[2011/04/16 11:48:48 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\iron.cat
[2011/04/16 11:48:48 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\SymNet.cat
[2011/04/16 11:48:48 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\SymEFA.cat
[2011/04/16 11:48:48 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.cat
[2011/04/16 11:48:48 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\SymDS.cat
[2011/04/16 11:48:48 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.cat
[2011/04/16 11:48:48 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\isolate.ini
[2011/04/16 11:29:43 | 000,000,859 | ---- | C] () -- C:\Users\Kasey Lamb\Desktop\Norton Installation Files.lnk
[2011/04/09 17:13:41 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/04/27 13:48:19 | 000,001,356 | ---- | C] () -- C:\Users\Kasey Lamb\AppData\Local\d3d9caps.dat
[2009/11/09 21:11:30 | 000,163,706 | ---- | C] () -- C:\Windows\hpoins36.dat
[2009/08/18 21:42:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/18 21:42:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/24 05:40:36 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2009/01/06 00:47:01 | 000,000,097 | ---- | C] () -- C:\Users\Kasey Lamb\AppData\Roaming\SSTracePrefs.xml
[2008/12/01 23:25:02 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbkutil.dll
[2008/12/01 23:25:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBKinst.dll
[2008/12/01 23:25:01 | 000,462,848 | ---- | C] () -- C:\Windows\System32\dlbkjswr.dll
[2008/12/01 23:25:00 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbkinsb.dll
[2008/12/01 23:25:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbkcur.dll
[2008/11/30 13:37:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbkvs.dll
[2008/11/30 00:17:40 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/11/29 23:59:48 | 000,000,203 | ---- | C] () -- C:\Windows\dellstat.ini
[2008/09/01 21:48:06 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcqcoin.dll
[2008/09/01 21:41:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2008/09/01 21:41:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2008/08/26 19:53:45 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLCQinst.dll
[2008/08/26 19:53:43 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcqutil.dll
[2008/08/26 19:53:40 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcqinsb.dll
[2008/08/26 19:53:40 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcqins.dll
[2008/08/26 19:53:40 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcqjswr.dll
[2008/08/26 19:53:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcqinsr.dll
[2008/08/26 19:53:39 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcqgrd.dll
[2008/08/26 19:53:38 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcqcub.dll
[2008/08/26 19:53:38 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcqcur.dll
[2008/08/26 19:53:37 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcqcu.dll
[2008/08/26 19:53:36 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DLCQcfg.dll
[2008/08/08 03:01:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/03 23:24:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/05/03 21:49:43 | 000,007,168 | ---- | C] () -- C:\Users\Kasey Lamb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/03 16:56:51 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/05/03 16:56:50 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/20 15:16:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/20 15:16:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/20 15:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/20 15:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/20 15:16:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/20 15:16:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/20 15:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2008/02/20 15:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2008/02/20 15:03:54 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/02/18 22:43:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/18 22:36:45 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2008/02/18 22:33:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/18 22:33:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/18 22:33:34 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/18 22:33:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/18 21:31:59 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2007/12/21 20:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/02/07 23:58:00 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,495,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 17:32:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcqcaps.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcqdrs.dll
[2006/05/09 10:10:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcqcnv4.dll
[2006/04/25 03:11:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcqvs.dll
[2006/03/09 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 18:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/09/13 22:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv5.dll
[2005/09/13 22:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv4.dll
[2005/07/23 01:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003/06/02 13:13:42 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbkcoin.dll
[2003/01/07 17:15:26 | 000,000,255 | ---- | C] () -- C:\Windows\System32\dlbkcoin.ini

========== LOP Check ==========

[2009/06/29 09:59:14 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\Common Files
[2011/03/13 20:06:03 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\FrostWire
[2010/12/20 14:57:18 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\Leadertech
[2009/07/19 23:12:32 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\LimeWire
[2008/10/14 16:05:36 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\Marimba
[2009/06/29 09:59:14 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\MDSelfPlay
[2008/12/01 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\Opera
[2011/04/18 18:48:19 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\Ringtone Expressions
[2011/04/16 16:59:11 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\Tific
[2008/05/03 17:31:01 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\TOSHIBA
[2008/05/03 20:28:14 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\Ulead Systems
[2011/04/22 12:31:36 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\uTorrent
[2008/05/03 21:02:40 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\WildTangent
[2008/05/03 17:10:32 | 000,000,000 | ---D | M] -- C:\Users\Kasey Lamb\AppData\Roaming\WinBatch
[2011/04/17 02:33:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

====

And this is the log I got after that once I ran ComboFix:

ComboFix 11-05-06.03 - Kasey Lamb 05/06/2011 23:40:45.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.587 [GMT -4:00]
Running from: c:\users\Kasey Lamb\Desktop\ComboFix.exe
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
.
----- BITS: Possible infected sites -----
.
hxxp://buy-download.norton.com
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-07 03:35 . 2011-05-07 03:37 -------- d-----w- C:\32788R22FWJFW
2011-05-07 03:19 . 2011-05-07 03:19 -------- d-----w- C:\_OTL
2011-05-03 01:12 . 2011-05-03 01:12 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-04-30 15:24 . 2011-04-30 15:24 -------- d-----w- c:\windows\Sun
2011-04-17 13:06 . 2011-05-01 01:04 -------- d-----w- c:\users\Kasey Lamb\AppData\Local\CrashDumps
2011-04-17 00:40 . 2011-04-17 00:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-16 22:12 . 2011-04-16 22:12 -------- d-----w- c:\users\Kasey Lamb\AppData\Roaming\Malwarebytes
2011-04-16 22:11 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 22:11 . 2011-04-16 22:11 -------- d-----w- c:\programdata\Malwarebytes
2011-04-16 22:11 . 2011-04-16 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-16 22:11 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-16 20:59 . 2011-04-16 20:59 -------- d-----w- c:\users\Kasey Lamb\AppData\Roaming\Tific
2011-04-16 16:02 . 2011-04-16 16:02 -------- d-----w- c:\users\Kasey Lamb\AppData\Local\Symantec
2011-04-16 15:49 . 2011-04-16 15:49 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-16 15:49 . 2011-04-16 15:49 -------- d-----w- c:\program files\Symantec
2011-04-16 15:48 . 2011-04-16 15:48 -------- d-----w- c:\windows\system32\drivers\NAV
2011-04-16 15:48 . 2011-04-16 15:48 -------- d-----w- c:\program files\Norton AntiVirus
2011-04-16 15:46 . 2011-04-16 15:46 -------- d-----w- c:\program files\NortonInstaller
2011-04-16 15:27 . 2011-04-20 15:35 -------- d-----w- c:\programdata\Norton
2011-04-16 05:22 . 2011-04-16 20:17 -------- d-----w- c:\programdata\eHg06511pGcBe06511
2011-04-15 18:42 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A010EBF-A9BD-4424-AB68-FC34F1533DB2}\mpengine.dll
2011-04-14 07:01 . 2011-04-14 07:01 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-04-09 21:13 . 2011-04-09 21:13 161792 ----a-w- c:\windows\system32\msls31.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-22 14:13 . 2011-03-22 22:19 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-22 22:19 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-22 22:19 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 17:30 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R0 KmxFw;KmxFw;c:\windows\System32\DRIVERS\kmxfw.sys [2008-06-24 103952]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSVix86.sys [2010-11-11 353912]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-09-01 20352]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS [2010-11-16 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NAV\1205000.07D\SYMTDIV.SYS [2010-12-01 330360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [2007-06-26 537840]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-06-24 138744]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 MarimbaClient;MarimbaClient;c:\progra~1\Marimba\CASTAN~1\Tuner.exe [2004-03-25 24657]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-04-15 102448]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS [2010-10-21 340016]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 06:01]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 06:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.highed.aleks.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Ext: Minnesota Wild Boom: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-cctray - c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe
HKLM-Run-capfasem - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
HKLM-Run-cafwc - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe
HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-eTrust Suite Personal - c:\program files\CA\CA Internet Security Suite\caunst.exe
AddRemove-pfw - c:\program files\CA\CA Internet Security Suite\caunst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-06 23:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-06 23:57:25
ComboFix-quarantined-files.txt 2011-05-07 03:57
.
Pre-Run: 39,292,309,504 bytes free
Post-Run: 39,195,054,080 bytes free
.
- - End Of File - - 7909A60AB532A439DB15E95EE97CBE3A

====

Thanks again for all your help thus far.
  • 0

#4
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
KmxFw
KmxAgent
KmxFile
KmxCF
KmxSbx
KmxCfg

File::
c:\windows\System32\DRIVERS\kmxfw.sys
c:\windows\system32\DRIVERS\kmxagent.sys
c:\windows\system32\DRIVERS\KmxFile.sys
c:\windows\system32\DRIVERS\KmxCF.sys
c:\windows\system32\DRIVERS\KmxSbx.sys
c:\windows\system32\DRIVERS\kmxcfg.sys


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Then

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 1

#5
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#6
blakeisamped

blakeisamped

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here is the log for ComboFix:

ComboFix 11-05-09.01 - Kasey Lamb 05/09/2011 18:41:14.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.513 [GMT -4:00]
Running from: c:\users\Kasey Lamb\Desktop\ComboFix.exe
Command switches used :: c:\users\Kasey Lamb\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\DRIVERS\kmxagent.sys"
"c:\windows\system32\DRIVERS\KmxCF.sys"
"c:\windows\system32\DRIVERS\kmxcfg.sys"
"c:\windows\system32\DRIVERS\KmxFile.sys"
"c:\windows\System32\DRIVERS\kmxfw.sys"
"c:\windows\system32\DRIVERS\KmxSbx.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DRIVERS\kmxagent.sys
c:\windows\system32\DRIVERS\KmxCF.sys
c:\windows\system32\DRIVERS\kmxcfg.sys
c:\windows\system32\DRIVERS\KmxFile.sys
c:\windows\System32\DRIVERS\kmxfw.sys
c:\windows\system32\DRIVERS\KmxSbx.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KMXAGENT
-------\Legacy_KMXCF
-------\Legacy_KMXCFG
-------\Legacy_KMXFILE
-------\Legacy_KMXFW
-------\Legacy_KMXSBX
-------\Service_KmxAgent
-------\Service_KmxCF
-------\Service_KmxCfg
-------\Service_KmxFile
-------\Service_KmxFw
-------\Service_KmxSbx
.
.
((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))
.
.
2011-05-09 22:52 . 2011-05-09 22:56 -------- d-----w- c:\users\Kasey Lamb\AppData\Local\temp
2011-05-09 22:52 . 2011-05-09 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-07 03:19 . 2011-05-07 03:19 -------- d-----w- C:\_OTL
2011-05-03 01:12 . 2011-05-03 01:12 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-04-30 15:24 . 2011-04-30 15:24 -------- d-----w- c:\windows\Sun
2011-04-17 13:06 . 2011-05-01 01:04 -------- d-----w- c:\users\Kasey Lamb\AppData\Local\CrashDumps
2011-04-17 00:40 . 2011-04-17 00:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-16 22:12 . 2011-04-16 22:12 -------- d-----w- c:\users\Kasey Lamb\AppData\Roaming\Malwarebytes
2011-04-16 22:11 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 22:11 . 2011-04-16 22:11 -------- d-----w- c:\programdata\Malwarebytes
2011-04-16 22:11 . 2011-04-16 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-16 22:11 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-16 20:59 . 2011-04-16 20:59 -------- d-----w- c:\users\Kasey Lamb\AppData\Roaming\Tific
2011-04-16 16:02 . 2011-04-16 16:02 -------- d-----w- c:\users\Kasey Lamb\AppData\Local\Symantec
2011-04-16 15:27 . 2011-05-09 22:23 -------- d-----w- c:\programdata\Norton
2011-04-16 05:22 . 2011-04-16 20:17 -------- d-----w- c:\programdata\eHg06511pGcBe06511
2011-04-15 18:42 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A010EBF-A9BD-4424-AB68-FC34F1533DB2}\mpengine.dll
2011-04-14 07:01 . 2011-04-14 07:01 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-09 21:13 . 2011-04-09 21:13 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-09 21:13 . 2011-04-09 21:13 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-09 21:13 . 2011-04-09 21:13 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-09 21:13 . 2011-04-09 21:13 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-09 21:13 . 2011-04-09 21:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-09 21:13 . 2011-04-09 21:13 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-09 21:13 . 2011-04-09 21:13 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-09 21:13 . 2011-04-09 21:13 367104 ----a-w- c:\windows\system32\html.iec
2011-04-09 21:13 . 2011-04-09 21:13 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-09 21:13 . 2011-04-09 21:13 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-09 21:13 . 2011-04-09 21:13 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-09 21:13 . 2011-04-09 21:13 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-09 21:13 . 2011-04-09 21:13 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-09 21:13 . 2011-04-09 21:13 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-09 21:13 . 2011-04-09 21:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-09 21:13 . 2011-04-09 21:13 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-09 21:13 . 2011-04-09 21:13 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-09 21:13 . 2011-04-09 21:13 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-09 21:13 . 2011-04-09 21:13 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-09 21:13 . 2011-04-09 21:13 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-09 21:13 . 2011-04-09 21:13 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-02-22 14:13 . 2011-03-22 22:19 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-22 22:19 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-22 22:19 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 17:30 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [2007-06-26 537840]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R2 MarimbaClient;MarimbaClient;c:\progra~1\Marimba\CASTAN~1\Tuner.exe [2004-03-25 24657]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [x]
R3 CFcatchme;CFcatchme;c:\users\KASEYL~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-09-01 20352]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 06:01]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 06:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.highed.aleks.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Ext: Minnesota Wild Boom: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-09 18:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-05-09 19:05:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-09 23:04
ComboFix2.txt 2011-05-07 03:57
.
Pre-Run: 39,811,129,344 bytes free
Post-Run: 39,496,773,632 bytes free
.
- - End Of File - - A73FCD6913E75563760DADF5E8DE8482

====

Here is the log for Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6541

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

5/9/2011 7:23:28 PM
mbam-log-2011-05-09 (19-23-28).txt

Scan type: Quick scan
Objects scanned: 156337
Time elapsed: 13 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

====

I ran into an issue running ESET Online Scanner the first time, when it was almost finished the entire program locked up and never unfrozen even after an hour or two. However, after a reboot I ran it again and this time it worked properly.

Here is the log:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
[email protected] as downloader log:
all ok
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=5436f0848f36a743a0a1886a98cf0ac5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-13 06:23:01
# local_time=2011-05-13 02:23:01 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 1420923 141842979 0 0
# compatibility_mode=8192 67108863 100 0 165345 165345 0 0
# scanned=185463
# found=0
# cleaned=0
# scan_time=32330


Finally, I have recently started to have an old issue. The sound does no work and says the audio service is not running. Also, it seems as if during normal start the screen is still in safe mode.The icons are larger and their is a simple toolbar as well as no audio.
  • 0

#7
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi,

Please open OTL and choose Run Scan. Post the log on your next reply for review.

Finally, I have recently started to have an old issue. The sound does no work and says the audio service is not running. Also, it seems as if during normal start the screen is still in safe mode.The icons are larger and their is a simple toolbar as well as no audio.


Lets look at the device manager.

Press Start > Run and type

devmgmt.msc

The windows management console will appear listing your computer's hardware devices. Tell me if you see any an entry with yellow question/exclamation mark besides it and note the name of the device listed.

:)
  • 0

#8
blakeisamped

blakeisamped

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hello,
I checked the windows management console with the listing of devices and there was nothing that was marked with yellow question/exclamation mark beside of them.
------------------------------------------------------
Here is the OTL Log:

OTL logfile created on: 5/17/2011 8:35:34 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kasey Lamb\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 195.00 Mb Available Physical Memory | 19.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 35.56 Gb Free Space | 32.23% Space Free | Partition Type: NTFS

Computer Name: KASEYLAMB-PC | User Name: Kasey Lamb | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 23:51:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kasey Lamb\Desktop\OTL.exe
PRC - [2011/04/30 23:39:39 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/20 08:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 23:51:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kasey Lamb\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (UMxFwHlp)
SRV - File not found [Auto | Stopped] -- -- (UmxCfg)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- -- (CaCCProvSP)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 17:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/30 03:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () [Auto | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 20:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/24 21:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/06/25 22:17:04 | 000,537,840 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dlbkcoms.exe -- (dlbk_device)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/12 04:22:34 | 000,537,480 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dlcqcoms.exe -- (dlcq_device)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2004/03/25 10:12:48 | 000,024,657 | ---- | M] (Marimba, Inc.) [Auto | Stopped] -- c:\Program Files\Marimba\Castanet Tuner\Tuner.exe -- (MarimbaClient)


========== Driver Services (SafeList) ==========

DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/12/23 03:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/21 18:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/02 15:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/08/31 20:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/23 20:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/10 23:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/10/04 22:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 22:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/08/30 12:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/07/28 20:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.highed.aleks.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "jZip Web Search"
FF - prefs.js..browser.search.order.1: "jZip Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-i3752"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-i3752"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/09 21:31:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 23:39:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 23:39:45 | 000,000,000 | ---D | M]

[2009/07/19 23:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Extensions
[2009/07/19 23:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/16 18:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions
[2010/04/26 22:38:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/16 17:28:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/26 22:38:08 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2008/12/11 22:44:24 | 000,000,000 | ---D | M] (ToneThis) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\[email protected]
[2010/04/30 11:17:22 | 000,000,000 | ---D | M] ("Minnesota Wild Boom") -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\[email protected]
[2008/12/11 22:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\extensions\[email protected]\chrome
[2010/03/05 19:38:47 | 000,000,526 | ---- | M] () -- C:\Users\Kasey Lamb\AppData\Roaming\Mozilla\Firefox\Profiles\eg72o2ud.default\searchplugins\yahoo.xml
[2011/05/16 18:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/28 10:21:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/05 17:37:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/11/09 21:31:15 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/12/16 13:29:40 | 000,000,839 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jZipWebSearch.xml

O1 HOSTS File: ([2011/05/09 18:55:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 76.85.229.110 76.85.229.111
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\Windows\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Users\Kasey Lamb\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kasey Lamb\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 19:30:50 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Kasey Lamb\Desktop\esetsmartinstaller_enu.exe
[2011/05/09 19:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/09 19:06:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/09 18:55:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/09 18:52:59 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\AppData\Local\temp
[2011/05/09 18:35:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/06 23:37:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/06 23:37:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/06 23:37:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/06 23:37:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/06 23:33:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/06 23:19:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/02 21:12:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2011/04/30 23:51:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Kasey Lamb\Desktop\OTL.exe
[2011/04/30 11:24:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/21 17:33:38 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\Desktop\Torrents
[2011/04/17 09:06:36 | 000,000,000 | ---D | C] -- C:\Users\Kasey Lamb\AppData\Local\CrashDumps
[2008/12/01 23:25:02 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBKhcp.dll
[2008/12/01 23:25:00 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbkcu.dll
[2008/12/01 23:23:55 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomm.dll
[2008/08/26 19:53:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcqinpa.dll
[2008/08/26 19:53:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLCQhcp.dll
[2008/08/26 19:53:43 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcqiesc.dll
[2008/08/26 19:53:42 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcqserv.dll
[2008/08/26 19:53:42 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcqusb1.dll
[2008/08/26 19:53:41 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcqpmui.dll
[2008/08/26 19:53:41 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcqlmpm.dll
[2008/08/26 19:53:41 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcqprox.dll
[2008/08/26 19:53:41 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcqpplc.dll
[2008/08/26 19:53:39 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcqhbn3.dll
[2008/08/26 19:53:39 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcqih.exe
[2008/08/26 19:53:37 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcqcomc.dll
[2008/08/26 19:53:37 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcqcoms.exe
[2008/08/26 19:53:37 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcqcomm.dll
[2008/08/26 19:53:36 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcqcfg.exe
[2007/06/25 22:17:06 | 000,386,288 | ---- | C] ( ) -- C:\Windows\System32\dlbkih.exe
[2007/06/25 22:17:04 | 000,537,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkcoms.exe
[2007/06/25 22:17:00 | 000,382,192 | ---- | C] ( ) -- C:\Windows\System32\dlbkcfg.exe
[2007/01/30 15:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbkpmui.dll
[2007/01/30 15:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbkserv.dll
[2007/01/30 15:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbklmpm.dll
[2007/01/30 15:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbkiesc.dll
[2007/01/30 15:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbkpplc.dll
[2007/01/30 15:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomc.dll
[2007/01/30 15:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkprox.dll
[2007/01/30 15:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbkinpa.dll
[2007/01/30 15:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbkusb1.dll
[2007/01/30 15:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbkhbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/05/17 08:28:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/16 18:38:39 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/16 18:38:39 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/16 18:34:22 | 1063,706,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/14 20:58:16 | 000,002,613 | ---- | M] () -- C:\Users\Kasey Lamb\Desktop\Microsoft Word 2010.lnk
[2011/05/13 05:09:56 | 000,001,356 | ---- | M] () -- C:\Users\Kasey Lamb\AppData\Local\d3d9caps.dat
[2011/05/10 15:10:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 15:10:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 13:33:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/10 11:10:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/09 19:30:53 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Kasey Lamb\Desktop\esetsmartinstaller_enu.exe
[2011/05/09 18:55:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/09 18:35:39 | 004,344,420 | R--- | M] () -- C:\Users\Kasey Lamb\Desktop\ComboFix.exe
[2011/05/09 18:02:08 | 000,102,528 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2011/05/09 18:02:08 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2011/05/09 18:02:08 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2011/05/09 18:02:08 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2011/05/09 18:02:08 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2011/05/09 18:02:08 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2011/05/09 18:02:08 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2011/05/09 18:02:08 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2011/04/30 23:51:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kasey Lamb\Desktop\OTL.exe
[2011/04/28 12:55:53 | 000,019,501 | ---- | M] () -- C:\Users\Kasey Lamb\Desktop\canceled check.pdf
[2011/04/25 14:13:12 | 000,078,279 | ---- | M] () -- C:\Users\Kasey Lamb\Desktop\Unit4Outline.pdf
[2011/04/20 11:34:55 | 000,000,859 | ---- | M] () -- C:\Users\Kasey Lamb\Desktop\Norton Installation Files.lnk
[2011/04/18 19:07:01 | 000,432,286 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110502-183557.backup
[2011/04/17 20:30:59 | 000,432,286 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110418-190700.backup
[2011/04/17 19:04:01 | 144,412,557 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/05/14 20:55:57 | 1063,706,624 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/06 23:37:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/06 23:37:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/06 23:37:13 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/06 23:37:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/06 23:37:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/06 23:14:33 | 004,344,420 | R--- | C] () -- C:\Users\Kasey Lamb\Desktop\ComboFix.exe
[2011/04/28 12:55:53 | 000,019,501 | ---- | C] () -- C:\Users\Kasey Lamb\Desktop\canceled check.pdf
[2011/04/25 14:13:12 | 000,078,279 | ---- | C] () -- C:\Users\Kasey Lamb\Desktop\Unit4Outline.pdf
[2011/04/24 19:32:16 | 000,163,706 | ---- | C] () -- C:\Windows\hpoins36.dat.temp
[2011/04/24 19:32:16 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2011/04/18 23:16:40 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/04/27 13:48:19 | 000,001,356 | ---- | C] () -- C:\Users\Kasey Lamb\AppData\Local\d3d9caps.dat
[2009/11/09 21:11:30 | 000,163,706 | ---- | C] () -- C:\Windows\hpoins36.dat
[2009/08/18 21:42:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/18 21:42:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/24 05:40:36 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2009/01/06 00:47:01 | 000,000,097 | ---- | C] () -- C:\Users\Kasey Lamb\AppData\Roaming\SSTracePrefs.xml
[2008/12/01 23:25:02 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbkutil.dll
[2008/12/01 23:25:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBKinst.dll
[2008/12/01 23:25:01 | 000,462,848 | ---- | C] () -- C:\Windows\System32\dlbkjswr.dll
[2008/12/01 23:25:00 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbkinsb.dll
[2008/12/01 23:25:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbkcur.dll
[2008/11/30 13:37:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbkvs.dll
[2008/11/30 00:17:40 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/11/29 23:59:48 | 000,000,203 | ---- | C] () -- C:\Windows\dellstat.ini
[2008/09/01 21:48:06 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcqcoin.dll
[2008/09/01 21:41:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2008/09/01 21:41:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2008/08/26 19:53:45 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLCQinst.dll
[2008/08/26 19:53:43 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcqutil.dll
[2008/08/26 19:53:40 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcqinsb.dll
[2008/08/26 19:53:40 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcqins.dll
[2008/08/26 19:53:40 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcqjswr.dll
[2008/08/26 19:53:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcqinsr.dll
[2008/08/26 19:53:39 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcqgrd.dll
[2008/08/26 19:53:38 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcqcub.dll
[2008/08/26 19:53:38 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcqcur.dll
[2008/08/26 19:53:37 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcqcu.dll
[2008/08/26 19:53:36 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DLCQcfg.dll
[2008/08/08 03:01:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/03 23:24:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/05/03 21:49:43 | 000,007,168 | ---- | C] () -- C:\Users\Kasey Lamb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/03 16:56:51 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/05/03 16:56:50 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/20 15:16:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/20 15:16:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/20 15:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/20 15:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/20 15:16:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/20 15:16:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/20 15:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2008/02/20 15:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2008/02/20 15:03:54 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/02/18 22:43:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/18 22:36:45 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2008/02/18 22:33:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/18 22:33:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/18 22:33:34 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/18 22:33:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/18 21:31:59 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2007/12/21 20:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/02/07 23:58:00 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,495,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 17:32:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcqcaps.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcqdrs.dll
[2006/05/09 10:10:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcqcnv4.dll
[2006/04/25 03:11:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcqvs.dll
[2006/03/09 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 18:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/09/13 22:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv5.dll
[2005/09/13 22:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv4.dll
[2005/07/23 01:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003/06/02 13:13:42 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbkcoin.dll
[2003/01/07 17:15:26 | 000,000,255 | ---- | C] () -- C:\Windows\System32\dlbkcoin.ini

< End of report >
  • 0

#9
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi,

Please run this scan for me.

  • Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan

    Posted Image
  • Click Save log button and Save the aswMBR.log to the desktop
  • Post content of that log here for me

  • 0

#10
blakeisamped

blakeisamped

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi,
I have finally run the aswMBR.exe it took a couple days, because the server must have been down. I tried to run it in normal mode, but it made my computer go to a blue screen and then shutdown. So I ran it in safe mode with networking and here is the log I received.

Log:
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-20 13:11:46
-----------------------------
13:11:46.316 OS Version: Windows 6.0.6002 Service Pack 2
13:11:46.316 Number of processors: 2 586 0xF0D
13:11:46.316 ComputerName: KASEYLAMB-PC UserName: Kasey Lamb
13:12:05.457 Initialize success
13:12:08.249 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
13:12:08.265 Disk 0 Vendor: TOSHIBA_MK1246GSX LB213M Size: 114473MB BusType: 3
13:12:10.293 Disk 0 MBR read successfully
13:12:10.293 Disk 0 MBR scan
13:12:10.324 Disk 0 unknown MBR code
13:12:12.352 Disk 0 scanning sectors +234440704
13:12:12.399 Disk 0 scanning C:\Windows\system32\drivers
13:12:19.746 Service scanning
13:12:28.108 Disk 0 trace - called modules:
13:12:28.124 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
13:12:28.155 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84cd5030]
13:12:28.170 3 CLASSPNP.SYS[82f188b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84b6f8a0]
13:12:28.186 Scan finished successfully
13:13:21.491 Disk 0 MBR has been saved successfully to "C:\Users\Kasey Lamb\Desktop\MBR.dat"
13:13:21.507 The log file has been saved successfully to "C:\Users\Kasey Lamb\Desktop\aswMBRsavelog.txt"


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-20 13:13:59
-----------------------------
13:13:59.602 OS Version: Windows 6.0.6002 Service Pack 2
13:13:59.602 Number of processors: 2 586 0xF0D
13:13:59.602 ComputerName: KASEYLAMB-PC UserName: Kasey Lamb
13:14:01.053 Initialize success
13:14:03.783 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
13:14:03.798 Disk 0 Vendor: TOSHIBA_MK1246GSX LB213M Size: 114473MB BusType: 3
13:14:05.873 Disk 0 MBR read successfully
13:14:05.873 Disk 0 MBR scan
13:14:05.920 Disk 0 unknown MBR code
13:14:07.932 Disk 0 scanning sectors +234440704
13:14:07.979 Disk 0 scanning C:\Windows\system32\drivers
13:14:15.186 Service scanning
13:14:17.526 Disk 0 trace - called modules:
13:14:17.558 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys usbhub.sys tcpip.sys NETIO.SYS
13:14:17.589 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84cd5030]
13:14:17.604 3 CLASSPNP.SYS[82f188b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84b6f8a0]
13:14:17.620 Scan finished successfully
13:14:43.750 Disk 0 MBR has been saved successfully to "C:\Users\Kasey Lamb\Desktop\MBR.dat"
13:14:43.828 The log file has been saved successfully to "C:\Users\Kasey Lamb\Desktop\aswMBRsavelog.txt"
  • 0

Advertisements


#11
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi,

Finally, I have recently started to have an old issue. The sound does no work and says the audio service is not running. Also, it seems as if during normal start the screen is still in safe mode.The icons are larger and their is a simple toolbar as well as no audio.


Tis unusual. What fixed the audio the first time? Also, what is the make and model of your machine?

:)
  • 0

#12
blakeisamped

blakeisamped

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi,
The audio began to work shortly after we ran the OTL the first time with combofix. The make and model is a Toshiba Satellite Model A205-S5825
and yes this is very strange. Along with no audio the taskbar has returned to the default grey bar instead of the vista blue bar. It seems like it is running in safe mode regardless of startup.
  • 0

#13
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
  • Restart your computer
  • Before Windows loads, you will be prompted to choose which Operating System to start
  • Use the up and down arrow key to select Microsoft Windows Recovery Console
  • You must enter which Windows installation to log onto. Type 1 and press enter.
  • At the C:\Windows prompt, type the following bolded text, and press Enter:

    fixmbr
  • At the next prompt type the following bolded text, and press Enter:

    exit

Restart into normal mode.

Next

Rerun the aswMBR.exe

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#14
blakeisamped

blakeisamped

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi,
I have tried to locate the windows recovery console, but cannot locate it. I have asked friends and googled it every possible way and cannot find where it is located. Can you please tell me how to get to the windows recovery console.Thanks.
  • 0

#15
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts

Hi,
I have tried to locate the windows recovery console, but cannot locate it. I have asked friends and googled it every possible way and cannot find where it is located. Can you please tell me how to get to the windows recovery console.Thanks.


You can always ask me when you encounter problems following my instructions. Please skip my last instruction and follow this one instead. :unsure:

Try the first method first (A) if the repair function is not available then proceed with (B)


A

  • Start the safe mode menu by rebooting and pressing and holding F8
  • Select Repair your computer.
  • Select the operating system you want to repair, and then click Next.
  • Select command prompt
  • Type in the following command

    Bootrec.exe /FixMbr
  • Once finished type Exit


B

Download the recovery console ISO from Here
Also download Imgburn from here and install

Once Imgburn is installed double click the ISO to burn to disc
  • Insert the disc and select start from the cd
  • Select Repair your computer.
  • Select the operating system you want to repair, and then click Next
  • Select command prompt
  • Type in the following command

    Bootrec.exe /FixMbr
  • Once finished type Exit

Allow it to do its thing and then try a reboot to normal windows. Afterwards run an aswMBR scan again.

:)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP