[smokefill]

This has been going on for over 4 days now. Everything I have tried isn't working. I got a hold of one of those fake virus scans when a family member was using my laptop fell for the con. I asked them if they clicked on anything and they said yes. Ugh...
Tried various spyware/malware programs to no avail.
Stopzilla, superantispyware, malwarebytes, All have been uninstalled with the exception of pc tools spyware doctor which I paid for and does nothing.
When I log into Foxfire, I can click on a few bookmarks that are unaffected. When I click on a google or yahoo link the browser instantly crashes. (I am using Google Chrome to post this). If it doesn't crash, it instantly starts to redirect using multiple urls including cloudcellurl.com, IP addresses that go by too quickly to catch.
I have gone through the process reccomended in the google redirct tutorial using all the apps to no avail.
This is a nasty maddening situation for me.
Please help if you can. I will wait a few days for a reply.


OTL logfile created on: 3/6/2011 12:20:09 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Joan\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.71 Gb Total Space | 207.12 Gb Free Space | 71.74% Space Free | Partition Type: NTFS
Drive D: | 262.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOAN-PC | User Name: Joan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/06 12:00:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joan\Downloads\OTL.exe
PRC - [2011/03/05 12:04:15 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Joan\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\FGuard.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/20 09:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/21 09:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/21 09:29:20 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/17 10:48:46 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/08/17 10:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/11 16:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/11 16:09:38 | 001,324,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
PRC - [2009/08/10 19:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/06 17:05:18 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009/08/06 17:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009/08/05 14:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/08/03 17:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 17:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/29 23:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/29 23:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 14:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 15:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/11/27 17:13:44 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe


========== Modules (SafeList) ==========

MOD - [2011/03/06 12:00:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joan\Downloads\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/04/13 02:00:32 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/09 14:56:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/08/21 09:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/17 10:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/11 16:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/10 19:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/06 17:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/08/03 17:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/29 23:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/05/22 10:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (SASKUTIL)
DRV - File not found [Kernel | Unknown | Running] -- -- (SASDIFSV)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/12/31 09:36:40 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/12/31 09:36:38 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/31 09:36:36 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009/08/13 08:18:22 | 000,372,736 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2009/07/30 16:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 12:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 15:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 15:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 15:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 14:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 14:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/07 08:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/19 19:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/05/05 00:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2008/05/16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007/04/03 12:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300

FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\Firefox\ [2011/03/05 11:18:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/05 08:01:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 08:01:43 | 000,000,000 | ---D | M]

[2010/01/16 09:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joan\AppData\Roaming\Mozilla\Extensions
[2011/03/05 11:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\w6pd2mvy.default\extensions
[2011/03/04 18:06:41 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\w6pd2mvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/29 16:46:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\w6pd2mvy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/16 16:30:08 | 000,002,425 | ---- | M] () -- C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\w6pd2mvy.default\searchplugins\askcom.xml
[2010/05/22 17:12:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/05 11:18:18 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\SPYWARE DOCTOR\BDT\FIREFOX

O1 HOSTS File: ([2011/03/06 11:40:20 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - Startup: C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/06 11:47:57 | 000,000,000 | ---D | C] -- C:\Users\Joan\Desktop\GooredFix Backups
[2011/03/06 11:40:18 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/03/05 17:28:19 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\Malwarebytes
[2011/03/05 17:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/05 14:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/03/05 14:28:58 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\windows\System32\SAVRKBootTasks.sys
[2011/03/05 13:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/03/05 13:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/03/05 12:08:01 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/05 11:44:49 | 000,069,392 | --S- | C] (PC Tools) -- C:\windows\System32\drivers\TfSysMon.sys
[2011/03/05 11:44:49 | 000,051,984 | --S- | C] (PC Tools) -- C:\windows\System32\drivers\TfFsMon.sys
[2011/03/05 11:44:49 | 000,033,552 | --S- | C] (PC Tools) -- C:\windows\System32\drivers\TfNetMon.sys
[2011/03/05 11:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/03/05 11:01:37 | 000,656,320 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\pctEFA.sys
[2011/03/05 11:01:37 | 000,338,880 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\pctDS.sys
[2011/03/04 20:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2011/03/03 18:21:29 | 000,149,456 | ---- | C] (PC Tools) -- C:\windows\SGDetectionTool.dll0316.old
[2011/03/03 18:21:29 | 000,149,456 | ---- | C] (PC Tools) -- C:\windows\SGDetectionTool.dll
[2011/03/03 18:21:27 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDCore.dll0316.old
[2011/03/03 18:21:27 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDCore.dll
[2011/03/03 18:21:27 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDRes.dll
[2011/03/03 18:13:57 | 000,251,560 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\pctgntdi.sys
[2011/03/03 18:13:57 | 000,103,232 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\pctwfpfilter.sys
[2011/03/03 18:13:50 | 000,239,168 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\PCTCore.sys
[2011/03/03 18:13:50 | 000,160,448 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\PCTAppEvent.sys
[2011/03/03 18:13:37 | 000,070,536 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\pctplsg.sys
[2011/03/03 18:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/03/02 19:23:13 | 000,000,000 | ---D | C] -- C:\windows\Prefetch
[2011/03/02 18:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XoftSpySE
[2011/03/02 18:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/03/02 18:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/03/02 18:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2011/03/02 18:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XoftSpySE
[2011/03/02 18:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\XoftSpySE6
[2011/03/02 10:45:38 | 001,374,808 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joan\Desktop\TDSSKiller.exe
[2011/03/01 16:18:50 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Local\Threat Expert
[2011/03/01 13:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/03/01 13:47:57 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\PC Tools
[2011/03/01 13:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/03/01 13:46:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/01 13:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/02/28 19:32:08 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Local\Conduit
[2011/02/28 19:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zamaan's Software
[2011/02/28 19:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Zamaan's Software
[2011/02/27 17:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/02/27 17:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/02/27 17:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/02/27 16:07:52 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\Template
[2011/02/27 15:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Intelore
[2011/02/27 15:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\eEgLlPc08200
[2011/02/14 19:11:37 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\PeerNetworking
[2011/02/13 14:38:35 | 000,000,000 | ---D | C] -- C:\New folder
[2010/04/05 19:38:09 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe973A.dll
[4 C:\Users\Joan\Documents\*.tmp files -> C:\Users\Joan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/06 12:09:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1889965861-2246598926-1514706409-1001UA.job
[2011/03/06 12:09:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1889965861-2246598926-1514706409-1001Core.job
[2011/03/06 12:01:19 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/06 12:01:19 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/06 11:53:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/03/06 11:53:51 | 2211,577,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/06 11:49:08 | 001,374,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joan\Desktop\TDSSKiller.exe
[2011/03/06 11:40:20 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/03/06 10:22:32 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/03/06 10:22:25 | 000,627,082 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/03/06 10:22:25 | 000,107,366 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/03/05 12:08:10 | 000,002,322 | ---- | M] () -- C:\Users\Joan\Desktop\Google Chrome.lnk
[2011/03/05 11:18:01 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/03/05 11:02:47 | 001,084,840 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB
[2011/03/05 10:52:14 | 000,512,992 | ---- | M] () -- C:\Users\Joan\Desktop\sdsetup.exe
[2011/03/04 17:50:56 | 000,006,355 | ---- | M] () -- C:\billing_368883175_4d7196e04bc51.pdf
[2011/03/02 19:13:23 | 000,009,562 | -HS- | M] () -- C:\Users\Joan\AppData\Local\669060650
[2011/03/02 19:13:23 | 000,009,562 | -HS- | M] () -- C:\ProgramData\669060650
[2011/02/27 16:07:50 | 000,000,000 | ---- | M] () -- C:\Users\Joan\AppData\Roaming\wklnhst.dat
[2011/02/27 15:08:57 | 000,000,167 | ---- | M] () -- C:\Users\Joan\Desktop\Buy Word Password Recovery Now!.url
[2011/02/14 19:11:38 | 000,008,416 | ---- | M] () -- C:\Users\Joan\AppData\Roaming\UserTile.png
[2011/02/12 08:15:08 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/02/11 08:15:01 | 000,001,118 | ---- | M] () -- C:\Users\Joan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/02/10 20:18:11 | 000,386,952 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/02/06 14:43:44 | 000,063,921 | ---- | M] () -- C:\7-31-01.prn
[4 C:\Users\Joan\Documents\*.tmp files -> C:\Users\Joan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/05 12:08:10 | 000,002,322 | ---- | C] () -- C:\Users\Joan\Desktop\Google Chrome.lnk
[2011/03/05 12:04:37 | 000,000,904 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1889965861-2246598926-1514706409-1001UA.job
[2011/03/05 12:04:29 | 000,000,852 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1889965861-2246598926-1514706409-1001Core.job
[2011/03/05 11:18:01 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/03/05 10:53:18 | 000,512,992 | ---- | C] () -- C:\Users\Joan\Desktop\sdsetup.exe
[2011/03/04 17:50:56 | 000,006,355 | ---- | C] () -- C:\billing_368883175_4d7196e04bc51.pdf
[2011/03/03 18:21:30 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll0316.old
[2011/03/03 18:21:30 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll
[2011/03/03 18:21:29 | 000,002,125 | ---- | C] () -- C:\windows\UDB.zip
[2011/03/03 18:21:29 | 000,000,882 | ---- | C] () -- C:\windows\RegSDImport.xml
[2011/03/03 18:21:29 | 000,000,879 | ---- | C] () -- C:\windows\RegISSImport.xml
[2011/03/03 18:21:29 | 000,000,131 | ---- | C] () -- C:\windows\IDB.zip
[2011/03/03 18:13:57 | 000,007,387 | ---- | C] () -- C:\windows\System32\drivers\pctgntdi.cat
[2011/03/03 18:13:37 | 000,007,383 | ---- | C] () -- C:\windows\System32\drivers\pctplsg.cat
[2011/03/02 19:22:03 | 001,084,840 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB
[2011/03/02 18:39:52 | 000,009,562 | -HS- | C] () -- C:\Users\Joan\AppData\Local\669060650
[2011/03/02 18:39:52 | 000,009,562 | -HS- | C] () -- C:\ProgramData\669060650
[2011/02/27 16:07:50 | 000,000,000 | ---- | C] () -- C:\Users\Joan\AppData\Roaming\wklnhst.dat
[2011/02/27 15:08:57 | 000,000,167 | ---- | C] () -- C:\Users\Joan\Desktop\Buy Word Password Recovery Now!.url
[2011/02/14 19:11:38 | 000,008,416 | ---- | C] () -- C:\Users\Joan\AppData\Roaming\UserTile.png
[2011/02/12 08:14:25 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/02/12 08:14:25 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/02/06 14:43:42 | 000,063,921 | ---- | C] () -- C:\7-31-01.prn
[2010/07/05 18:31:03 | 000,000,117 | ---- | C] () -- C:\ProgramData\xlink.sys
[2010/07/05 18:11:04 | 000,000,000 | ---- | C] () -- C:\windows\System32\ntUsrrP_1_0.dll
[2010/05/02 13:06:25 | 000,000,000 | ---- | C] () -- C:\windows\ToDisc.INI
[2010/04/10 17:25:24 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010/01/09 17:24:34 | 000,000,036 | -H-- | C] () -- C:\windows\System32\f9t.dat
[2009/12/28 18:09:53 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/12/27 15:40:31 | 000,044,544 | ---- | C] () -- C:\windows\System32\GIF89.DLL
[2009/12/27 15:40:28 | 000,484,352 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2009/12/27 12:17:53 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2009/12/14 23:47:30 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/12/14 23:10:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/12/14 23:09:36 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2009/12/14 23:09:36 | 000,000,176 | ---- | C] () -- C:\windows\System32\drivers\RTHDAEQ0.dat
[2009/12/14 23:01:11 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/09/01 21:22:18 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 20:33:53 | 000,386,952 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,627,082 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,107,366 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/12/27 14:31:50 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\AnvSoft
[2010/02/28 20:57:43 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\CasinoOnNet
[2010/04/28 19:08:37 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\CocoonSoftware
[2010/05/29 11:52:57 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Facebook
[2010/12/28 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\FileZilla
[2011/03/02 19:21:53 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\FreeVideoConverter
[2011/02/08 23:18:55 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\FrostWire
[2010/11/26 10:58:40 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\MotionDSP
[2011/02/14 19:11:37 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\PeerNetworking
[2010/01/09 17:27:16 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Stamps.com Internet Postage
[2011/02/27 16:07:52 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Template
[2009/12/27 12:59:23 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\TOSHIBA
[2009/12/27 12:17:31 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\WinBatch
[2011/03/06 09:13:20 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

[Advertisements]

Copy the text in the code box by highlighting and Ctrl + c

:Services
SASKUTIL
SASDIFSV

:OTL
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2011/03/02 19:13:23 | 000,009,562 | -HS- | M] () -- C:\Users\Joan\AppData\Local\669060650
[2011/03/02 19:13:23 | 000,009,562 | -HS- | M] () -- C:\ProgramData\669060650
     
:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron

[RKinner]

Copy the text in the code box by highlighting and Ctrl + c

:Services
SASKUTIL
SASDIFSV

:OTL
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2011/03/02 19:13:23 | 000,009,562 | -HS- | M] () -- C:\Users\Joan\AppData\Local\669060650
[2011/03/02 19:13:23 | 000,009,562 | -HS- | M] () -- C:\ProgramData\669060650
     
:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron

[smokefill]

I'm sorry for not posting sooner - haven't had any luck with getting past posting the text in OTL and it hangs. No reboot, just freezes.
I am afraid to move on because this step seems critical.

[RKinner]

Try attaching the logs that won't post. Sometimes if a log is too big the forum software will hang instead of telling you it is too big.

[smokefill]

It freezes before it can post a log(s). Working a busy trade show today/weekend, will try and mess with it Monday

[RKinner]

Try running in Safe Mode.

Reboot. When you see the PC Maker's logo, hear the beep or it mentions F8, start slowly tapping F8. Keep tapping until you see the menu then select Safe Mode with Networking. Log in as usual. See if it still freezes.

Ron