Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help removing Tidserv Activity 2 [Closed] [Solved]

Started by jaydog11 , Jan 02 2012 12:32 PM

  • This topic is locked This topic is locked

#106
jaydog11
Posted 26 January 2012 - 02:50 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Here you go.Attached File  Mini010112-04.zip   42.61KB   123 downloads
  • 0

Advertisements

#107
Essexboy
Posted 26 January 2012 - 03:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
They apear to be generated by ntoskrnl

So I will look at that file

Download the scan.txt to a usb and use OTL as previously to scan


  • 0

#108
jaydog11
Posted 26 January 2012 - 03:50 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
It seems like its hung up running the scan I will try again a little later.
  • 0

#109
jaydog11
Posted 26 January 2012 - 06:01 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
OTL logfile created on: 1/26/2012 4:40:37 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,007.00 Mb Total Physical Memory | 768.00 Mb Available Physical Memory | 76.00% Memory free
894.00 Mb Paging File | 812.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 41.97 Gb Free Space | 75.10% Space Free | Partition Type: NTFS
Drive D: | 489.72 Mb Total Space | 28.82 Mb Free Space | 5.89% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (NecUsb)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2009/01/07 21:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2006/09/02 19:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [Disabled] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2005/01/18 17:18:40 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2004/12/25 04:51:02 | 000,172,032 | ---- | M] (TOSHIBA Corporation) [Disabled] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2004/05/13 16:46:02 | 000,053,248 | ---- | M] () [Disabled] -- C:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 17:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (usbvideo) USB Video Device (WDM)
DRV - File not found [Kernel | On_Demand] -- -- (smwdm)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (aeaudio)
DRV - [2012/01/02 00:02:57 | 000,026,872 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\FixTDSS.sys -- (FixTDSS)
DRV - [2011/12/31 20:25:10 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/30 02:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120102.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/30 02:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/30 02:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/30 02:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120102.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/28 19:35:30 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20111228.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/12/21 23:50:32 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/30 22:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,369,784 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 21:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SymEFA.sys -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SymDS.sys -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/03/01 22:37:30 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/05/25 17:01:00 | 000,069,098 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2005/01/08 03:11:42 | 000,029,184 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/01/07 18:42:07 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/12/28 02:31:50 | 000,016,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2004/11/30 19:04:16 | 000,409,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/11/13 15:24:52 | 000,006,144 | R--- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2004/10/29 21:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/15 13:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/09/09 13:49:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2004/08/23 14:20:06 | 000,158,720 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus)
DRV - [2004/07/22 17:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/06/16 14:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/05/08 23:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/04/30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi)
DRV - [2004/02/04 13:27:28 | 000,138,240 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TMicAry.sys -- (TMicAry)
DRV - [2004/01/30 13:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2002/09/13 01:48:50 | 000,008,832 | ---- | M] (TOSHIBA) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TBtnKey.sys -- (TBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Isabel_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Isabel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Jessica_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Jessica_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\Maria!!_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Maria!!_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Mom_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Mom_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\Show_User_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Show_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midwestdrafting.com/
IE - HKU\Show_User_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\Show_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Toshiba_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Toshiba_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.Net\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2011/12/31 23:26:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_4_3 [2012/01/06 14:49:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/01/02 17:39:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKU\Show_User_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\Toshiba_User_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Toshiba_User_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\User_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TosRotation] C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [tabletwizard] File not found
O4 - HKU\Administrator_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Isabel_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Jessica_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Maria!!_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Mom_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Show_User_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Toshiba_User_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\User_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Isabel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jessica_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Maria!!_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mom_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Show_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Show_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Show_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Toshiba_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262802408948 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/07 15:39:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/07 13:34:44 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Show User\Desktop\tdsskiller.exe
[2012/01/06 18:20:46 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Show User\Desktop\VEW.exe
[2012/01/04 17:30:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/04 16:27:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2012/01/02 17:01:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/02 16:55:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/02 16:55:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/02 16:55:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/02 16:55:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/02 16:55:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/02 16:55:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/02 16:53:39 | 004,360,898 | R--- | C] (Swearware) -- C:\Documents and Settings\Show User\Desktop\ComboFix.exe
[2012/01/02 16:53:24 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Show User\Desktop\aswMBR.exe
[2012/01/02 14:16:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/02 11:46:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Show User\Desktop\OTL.exe
[2012/01/02 11:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Desktop\antivirus stuff
[2012/01/02 00:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Application Data\Malwarebytes
[2012/01/02 00:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 00:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/02 00:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/01 23:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Application Data\FixTDSS
[2012/01/01 23:57:22 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2012/01/01 23:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\My ware
[2012/01/01 23:54:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/01 23:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\My Ware
[2012/01/01 21:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Application Data\FixZeroAccess
[2012/01/01 17:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/01 04:40:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/01 04:11:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Show User\Recent
[2011/12/31 22:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\My Documents\Symantec
[2011/12/31 20:25:10 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/31 20:25:10 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/31 20:24:55 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymEFA.sys
[2011/12/31 20:24:55 | 000,369,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symtdi.sys
[2011/12/31 20:24:55 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymDS.sys
[2011/12/31 20:24:55 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symtdiv.sys
[2011/12/31 20:24:55 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/12/31 20:24:54 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/12/31 20:24:54 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Ironx86.sys
[2011/12/31 20:24:54 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/12/31 20:24:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2011/12/31 20:24:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1206000.01D
[2011/12/31 20:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/12/31 20:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/12/31 20:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/12/31 20:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/12/31 20:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/12/31 20:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Start Menu\Programs\Norton
[2011/12/31 20:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/12/31 20:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/01/08 15:39:55 | 000,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2011/01/08 15:39:55 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2005/01/07 16:30:07 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll
[2005/01/07 16:30:07 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\Thkemrun.exe
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[163 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/24 18:07:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/24 18:06:35 | 000,003,151 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/01/24 17:53:47 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tablet PC
[2012/01/24 17:53:03 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2012/01/24 10:55:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/08 15:50:32 | 000,000,253 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\seek.bat
[2012/01/08 14:15:58 | 000,028,158 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\safeboot.reg
[2012/01/08 14:08:46 | 000,000,260 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\seek2.zip
[2012/01/07 16:57:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/07 13:33:40 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Show User\Desktop\tdsskiller.exe
[2012/01/06 18:20:04 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Show User\Desktop\VEW.exe
[2012/01/06 14:17:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\MBR.dat
[2012/01/05 16:38:28 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Show User\NTUSER.bak
[2012/01/03 17:41:32 | 000,001,571 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\MyNICDetails.bat
[2012/01/03 17:18:38 | 000,333,917 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\FSS.exe
[2012/01/02 17:39:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/02 17:02:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/02 16:47:17 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Show User\Desktop\aswMBR.exe
[2012/01/02 16:38:11 | 004,360,898 | R--- | M] (Swearware) -- C:\Documents and Settings\Show User\Desktop\ComboFix.exe
[2012/01/02 11:46:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Show User\Desktop\OTL.exe
[2012/01/02 00:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 00:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\My ware
[2012/01/02 00:02:57 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2012/01/01 17:39:57 | 001,193,394 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/01 14:31:56 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/01/01 04:29:04 | 000,439,186 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120101-220221.backup
[2011/12/31 20:25:36 | 001,193,892 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/12/31 20:25:10 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/31 20:25:10 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/31 20:25:10 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/31 20:25:10 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/31 20:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[163 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 18:06:05 | 000,003,151 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/01/24 14:06:21 | 000,000,173 | ---- | C] () -- C:\WINDOWS\CBCDDEL.BAT
[2012/01/24 14:06:21 | 000,000,128 | ---- | C] () -- C:\WINDOWS\BVER.BAT
[2012/01/08 15:50:32 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\seek.bat
[2012/01/08 14:15:58 | 000,028,158 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\safeboot.reg
[2012/01/08 14:15:24 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\seek2.zip
[2012/01/03 17:43:45 | 000,001,571 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\MyNICDetails.bat
[2012/01/03 17:20:00 | 000,333,917 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\FSS.exe
[2012/01/02 18:06:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\MBR.dat
[2012/01/02 17:01:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/02 17:01:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/02 16:55:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/02 16:55:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/02 16:55:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/02 16:55:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/02 16:55:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/01 17:39:22 | 001,193,394 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/12/31 20:25:18 | 001,193,892 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/12/31 20:25:10 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/31 20:25:10 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/31 20:24:55 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymDS.cat
[2011/12/31 20:24:29 | 000,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymEFA.inf
[2011/12/31 20:24:29 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymDS.inf
[2011/12/31 20:24:29 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymNetV.inf
[2011/12/31 20:24:29 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymNet.inf
[2011/12/31 20:24:29 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/12/31 20:24:29 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/12/31 20:24:29 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Iron.inf
[2011/12/31 20:24:26 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnetv.cat
[2011/12/31 20:24:26 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\iron.cat
[2011/12/31 20:24:26 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymNet.cat
[2011/12/31 20:24:26 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymEFA.cat
[2011/12/31 20:24:26 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/12/31 20:24:26 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/12/31 20:24:25 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/12/24 13:32:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/24 13:12:38 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/24 13:12:38 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/12/24 01:49:27 | 000,013,706 | -HS- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\vnvbpu6x1jag7vch0tmi7v176t6q
[2011/10/28 14:40:36 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Maria!!\Local Settings\Application Data\fusioncache.dat
[2011/05/14 23:31:28 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/19 11:52:28 | 000,000,026 | ---- | C] () -- C:\WINDOWS\wb09d2se.INI
[2011/01/08 20:20:00 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Isabel\Local Settings\Application Data\fusioncache.dat
[2011/01/08 19:50:12 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2011/01/08 19:47:32 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\fusioncache.dat
[2010/02/11 08:59:41 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Show User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 17:06:29 | 000,000,215 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/01/05 20:21:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2010/01/04 21:59:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/01/04 20:48:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2010/01/04 20:25:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/22 17:32:41 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Show User\Local Settings\Application Data\fusioncache.dat
[2005/09/22 17:32:38 | 003,145,728 | -H-- | C] () -- C:\Documents and Settings\Show User\NTUSER.bak
[2005/04/06 01:40:16 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Toshiba User\Local Settings\Application Data\fusioncache.dat
[2005/04/05 07:28:02 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2005/02/16 14:10:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/16 14:09:45 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/16 14:05:01 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2005/01/21 14:05:14 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/01/21 14:05:14 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/01/07 18:52:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/01/07 18:52:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/01/07 18:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/01/07 18:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/01/07 18:52:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/01/07 18:52:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/01/07 18:40:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/07 17:26:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/01/07 16:58:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/01/07 16:58:08 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/01/07 16:42:54 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/01/07 16:42:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/01/07 16:42:54 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/01/07 16:42:54 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/01/07 16:41:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/01/07 16:30:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2005/01/07 15:46:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/07 15:42:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/07 15:35:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/07 15:33:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/07 13:06:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/07 13:03:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/07 13:03:38 | 000,446,424 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/07 13:03:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/07 13:03:38 | 000,073,464 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/07 13:03:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/07 13:03:36 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/07 13:03:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/07 13:03:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/07 13:03:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/07 13:03:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/07 13:03:09 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/07 13:03:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/07 07:28:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/07 07:27:42 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/12 10:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/01/09 00:01:05 | 000,000,024 | -HS- | C] () -- C:\Documents and Settings\Show User\Local Settings\Application Data\TabletPlanner.tb4

========== LOP Check ==========

[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\InterVideo
[2005/01/07 17:54:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2010/01/04 20:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\InterVideo
[2005/01/07 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\toshiba
[2011/05/28 16:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\WB09D2SE
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\InterVideo
[2011/09/01 18:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Software MacKiev
[2005/01/07 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\toshiba
[2011/05/09 14:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\WB09D2SE
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria!!\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria!!\Application Data\InterVideo
[2005/01/07 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria!!\Application Data\toshiba
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\InterVideo
[2011/04/14 12:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Software MacKiev
[2005/01/07 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\toshiba
[2011/04/14 12:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WB09D2SE
[2012/01/01 23:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\FixTDSS
[2012/01/01 21:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\FixZeroAccess
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\InterVideo
[2010/01/07 23:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\toshiba
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba User\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba User\Application Data\InterVideo
[2005/01/07 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba User\Application Data\toshiba
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterVideo
[2005/01/07 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\toshiba
[2009/10/02 20:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AliasWavefront
[2010/01/04 20:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/04/14 12:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Software MacKiev
[2005/01/07 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/12/27 01:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2011/12/27 01:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: NTOSKRNL.EX_ >
[2004/08/04 07:00:00 | 001,008,941 | ---- | M] () MD5=0E949DAD6920A1D83B64A8457076D366 -- C:\WINDOWS\I386\NTOSKRNL.EX_

< MD5 for: NTOSKRNL.EXE >
[2009/12/09 02:52:36 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=05BE3D9A71972223AFF6A3C823BA51B1 -- C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[2008/04/14 03:57:54 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe
[2005/03/01 20:04:22 | 002,179,456 | ---- | M] (Microsoft Corporation) MD5=28187802B7C368C0D3AEF7D4C382AABB -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[2010/04/27 21:25:02 | 002,189,952 | ---- | M] (Microsoft Corporation) MD5=472059774023F80EB7227EAF9A7ACDA1 -- C:\WINDOWS\$NtUninstallKB2393802$\ntoskrnl.exe
[2005/03/01 19:59:53 | 002,179,328 | ---- | M] (Microsoft Corporation) MD5=4D4CF2C14550A4B7718E94A6E581856E -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2005/03/01 19:59:53 | 002,179,328 | ---- | M] (Microsoft Corporation) MD5=4D4CF2C14550A4B7718E94A6E581856E -- C:\WINDOWS\system32\ntoskrnl.exe
[2010/12/09 08:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=64C1ADF6DF629F340C5A439FE0EF8ED1 -- C:\WINDOWS\$NtUninstallKB2633171$\ntoskrnl.exe
[2009/12/08 14:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOWS\$NtUninstallKB979683$\ntoskrnl.exe
[2009/08/04 23:44:46 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=8415D9C7C050E7022AED8ABF281BE4A6 -- C:\WINDOWS\$NtUninstallKB977165$\ntoskrnl.exe
[2011/10/25 08:33:08 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=892CDDFF7EF96951B9B0B50974070E47 -- C:\WINDOWS\ERDNT\cache\ntoskrnl.exe
[2011/10/25 08:33:08 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=892CDDFF7EF96951B9B0B50974070E47 -- C:\WINDOWS\SoftwareDistribution\Download\bbdccbfd5870508d129e9b482b642cbf\sp3gdr\ntoskrnl.exe
[2011/10/25 08:33:08 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=892CDDFF7EF96951B9B0B50974070E47 -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[2010/04/27 08:50:44 | 002,190,080 | ---- | M] (Microsoft Corporation) MD5=A2ABBEC40CDB57454645D06B7EBD22F5 -- C:\WINDOWS\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[2010/12/09 08:43:18 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=A531BBD3DE13121C1380ED7DC99082DB -- C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[2004/08/04 07:00:00 | 002,180,992 | ---- | M] (Microsoft Corporation) MD5=CE218BC7088681FAA06633E218596CA7 -- C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
[2010/02/17 11:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) MD5=D41C3CBAD0E1C0728D1CDFD541F60CFA -- C:\WINDOWS\$NtUninstallKB981852$\ntoskrnl.exe
[2010/02/16 07:52:12 | 002,190,080 | ---- | M] (Microsoft Corporation) MD5=E1F653A542449D54FA2D27463D99B6B6 -- C:\WINDOWS\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[2009/02/07 22:35:26 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2011/10/25 08:34:49 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=F512C662874D7545E5BD8005E6800A44 -- C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[2011/10/25 08:34:49 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=F512C662874D7545E5BD8005E6800A44 -- C:\WINDOWS\SoftwareDistribution\Download\bbdccbfd5870508d129e9b482b642cbf\sp3qfe\ntoskrnl.exe
[2009/08/04 08:56:10 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=FDE779EA1A564EBFE16F4E0F82B61BAD -- C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
< End of report >
  • 0

#110
Essexboy
Posted 27 January 2012 - 02:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets replace the file with a good copy

Download the attached fix.txt to a usb drive

Start Reatogo desktop
Run OTL
Press the run Fix button
And load the fix.txt
Press Run Fix again
  • 0

#111
jaydog11
Posted 27 January 2012 - 02:44 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
After I run fix then what should I do?
  • 0

#112
Essexboy
Posted 27 January 2012 - 02:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Try Normal mode again please
  • 0

#113
jaydog11
Posted 27 January 2012 - 02:55 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
still same problem.
  • 0

#114
Essexboy
Posted 27 January 2012 - 03:25 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will do a little more research on this... But Reatogo will allow you access to your files and the internet in the meantime
  • 0

#115
jaydog11
Posted 27 January 2012 - 03:31 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
still can't go online

Edited by jaydog11, 27 January 2012 - 03:32 PM.

  • 0

Advertisements

#116
Essexboy
Posted 28 January 2012 - 08:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK i have found a new analysis tool

Please download FRST to the USB drive
Restart the computer using the OTLPE cd
Once the Reatogo desktop is up
Then navigate to the USB drive and run FRST.exe

  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive.
    Please copy and paste it to your reply.

  • 0

#117
jaydog11
Posted 30 January 2012 - 11:40 AM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Here is the FIRST log.

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-01-30 11:34:53
Running from D:\Virus removal stuff
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume [271872 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe [155648 2004-10-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [126976 2004-10-25] (Intel Corporation)
HKLM\...\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe [258048 2004-08-10] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon [x]
HKLM\...\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [266240 2004-12-13] (TOSHIBA)
HKLM\...\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [135168 2004-09-15] (TOSHIBA Corporation)
HKLM\...\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [126976 2003-01-21] (TOSHIBA Corporation)
HKLM\...\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe [73728 2004-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run [340032 2004-12-14] (TOSHIBA)
HKLM\...\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon [126976 2005-01-18] (TOSHIBA)
HKLM\...\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service [81920 2004-12-07] (TOSHIBA)
HKLM\...\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client [86016 2003-08-01] (TOSHIBA Corporation)
HKLM\...\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run [147456 2004-11-03] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless [385024 2004-10-15] (Intel Corporation)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [98304 2005-01-07] (Apple Computer, Inc.)
HKLM\...\Run: [TPSODDCtl] TPSODDCtl.exe [x]
HKLM\...\Run: [TPSMain] TPSMain.exe [x]
HKLM\...\Run: [TFNF5] TFNF5.exe [x]
HKLM\...\Run: [TFncKy] TFncKy.exe [x]
HKLM\...\Run: [000StTHK] 000StTHK.exe [x]
HKLM\...\Run: [AGRSMMSG] AGRSMMSG.exe [x]
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [196608 2004-03-24] (Alps Electric Co., Ltd.)
HKLM\...\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe [798720 2005-01-06] (TOSHIBA)
HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [1388544 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe [16384 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto [158208 2004-08-04] (Microsoft Corporation)
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Administrator\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Default User\...\Run: [TabletWizard] %windir%\help\wizard.hta [x]
HKU\Default User\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1694208 2004-10-13] (Microsoft Corporation)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
HKU\Isabel\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Isabel\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
HKU\Jessica\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Jessica\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
HKU\Maria!!\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Maria!!\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1694208 2004-10-13] (Microsoft Corporation)
HKU\Maria!!\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
HKU\Mom\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Mom\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
HKU\Show User\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Show User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Show User\...\Policies\system: [disableregistrytools] 0
HKU\Toshiba User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Toshiba User\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1694208 2004-10-13] (Microsoft Corporation)
HKU\Toshiba User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
HKU\User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\User\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1694208 2004-10-13] (Microsoft Corporation)
HKU\User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
HKLM\...\Runonce: [NetFxUpdate_v1.0.3705] "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\NetfxUpdate.exe" 0 v1.0.3705 GAC + NI [x]
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy:
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\IntelWireless: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [X]
Winlogon\Notify\loginkey: C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [X]
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\TabBtnWL: TabBtnWL.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\tpgwlnotify: tpgwlnot.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Lsa: [Notification Packages]

================================ Services (Whitelisted) ==================

4 DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [106496 2003-05-23] (Matsushita Electric Industrial Co., Ltd.)
2 Eventlog; C:\Windows\System32\services.exe [108032 2004-08-04] (Microsoft Corporation)
4 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [86016 2004-10-15] (Intel Corporation)
4 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2528960 2006-09-02] (Symantec Corporation)
2 NIS; "C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
4 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [139264 2004-10-15] (Intel Corporation)
4 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [360521 2004-10-15] (Intel Corporation )
2 spupdsvc; C:\WINDOWS\system32\spupdsvc.exe [26144 2009-01-07] (Microsoft Corporation)
4 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [172032 2004-12-25] (TOSHIBA Corporation)
4 Tmesbs; "C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service [86016 2003-08-01] (TOSHIBA Corporation)
4 Tmesrv; "C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service [126976 2005-01-18] (TOSHIBA)
2 uploadmgr; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
4 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 NecUsb; C:\WINDOWS\system32\NUSB3w32.dll [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
4 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]

========================== Drivers (Whitelisted) =============

0 a347bus; C:\Windows\System32\DRIVERS\a347bus.sys [158720 2004-08-23] ( )
0 a347scsi; C:\Windows\System32\Drivers\a347scsi.sys [5248 2004-04-30] ( )
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [17119 2011-06-11] (Meetinghouse Data Communications)
3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1268234 2004-07-22] (Agere Systems)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [101833 2004-05-08] (Alps Electric Co., Ltd.)
2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2005-01-07] (Windows ® 2000 DDK provider)
1 BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [819320 2011-12-21] (Symantec Corporation)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-12-30] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2011-12-30] (Symantec Corporation)
0 FixTDSS; C:\Windows\System32\drivers\FixTDSS.sys [26872 2012-01-02] (Symantec Corporation)
3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [751933 2004-10-25] (Intel Corporation)
3 IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20111228.001\IDSxpx86.sys [356280 2011-12-28] (Symantec Corporation)
3 JL2005C; C:\Windows\System32\Drivers\jl2005c.sys [69098 2009-05-25] (Windows ® 2000 DDK provider)
1 meiudf; C:\Windows\System32\Drivers\meiudf.sys [90480 2004-01-30] (Matsushita Electric Industrial Co.,Ltd.)
3 MSHUSBVideo; C:\Windows\System32\Drivers\nx6000.sys [30576 2010-03-01] (Microsoft Corporation)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
3 NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120102.004\NAVENG.SYS [86136 2011-12-30] (Symantec Corporation)
3 NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120102.004\NAVEX15.SYS [1576312 2011-12-30] (Symantec Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2004-08-04] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.)
2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11354 2004-10-15] (Intel Corporation)
3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
1 SRTSP; C:\Windows\System32\drivers\NIS\1206000.01D\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NIS\1206000.01D\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
0 SymDS; C:\Windows\System32\drivers\NIS\1206000.01D\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NIS\1206000.01D\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [126584 2011-12-31] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NIS\1206000.01D\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\drivers\NIS\1206000.01D\SYMTDI.SYS [369784 2011-03-21] (Symantec Corporation)
2 TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys [6867 2003-06-11] ()
3 TBtnKey; C:\Windows\System32\DRIVERS\TBtnKey.sys [8832 2002-09-13] (TOSHIBA)
3 TEchoCan; C:\Windows\System32\DRIVERS\TEchoCan.sys [409984 2004-11-30] (TOSHIBA Corporation)
0 Thpdrv; C:\Windows\System32\DRIVERS\thpdrv.sys [16384 2004-12-28] (TOSHIBA Corporation)
0 Thpevm; C:\Windows\System32\DRIVERS\Thpevm.SYS [6144 2004-11-13] (TOSHIBA Corporation)
1 TMEI3E; C:\Windows\System32\Drivers\TMEI3E.SYS [5888 2004-06-16] (Toshiba Corporation)
3 TMicAry; C:\Windows\System32\DRIVERS\TMicAry.sys [138240 2004-02-04] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ.SYS [9216 2004-09-09] (TOSHIBA Corporation)
3 Tvs; C:\Windows\System32\DRIVERS\Tvs.sys [29184 2005-01-08] (TOSHIBA Corporation)
3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [3222784 2004-10-29] (Intel® Corporation)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
3 aeaudio; C:\Windows\System32\drivers\aeaudio.sys [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
3 catchme; \??\C:\DOCUME~1\SHOWUS~1\LOCALS~1\Temp\catchme.sys [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
3 smwdm; C:\Windows\System32\drivers\smwdm.sys [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [x]
4 ViaIde; [x]
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [x]
3 WDICA; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-25 16:51 - 2012-01-26 16:48 - 0098122 ____A C:\OTL.Txt
2012-01-24 18:06 - 2012-01-24 18:06 - 0003151 ____A C:\Windows\System32\spupdsvc.inf
2012-01-24 18:02 - 2012-01-24 18:02 - 0000183 ____A C:\Windows\spupdsvc.log
2012-01-24 18:02 - 2012-01-24 18:02 - 0000160 ____A C:\Windows\System32\spdwnwxp.log
2012-01-24 17:53 - 2012-01-24 18:00 - 0069374 ____A C:\Windows\updspapi.log
2012-01-24 17:45 - 2012-01-24 17:45 - 0000234 ____A C:\Windows\cmsetacl.log
2012-01-24 17:45 - 2012-01-24 17:45 - 0000127 ____A C:\Windows\DtcInstall.log
2012-01-24 17:38 - 2012-01-24 18:06 - 0458207 ____A C:\Windows\spuninst.log
2012-01-24 17:38 - 2012-01-24 18:06 - 0006688 ____A C:\Windows\iis6.log
2012-01-24 17:38 - 2012-01-24 18:06 - 0002821 ____A C:\Windows\tsoc.log
2012-01-24 17:38 - 2012-01-24 18:06 - 0002053 ____A C:\Windows\comsetup.log
2012-01-24 17:38 - 2012-01-24 18:06 - 0001374 ____A C:\Windows\imsins.log
2012-01-24 17:38 - 2012-01-24 18:06 - 0001245 ____A C:\Windows\ntdtcsetup.log
2012-01-24 17:38 - 2012-01-24 18:06 - 0000342 ____A C:\Windows\ocmsn.log
2012-01-24 17:38 - 2012-01-24 18:06 - 0000311 ____A C:\Windows\tabletoc.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0006158 ____A C:\Windows\FaxSetup.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0002956 ____A C:\Windows\ocgen.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0001904 ____A C:\Windows\msmqinst.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0001083 ____A C:\Windows\netfxocm.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0000425 ____A C:\Windows\MedCtrOC.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0000309 ____A C:\Windows\msgsocm.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0000000 ____A C:\Windows\setuperr.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0000000 ____A C:\Windows\setupact.log
2012-01-24 14:06 - 2006-02-06 14:20 - 0000128 ____A C:\Windows\BVER.BAT
2012-01-24 14:06 - 2001-11-06 17:15 - 0000173 ____A C:\Windows\CBCDDEL.BAT
2012-01-08 15:50 - 2012-01-08 15:50 - 0000253 ____A C:\Documents and Settings\Show User\Desktop\seek.bat
2012-01-08 14:15 - 2012-01-08 14:15 - 0028158 ____A C:\Documents and Settings\Show User\Desktop\safeboot.reg
2012-01-08 14:15 - 2012-01-08 14:08 - 0000260 ____A C:\Documents and Settings\Show User\Desktop\seek2.zip
2012-01-07 13:34 - 2012-01-07 13:54 - 0067214 ____A C:\TDSSKiller.2.6.25.0_07.01.2012_12.34.47_log.txt
2012-01-07 13:34 - 2012-01-07 13:33 - 1578288 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Show User\Desktop\tdsskiller.exe
2012-01-06 18:21 - 2012-01-06 18:22 - 0006887 ____A C:\VEW.txt
2012-01-06 18:20 - 2012-01-06 18:20 - 0061440 ____A ( ) C:\Documents and Settings\Show User\Desktop\VEW.exe
2012-01-05 16:38 - 2012-01-05 16:38 - 0020480 ___AH C:\Documents and Settings\Show User\NTUSER.tmp.LOG
2012-01-03 17:46 - 2012-01-03 17:46 - 0010668 ____A C:\MyNICDetails.txt
2012-01-03 17:43 - 2012-01-03 17:41 - 0001571 ____A C:\Documents and Settings\Show User\Desktop\MyNICDetails.bat
2012-01-03 17:20 - 2012-01-03 17:18 - 0333917 ____A C:\Documents and Settings\Show User\Desktop\FSS.exe
2012-01-03 17:09 - 2012-01-03 17:20 - 0007721 ____A C:\Documents and Settings\Show User\resetlog.txt
2012-01-03 17:01 - 2012-01-03 17:01 - 0013775 ____A C:\ComboFix.txt
2012-01-02 18:06 - 2012-01-06 14:17 - 0000512 ____A C:\Documents and Settings\Show User\Desktop\MBR.dat
2012-01-02 17:36 - 2012-01-05 16:38 - 0049152 ___AH C:\Windows\System32\config\software.tmp.LOG
2012-01-02 17:36 - 2012-01-05 16:38 - 0008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2012-01-02 17:36 - 2012-01-05 16:38 - 0001024 ___AH C:\Windows\System32\config\system.tmp.LOG
2012-01-02 17:36 - 2012-01-02 17:36 - 0000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2012-01-02 17:36 - 2012-01-02 17:36 - 0000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-01-02 17:01 - 2012-01-02 17:01 - 0000000 RASHD C:\cmdcons
2012-01-02 17:01 - 2011-01-09 21:46 - 0000211 ____A C:\Boot.bak
2012-01-02 17:01 - 2004-08-04 00:00 - 0260272 _RASH C:\cmldr
2012-01-02 16:55 - 2012-01-03 17:01 - 0000000 ____D C:\Qoobox
2012-01-02 16:55 - 2012-01-02 17:44 - 0000000 ____D C:\Windows\ERDNT
2012-01-02 16:55 - 2011-06-26 01:45 - 0256000 ____A C:\Windows\PEV.exe
2012-01-02 16:55 - 2010-11-07 12:20 - 0208896 ____A C:\Windows\MBR.exe
2012-01-02 16:55 - 2009-04-19 23:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-01-02 16:55 - 2000-08-30 19:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-01-02 16:55 - 2000-08-30 19:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-01-02 16:55 - 2000-08-30 19:00 - 0212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2012-01-02 16:55 - 2000-08-30 19:00 - 0098816 ____A C:\Windows\sed.exe
2012-01-02 16:55 - 2000-08-30 19:00 - 0080412 ____A C:\Windows\grep.exe
2012-01-02 16:55 - 2000-08-30 19:00 - 0068096 ____A C:\Windows\zip.exe
2012-01-02 16:53 - 2012-01-02 16:47 - 4702720 ____A (AVAST Software) C:\Documents and Settings\Show User\Desktop\aswMBR.exe
2012-01-02 16:53 - 2012-01-02 16:38 - 4360898 ____R (Swearware) C:\Documents and Settings\Show User\Desktop\ComboFix.exe
2012-01-02 14:16 - 2012-01-02 14:16 - 0000000 ____D C:\_OTL
2012-01-02 11:46 - 2012-01-02 11:46 - 0584192 ____A (OldTimer Tools) C:\Documents and Settings\Show User\Desktop\OTL.exe
2012-01-02 11:33 - 2012-01-02 11:38 - 0000000 ____D C:\Documents and Settings\Show User\Desktop\antivirus stuff
2012-01-02 00:22 - 2012-01-02 00:22 - 0001830 ____A C:\TDSSKiller.2.6.25.0_01.01.2012_23.22.37_log.txt
2012-01-02 00:19 - 2012-01-02 00:30 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-01-02 00:19 - 2012-01-02 00:19 - 0000000 ____D C:\Documents and Settings\Show User\Application Data\Malwarebytes
2012-01-02 00:19 - 2012-01-02 00:19 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-01-01 23:57 - 2012-01-02 00:02 - 0026872 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2012-01-01 23:57 - 2012-01-01 23:57 - 0000000 ____D C:\Documents and Settings\Show User\Application Data\FixTDSS
2012-01-01 23:54 - 2012-01-02 00:17 - 0000000 ____D C:\Program Files\My Ware
2012-01-01 23:54 - 2011-12-10 16:24 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-01-01 23:44 - 2012-01-01 23:45 - 0057642 ____A C:\TDSSKiller.2.6.25.0_01.01.2012_22.44.24_log.txt
2012-01-01 23:02 - 2012-01-01 04:29 - 0439186 ___RA C:\Windows\System32\Drivers\etc\hosts.20120101-220221.backup
2012-01-01 21:06 - 2012-01-01 21:06 - 0000000 ____D C:\Documents and Settings\Show User\Application Data\FixZeroAccess
2012-01-01 17:39 - 2012-01-01 17:39 - 1193394 ____A C:\Windows\System32\Drivers\Cat.DB
2012-01-01 17:35 - 2012-01-01 21:00 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\PC Tools
2012-01-01 17:15 - 2012-01-01 17:17 - 0057666 ____A C:\TDSSKiller.2.6.25.0_01.01.2012_16.15.50_log.txt
2012-01-01 14:45 - 2012-01-24 18:03 - 0129804 ____A C:\Windows\setupapi.log
2012-01-01 13:45 - 2012-01-01 13:47 - 0048000 ____A C:\TDSSKiller.2.4.2.0_01.01.2012_12.45.19_log.txt
2012-01-01 11:28 - 2012-01-24 17:35 - 5460910 ____A C:\Windows\ntbtlog.txt
2012-01-01 11:28 - 2012-01-01 11:28 - 0094208 ____A C:\Windows\Minidump\Mini010112-04.dmp
2012-01-01 11:27 - 2012-01-01 11:27 - 0094208 ____A C:\Windows\Minidump\Mini010112-03.dmp
2012-01-01 04:43 - 2012-01-01 04:42 - 0094208 ____A C:\Windows\Minidump\Mini010112-02.dmp
2012-01-01 04:40 - 2012-01-01 04:40 - 0094208 ____A C:\Windows\Minidump\Mini010112-01.dmp
2012-01-01 04:40 - 2012-01-01 04:40 - 0000000 ____D C:\Windows\Minidump
2012-01-01 04:35 - 2012-01-24 18:07 - 0081911 ____A C:\Windows\WindowsUpdate.log
2012-01-01 04:29 - 2012-01-02 17:39 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-01-01 04:26 - 2012-01-01 04:26 - 1048575 ____A C:\immudebug.log
2012-01-01 03:38 - 2012-01-01 03:39 - 0048004 ____A C:\TDSSKiller.2.4.2.0_01.01.2012_02.38.14_log.txt
2012-01-01 00:52 - 2012-01-01 00:52 - 0001980 ____A C:\TDSSKiller.2.4.2.0_31.12.2011_23.52.21_log.txt
2011-12-31 23:36 - 2011-12-31 23:37 - 0048004 ____A C:\TDSSKiller.2.4.2.0_31.12.2011_22.36.29_log.txt
2011-12-31 22:04 - 2011-12-31 22:04 - 0000000 ____D C:\Documents and Settings\Show User\My Documents\Symantec
2011-12-31 20:25 - 2011-12-31 20:25 - 0126584 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2011-12-31 20:25 - 2011-12-31 20:25 - 0060872 ____A (Symantec Corporation) C:\Windows\System32\S32EVNT1.DLL
2011-12-31 20:25 - 2011-12-31 20:25 - 0007468 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2011-12-31 20:25 - 2011-12-31 20:25 - 0000806 ____A C:\Windows\System32\Drivers\SYMEVENT.INF
2011-12-31 20:24 - 2011-12-31 20:24 - 0000000 ____D C:\Windows\System32\Drivers\NIS
2011-12-31 20:24 - 2011-12-31 20:24 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-12-31 20:24 - 2011-12-31 20:24 - 0000000 ____D C:\Program Files\Norton Internet Security
2011-12-31 20:22 - 2011-12-31 20:22 - 0000000 ____D C:\Program Files\NortonInstaller
2011-12-31 20:17 - 2011-12-31 20:17 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\NortonInstaller
2011-12-31 20:07 - 2011-12-31 22:04 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2011-12-31 20:07 - 2011-12-31 20:07 - 0000000 ____D C:\Documents and Settings\All Users\Documents\Norton


============ 3 Months Modified Files and Folders ===============

2012-01-30 11:34 - 2012-01-30 11:34 - 0000000 ____D C:\FRST
2012-01-26 16:48 - 2012-01-25 16:51 - 0098122 ____A C:\OTL.Txt
2012-01-24 18:07 - 2012-01-01 04:35 - 0081911 ____A C:\Windows\WindowsUpdate.log
2012-01-24 18:07 - 2005-09-22 17:32 - 0000278 __ASH C:\Documents and Settings\Show User\ntuser.ini
2012-01-24 18:06 - 2012-01-24 18:06 - 0003151 ____A C:\Windows\System32\spupdsvc.inf
2012-01-24 18:06 - 2012-01-24 17:38 - 0458207 ____A C:\Windows\spuninst.log
2012-01-24 18:06 - 2012-01-24 17:38 - 0006688 ____A C:\Windows\iis6.log
2012-01-24 18:06 - 2012-01-24 17:38 - 0002821 ____A C:\Windows\tsoc.log
2012-01-24 18:06 - 2012-01-24 17:38 - 0002053 ____A C:\Windows\comsetup.log
2012-01-24 18:06 - 2012-01-24 17:38 - 0001374 ____A C:\Windows\imsins.log
2012-01-24 18:06 - 2012-01-24 17:38 - 0001245 ____A C:\Windows\ntdtcsetup.log
2012-01-24 18:06 - 2012-01-24 17:38 - 0000342 ____A C:\Windows\ocmsn.log
2012-01-24 18:06 - 2012-01-24 17:38 - 0000311 ____A C:\Windows\tabletoc.log
2012-01-24 18:06 - 2010-01-04 21:10 - 0000000 ____D C:\Windows\ServicePackFiles
2012-01-24 18:06 - 2010-01-04 20:48 - 0000000 ___DC C:\Windows\$NtServicePackUninstall$
2012-01-24 18:06 - 2005-09-22 17:32 - 0000000 ____D C:\Documents and Settings\Show User\Local Settings\Application Data\ApplicationHistory
2012-01-24 18:03 - 2012-01-01 14:45 - 0129804 ____A C:\Windows\setupapi.log
2012-01-24 18:02 - 2012-01-24 18:02 - 0000183 ____A C:\Windows\spupdsvc.log
2012-01-24 18:02 - 2012-01-24 18:02 - 0000160 ____A C:\Windows\System32\spdwnwxp.log
2012-01-24 18:00 - 2012-01-24 17:53 - 0069374 ____A C:\Windows\updspapi.log
2012-01-24 18:00 - 2005-01-07 07:22 - 0000000 ____D C:\Windows\System32\usmt
2012-01-24 17:59 - 2005-01-07 15:36 - 0000000 ____D C:\Windows\System32\Restore
2012-01-24 17:59 - 2005-01-07 15:33 - 0000000 ____D C:\Windows\System32\Com
2012-01-24 17:59 - 2005-01-07 07:22 - 0000000 ____D C:\Windows\System32\npp
2012-01-24 17:55 - 2005-01-07 15:36 - 0000000 ____D C:\Windows\srchasst
2012-01-24 17:55 - 2005-01-07 07:22 - 0000000 ____D C:\Windows\system
2012-01-24 17:55 - 2005-01-07 07:22 - 0000000 ____D C:\Windows\PeerNet
2012-01-24 17:55 - 2005-01-07 07:22 - 0000000 ____D C:\Windows\mui
2012-01-24 17:55 - 2005-01-07 07:22 - 0000000 ____D C:\Windows\msagent
2012-01-24 17:55 - 2005-01-07 07:22 - 0000000 ____D C:\Windows\ime
2012-01-24 17:54 - 2005-01-07 15:36 - 0000000 ____D C:\Program Files\Outlook Express
2012-01-24 17:54 - 2005-01-07 15:36 - 0000000 ____D C:\Program Files\NetMeeting
2012-01-24 17:54 - 2005-01-07 15:36 - 0000000 ____D C:\Program Files\Movie Maker
2012-01-24 17:54 - 2005-01-07 15:36 - 0000000 ____D C:\Program Files\Common Files\System
2012-01-24 17:54 - 2005-01-07 15:33 - 0000000 ____D C:\Program Files\Windows NT
2012-01-24 17:54 - 2005-01-07 15:33 - 0000000 ____D C:\Program Files\Windows Journal
2012-01-24 17:54 - 2005-01-07 15:33 - 0000000 ____D C:\Program Files\Messenger
2012-01-24 17:54 - 2005-01-07 07:22 - 0000000 ____D C:\Windows\Help
2012-01-24 17:53 - 2005-01-07 13:04 - 0250032 _RASH C:\ntldr
2012-01-24 17:53 - 2005-01-07 07:22 - 0000000 ____D C:\Windows\System32\inetsrv
2012-01-24 17:52 - 2010-01-04 21:15 - 0000000 ____D C:\Windows\System32\bits
2012-01-24 17:45 - 2012-01-24 17:45 - 0000234 ____A C:\Windows\cmsetacl.log
2012-01-24 17:45 - 2012-01-24 17:45 - 0000127 ____A C:\Windows\DtcInstall.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0006158 ____A C:\Windows\FaxSetup.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0002956 ____A C:\Windows\ocgen.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0001904 ____A C:\Windows\msmqinst.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0001083 ____A C:\Windows\netfxocm.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0000425 ____A C:\Windows\MedCtrOC.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0000309 ____A C:\Windows\msgsocm.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0000000 ____A C:\Windows\setuperr.log
2012-01-24 17:38 - 2012-01-24 17:38 - 0000000 ____A C:\Windows\setupact.log
2012-01-24 17:35 - 2012-01-01 11:28 - 5460910 ____A C:\Windows\ntbtlog.txt
2012-01-24 17:35 - 2005-09-22 17:32 - 0000062 __ASH C:\Documents and Settings\Show User\Local Settings\desktop.ini
2012-01-24 17:34 - 2005-01-07 15:43 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-01-24 10:55 - 2005-01-07 13:03 - 0001158 ____A C:\Windows\System32\wpa.dbl
2012-01-08 15:50 - 2012-01-08 15:50 - 0000253 ____A C:\Documents and Settings\Show User\Desktop\seek.bat
2012-01-08 14:15 - 2012-01-08 14:15 - 0028158 ____A C:\Documents and Settings\Show User\Desktop\safeboot.reg
2012-01-08 14:08 - 2012-01-08 14:15 - 0000260 ____A C:\Documents and Settings\Show User\Desktop\seek2.zip
2012-01-07 16:57 - 2005-01-07 13:04 - 0000327 _RASH C:\boot.ini
2012-01-07 16:57 - 2005-01-07 13:03 - 0000968 ____A C:\Windows\win.ini
2012-01-07 16:57 - 2005-01-07 13:03 - 0000327 ____A C:\Windows\system.ini
2012-01-07 13:54 - 2012-01-07 13:34 - 0067214 ____A C:\TDSSKiller.2.6.25.0_07.01.2012_12.34.47_log.txt
2012-01-07 13:33 - 2012-01-07 13:34 - 1578288 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Show User\Desktop\tdsskiller.exe
2012-01-06 18:22 - 2012-01-06 18:21 - 0006887 ____A C:\VEW.txt
2012-01-06 18:20 - 2012-01-06 18:20 - 0061440 ____A ( ) C:\Documents and Settings\Show User\Desktop\VEW.exe
2012-01-06 16:05 - 2010-03-08 20:13 - 0000214 ____A C:\Windows\wiadebug.log
2012-01-06 16:05 - 2005-01-07 15:43 - 0032600 ____A C:\Windows\SchedLgU.Txt
2012-01-06 16:05 - 2005-01-07 15:43 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-06 14:49 - 2005-01-07 16:42 - 0003628 ____A C:\Windows\ModemLog_TOSHIBA Software Modem.txt
2012-01-06 14:48 - 2010-03-08 20:13 - 0000048 ____A C:\Windows\wiaservc.log
2012-01-06 14:48 - 2005-01-07 15:43 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-01-06 14:17 - 2012-01-02 18:06 - 0000512 ____A C:\Documents and Settings\Show User\Desktop\MBR.dat
2012-01-05 16:38 - 2012-01-05 16:38 - 0020480 ___AH C:\Documents and Settings\Show User\NTUSER.tmp.LOG
2012-01-05 16:38 - 2012-01-02 17:36 - 0049152 ___AH C:\Windows\System32\config\software.tmp.LOG
2012-01-05 16:38 - 2012-01-02 17:36 - 0008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2012-01-05 16:38 - 2012-01-02 17:36 - 0001024 ___AH C:\Windows\System32\config\system.tmp.LOG
2012-01-05 16:38 - 2005-09-22 17:32 - 3145728 ___AH C:\Documents and Settings\Show User\NTUSER.bak
2012-01-05 16:38 - 2005-01-07 07:27 - 6553600 ____A C:\Windows\System32\config\system.bak
2012-01-05 16:38 - 2005-01-07 07:27 - 29360128 ____A C:\Windows\System32\config\software.bak
2012-01-05 16:38 - 2005-01-07 07:27 - 0303104 ____A C:\Windows\System32\config\default.bak
2012-01-05 16:38 - 2005-01-07 07:27 - 0053248 ____A C:\Windows\System32\config\SECURITY.bak
2012-01-05 16:38 - 2005-01-07 07:27 - 0032768 ____A C:\Windows\System32\config\SAM.bak
2012-01-04 16:27 - 2005-01-07 15:43 - 0000000 __SHD C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files
2012-01-03 17:46 - 2012-01-03 17:46 - 0010668 ____A C:\MyNICDetails.txt
2012-01-03 17:41 - 2012-01-03 17:43 - 0001571 ____A C:\Documents and Settings\Show User\Desktop\MyNICDetails.bat
2012-01-03 17:20 - 2012-01-03 17:09 - 0007721 ____A C:\Documents and Settings\Show User\resetlog.txt
2012-01-03 17:18 - 2012-01-03 17:20 - 0333917 ____A C:\Documents and Settings\Show User\Desktop\FSS.exe
2012-01-03 17:02 - 2005-09-22 17:32 - 0000000 __SHD C:\Documents and Settings\Show User\Local Settings\Temporary Internet Files
2012-01-03 17:01 - 2012-01-03 17:01 - 0013775 ____A C:\ComboFix.txt
2012-01-03 17:01 - 2012-01-02 16:55 - 0000000 ____D C:\Qoobox
2012-01-02 17:44 - 2012-01-02 16:55 - 0000000 ____D C:\Windows\ERDNT
2012-01-02 17:39 - 2012-01-01 04:29 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-01-02 17:36 - 2012-01-02 17:36 - 0000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2012-01-02 17:36 - 2012-01-02 17:36 - 0000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-01-02 17:02 - 2011-12-24 13:32 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
2012-01-02 17:01 - 2012-01-02 17:01 - 0000000 RASHD C:\cmdcons
2012-01-02 16:47 - 2012-01-02 16:53 - 4702720 ____A (AVAST Software) C:\Documents and Settings\Show User\Desktop\aswMBR.exe
2012-01-02 16:38 - 2012-01-02 16:53 - 4360898 ____R (Swearware) C:\Documents and Settings\Show User\Desktop\ComboFix.exe
2012-01-02 16:19 - 2005-01-07 15:43 - 0000000 __SHD C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
2012-01-02 14:32 - 2005-04-06 01:40 - 0000000 ___SD C:\Documents and Settings\Toshiba User\Local Settings\Temporary Internet Files
2012-01-02 14:32 - 2005-04-05 07:27 - 0000000 ___SD C:\Documents and Settings\User\Local Settings\Temporary Internet Files
2012-01-02 14:30 - 2011-01-08 19:50 - 0000000 __SHD C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files
2012-01-02 14:24 - 2011-10-28 14:40 - 0000000 __SHD C:\Documents and Settings\Maria!!\Local Settings\Temporary Internet Files
2012-01-02 14:24 - 2011-01-08 19:47 - 0000000 __SHD C:\Documents and Settings\Jessica\Local Settings\Temporary Internet Files
2012-01-02 14:18 - 2011-01-08 20:19 - 0000000 __SHD C:\Documents and Settings\Isabel\Local Settings\Temporary Internet Files
2012-01-02 14:16 - 2012-01-02 14:16 - 0000000 ____D C:\_OTL
2012-01-02 14:16 - 2005-01-07 15:43 - 0000000 ___SD C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
2012-01-02 14:16 - 2005-01-07 07:28 - 0000000 __SHD C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files
2012-01-02 11:46 - 2012-01-02 11:46 - 0584192 ____A (OldTimer Tools) C:\Documents and Settings\Show User\Desktop\OTL.exe
2012-01-02 11:38 - 2012-01-02 11:33 - 0000000 ____D C:\Documents and Settings\Show User\Desktop\antivirus stuff
2012-01-02 00:30 - 2012-01-02 00:19 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-01-02 00:22 - 2012-01-02 00:22 - 0001830 ____A C:\TDSSKiller.2.6.25.0_01.01.2012_23.22.37_log.txt
2012-01-02 00:19 - 2012-01-02 00:19 - 0000000 ____D C:\Documents and Settings\Show User\Application Data\Malwarebytes
2012-01-02 00:19 - 2012-01-02 00:19 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-01-02 00:17 - 2012-01-01 23:54 - 0000000 ____D C:\Program Files\My Ware
2012-01-02 00:02 - 2012-01-01 23:57 - 0026872 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2012-01-01 23:57 - 2012-01-01 23:57 - 0000000 ____D C:\Documents and Settings\Show User\Application Data\FixTDSS
2012-01-01 23:45 - 2012-01-01 23:44 - 0057642 ____A C:\TDSSKiller.2.6.25.0_01.01.2012_22.44.24_log.txt
2012-01-01 21:06 - 2012-01-01 21:06 - 0000000 ____D C:\Documents and Settings\Show User\Application Data\FixZeroAccess
2012-01-01 21:00 - 2012-01-01 17:35 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\PC Tools
2012-01-01 17:39 - 2012-01-01 17:39 - 1193394 ____A C:\Windows\System32\Drivers\Cat.DB
2012-01-01 17:17 - 2012-01-01 17:15 - 0057666 ____A C:\TDSSKiller.2.6.25.0_01.01.2012_16.15.50_log.txt
2012-01-01 14:31 - 2005-01-07 07:28 - 0000000 ___RD C:\Documents and Settings\All Users\Start Menu
2012-01-01 14:30 - 2005-01-07 18:42 - 0000000 ____D C:\Windows\occache
2012-01-01 14:26 - 2010-06-08 20:22 - 0000000 ____D C:\Program Files\x MB Anti-Malware
2012-01-01 13:47 - 2012-01-01 13:45 - 0048000 ____A C:\TDSSKiller.2.4.2.0_01.01.2012_12.45.19_log.txt
2012-01-01 11:28 - 2012-01-01 11:28 - 0094208 ____A C:\Windows\Minidump\Mini010112-04.dmp
2012-01-01 11:27 - 2012-01-01 11:27 - 0094208 ____A C:\Windows\Minidump\Mini010112-03.dmp
2012-01-01 04:42 - 2012-01-01 04:43 - 0094208 ____A C:\Windows\Minidump\Mini010112-02.dmp
2012-01-01 04:40 - 2012-01-01 04:40 - 0094208 ____A C:\Windows\Minidump\Mini010112-01.dmp
2012-01-01 04:40 - 2012-01-01 04:40 - 0000000 ____D C:\Windows\Minidump
2012-01-01 04:29 - 2012-01-01 23:02 - 0439186 ___RA C:\Windows\System32\Drivers\etc\hosts.20120101-220221.backup
2012-01-01 04:26 - 2012-01-01 04:26 - 1048575 ____A C:\immudebug.log
2012-01-01 03:39 - 2012-01-01 03:38 - 0048004 ____A C:\TDSSKiller.2.4.2.0_01.01.2012_02.38.14_log.txt
2012-01-01 00:52 - 2012-01-01 00:52 - 0001980 ____A C:\TDSSKiller.2.4.2.0_31.12.2011_23.52.21_log.txt
2011-12-31 23:37 - 2011-12-31 23:36 - 0048004 ____A C:\TDSSKiller.2.4.2.0_31.12.2011_22.36.29_log.txt
2011-12-31 22:04 - 2011-12-31 22:04 - 0000000 ____D C:\Documents and Settings\Show User\My Documents\Symantec
2011-12-31 22:04 - 2011-12-31 20:07 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2011-12-31 22:04 - 2005-09-22 17:32 - 0000000 ___RD C:\Documents and Settings\Show User\My Documents
2011-12-31 21:44 - 2010-01-04 20:42 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2011-12-31 20:25 - 2011-12-31 20:25 - 0126584 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2011-12-31 20:25 - 2011-12-31 20:25 - 0060872 ____A (Symantec Corporation) C:\Windows\System32\S32EVNT1.DLL
2011-12-31 20:25 - 2011-12-31 20:25 - 0007468 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2011-12-31 20:25 - 2011-12-31 20:25 - 0000806 ____A C:\Windows\System32\Drivers\SYMEVENT.INF
2011-12-31 20:25 - 2010-01-04 20:42 - 0000000 ____D C:\Program Files\Symantec
2011-12-31 20:24 - 2011-12-31 20:24 - 0000000 ____D C:\Windows\System32\Drivers\NIS
2011-12-31 20:24 - 2011-12-31 20:24 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-12-31 20:24 - 2011-12-31 20:24 - 0000000 ____D C:\Program Files\Norton Internet Security
2011-12-31 20:22 - 2011-12-31 20:22 - 0000000 ____D C:\Program Files\NortonInstaller
2011-12-31 20:17 - 2011-12-31 20:17 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\NortonInstaller
2011-12-31 20:07 - 2011-12-31 20:07 - 0000000 ____D C:\Documents and Settings\All Users\Documents\Norton
2011-12-31 20:06 - 2005-01-07 18:57 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Symantec
2011-12-31 16:13 - 2010-01-05 20:23 - 0000000 ____D C:\Program Files\Yahoo!
2011-12-31 16:08 - 2010-01-05 20:23 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo!
2011-12-27 11:32 - 2011-01-08 19:47 - 0000278 __ASH C:\Documents and Settings\Jessica\ntuser.ini
2011-12-27 11:19 - 2011-01-08 19:47 - 0000062 __ASH C:\Documents and Settings\Jessica\Local Settings\desktop.ini
2011-12-27 01:28 - 2011-12-27 01:28 - 0000000 ____D C:\Program Files\MTA
2011-12-27 01:28 - 2011-12-27 01:28 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Vivitar
2011-12-27 01:28 - 2011-12-25 13:45 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
2011-12-27 01:28 - 2011-12-25 13:44 - 0000000 ____D C:\Program Files\V25
2011-12-27 01:28 - 2005-01-07 07:22 - 0000000 ____D C:\Windows\twain_32
2011-12-26 15:13 - 2011-01-08 19:50 - 0000278 __ASH C:\Documents and Settings\Mom\ntuser.ini
2011-12-26 11:34 - 2011-01-08 19:50 - 0000062 __ASH C:\Documents and Settings\Mom\Local Settings\desktop.ini
2011-12-25 14:37 - 2011-01-08 20:19 - 0000000 ___RD C:\Documents and Settings\Isabel\My Documents\My Pictures
2011-12-25 14:28 - 2011-12-25 13:45 - 0000000 ____D C:\Documents and Settings\Show User\Local Settings\Application Data\Vivitar Experience Image Manager
2011-12-25 14:23 - 2011-12-25 14:23 - 0004096 __ASH C:\Documents and Settings\Isabel\My Documents\Thumbs.db
2011-12-25 14:23 - 2011-01-08 20:19 - 0000000 ___RD C:\Documents and Settings\Isabel\My Documents
2011-12-25 13:44 - 2011-12-25 13:44 - 0000000 ____D C:\Program Files\Haali
2011-12-24 16:27 - 2005-01-07 15:43 - 0000178 __SHC C:\Documents and Settings\LocalService\ntuser.ini
2011-12-24 16:26 - 2010-12-15 14:51 - 0000000 __HDC C:\Windows\$NtUninstallKB2467659$
2011-12-24 13:12 - 2011-12-24 13:12 - 0103733 ____A C:\Windows\System32\itusbcore.dat
2011-12-24 13:12 - 2011-12-24 13:12 - 0000197 ____A C:\Windows\System32\itlsvc.dat
2011-12-24 02:23 - 2011-12-24 02:23 - 0000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2011-12-24 02:23 - 2011-12-24 02:23 - 0000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2011-12-24 02:23 - 2011-12-24 01:49 - 0013706 __ASH C:\Documents and Settings\Mom\Local Settings\Application Data\vnvbpu6x1jag7vch0tmi7v176t6q
2011-12-24 01:49 - 2011-12-17 20:36 - 0000000 ____D C:\My Documents
2011-12-24 01:49 - 2011-01-08 19:50 - 0000000 ___HD C:\Documents and Settings\Mom\Templates
2011-12-23 22:22 - 2011-01-08 20:19 - 0000278 __ASH C:\Documents and Settings\Isabel\ntuser.ini
2011-12-23 13:24 - 2011-01-08 19:47 - 0000000 ___RD C:\Documents and Settings\Jessica\My Documents\My Pictures
2011-12-22 21:24 - 2011-05-14 23:31 - 0007168 ____A C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-19 18:48 - 2011-09-15 15:48 - 0000000 ____D C:\Documents and Settings\All Users\Documents\TT Math 3
2011-12-19 18:02 - 2011-01-08 20:20 - 0000062 __ASH C:\Documents and Settings\Isabel\Local Settings\desktop.ini
2011-12-17 20:24 - 2011-10-28 14:40 - 0000178 __ASH C:\Documents and Settings\Maria!!\ntuser.ini
2011-12-17 18:09 - 2011-10-28 14:40 - 0000000 ___RD C:\Documents and Settings\Maria!!\My Documents\My Pictures
2011-12-17 18:03 - 2011-10-28 14:40 - 0000062 __ASH C:\Documents and Settings\Maria!!\Local Settings\desktop.ini
2011-12-16 16:24 - 2011-12-16 16:24 - 0052504 ____A C:\Documents and Settings\Maria!!\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2011-12-15 08:30 - 2005-01-07 07:28 - 0526576 ___AC C:\Windows\System32\PerfStringBackup.INI
2011-12-14 15:21 - 2005-01-07 07:27 - 0223224 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-14 00:10 - 2011-12-14 00:10 - 0000000 __HDC C:\Windows\$NtUninstallKB2639417$
2011-12-14 00:10 - 2011-12-14 00:10 - 0000000 __HDC C:\Windows\$NtUninstallKB2624667$
2011-12-14 00:05 - 2005-09-22 17:25 - 52988224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-12-14 00:03 - 2011-12-14 00:03 - 0000000 __HDC C:\Windows\$NtUninstallKB2633952$
2011-12-14 00:03 - 2010-01-04 22:48 - 0029298 ____A C:\Windows\System32\TZLog.log
2011-12-14 00:01 - 2011-12-14 00:01 - 0000000 __HDC C:\Windows\$NtUninstallKB2633171$
2011-12-14 00:01 - 2011-12-14 00:01 - 0000000 __HDC C:\Windows\$NtUninstallKB2620712$
2011-12-14 00:01 - 2011-12-14 00:01 - 0000000 __HDC C:\Windows\$NtUninstallKB2619339$
2011-12-14 00:01 - 2011-12-14 00:01 - 0000000 __HDC C:\Windows\$NtUninstallKB2618451$
2011-12-14 00:01 - 2005-01-07 18:34 - 0000000 ___HD C:\Windows\$hf_mig$
2011-12-10 19:07 - 2011-12-10 19:07 - 0000000 ____D C:\Documents and Settings\Maria!!\Application Data\Macromedia
2011-12-10 19:07 - 2011-10-28 14:40 - 0000000 ____D C:\Documents and Settings\Maria!!\Application Data\Adobe
2011-12-10 19:06 - 2011-12-10 19:06 - 0000000 ____D C:\Documents and Settings\Maria!!\Local Settings\Application Data\Yahoo
2011-12-10 19:05 - 2011-12-10 19:05 - 0000000 ____D C:\Documents and Settings\Maria!!\Application Data\Yahoo!
2011-12-10 16:24 - 2012-01-01 23:54 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-09 12:43 - 2000-01-09 00:01 - 0052504 ____A C:\Documents and Settings\Show User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2011-12-06 10:50 - 2011-01-08 19:50 - 0000000 ___RD C:\Documents and Settings\Mom\My Documents\My Pictures
2011-11-29 18:24 - 2011-09-19 19:56 - 0000000 ____D C:\Documents and Settings\All Users\Documents\TT Math 7
2011-11-23 08:25 - 2009-08-14 08:21 - 1859584 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
2011-11-23 08:25 - 2005-01-07 13:03 - 1859584 ____N (Microsoft Corporation) C:\Windows\System32\_000106_.tmp.dll
2011-11-16 16:42 - 2011-01-08 19:47 - 0000000 ___RD C:\Documents and Settings\Jessica\My Documents
2011-11-12 09:30 - 2011-11-12 09:30 - 0000000 __HDC C:\Windows\$NtUninstallKB2641690$
2011-11-10 04:08 - 2011-11-10 04:08 - 0000000 __HDC C:\Windows\$NtUninstallKB2544893-v2$
2011-11-06 14:01 - 2010-12-31 13:58 - 0000000 ___RD C:\Documents and Settings\Show User\My Documents\My Pictures
2011-11-04 10:16 - 2009-10-29 14:08 - 3616256 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2011-11-04 10:16 - 2005-01-07 13:03 - 3616256 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys
[2010-01-04 20:48] - [2004-08-04 07:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b


==================== Restore Points (XP) =====================

RP: -> 2012-01-06 15:06 - 032768 _restore{F962517D-1FFA-44F6-9BAC-05867459463C}\RP9

RP: -> 2012-01-06 14:32 - 032768 _restore{F962517D-1FFA-44F6-9BAC-05867459463C}\RP8

RP: -> 2012-01-06 14:28 - 032768 _restore{F962517D-1FFA-44F6-9BAC-05867459463C}\RP7

RP: -> 2012-01-06 14:22 - 032768 _restore{F962517D-1FFA-44F6-9BAC-05867459463C}\RP6

RP: -> 2012-01-05 17:19 - 032768 _restore{F962517D-1FFA-44F6-9BAC-05867459463C}\RP5

RP: -> 2012-01-04 13:42 - 032768 _restore{F962517D-1FFA-44F6-9BAC-05867459463C}\RP4

RP: -> 2012-01-02 14:33 - 032768 _restore{F962517D-1FFA-44F6-9BAC-05867459463C}\RP2

RP: -> 2012-01-01 22:36 - 032768 _restore{F962517D-1FFA-44F6-9BAC-05867459463C}\RP1


========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 1006.86 MB
Available physical RAM: 812.93 MB
Total Pagefile: 894.38 MB
Available Pagefile: 833.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.18 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (SQ003594) (Fixed) (Total:55.88 GB) (Free:41.93 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: (UDISK 2.0) (Removable) (Total:0.48 GB) (Free:0.2 GB) FAT
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 56 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 56 GB 32 KB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SQ003594 NTFS Partition 56 GB Healthy
  • 0

#118
Essexboy
Posted 30 January 2012 - 05:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
First off we will use FRST to see if we can get a usable recovery point

Download the attached fixlist.txt file and save to the same USB where FRST is saved

Then from Reatogo desktop Run FRST
Posted Image
When FRST is running press the Fix button
Wait until it has completed
Then retry normal windows mode
  • 0

#119
jaydog11
Posted 30 January 2012 - 08:30 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
This allowed me start in normal mode! Thanks!
I don't get the limited connectivity errors anymore and under network connections it says connected but I still can't get on the internet.

What should we do next?
  • 0

#120
Essexboy
Posted 31 January 2012 - 01:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Breath a big sigh of relief :lol: and then run a fresh OTL scan so that I can take a look see

I will give the full instructions for OTL but you will only get one log this time. Also how is it behaving now we are in normal mode ?

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP