Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Recovery residue.


  • This topic is locked This topic is locked
52 replies to this topic

#1 dabarabe

dabarabe

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 10 June 2011 - 09:28 AM

Hi,

I have some residual issues after removing the Windows-XP-Recovery trojan horse from my computer last week. I used the methods on this website to remove that issue and for the most part they seem to have worked as all of the issues that came with that virus are gone with one exception. One of the things that malware does is hide all of your programs and files so you can't access them from the start menu. I ran the "unhide" program as recommended, and it unhid the folders, but not the subfolders. That is, I have a folder for Microsoft Office under "all programs", but when I go to that folder it says "empty." This appears to be the case with all the folders. The programs are definitely still there as I can open XL files and work with them. I have run "unhide" a second time, and it didn't seem to change anything.

Another issue that popped up immediately after removing the Windows-XP-recovery malware is more serious. I get a pop-up window called "Auto-protect results," that says "Auto-protect has acted on the following risks.:"
In the window, the risk is listed as "Bloodhound.MalPE" and it is "quarantined." Unfortunately, I get one of these approximately every 15 seconds so the computer is cranking away and the fan is running constantly. Here is an example:

Risk: Bloodhound.MalPE,
Action: quarantined,
Filename: APQ87E6.tmp
Risk Type: Heuristics
Original Location:C:\Documents and settings\all users\application data\symantec\symantec antivirus corporate edition\7.5 APTemp
user: system
status: infected
current location" quarantined
etc.

This begins as soon as I log on and doesn't stop until I shut down.

Also, I tried to run the gmer log, but it scanned for hours and never finished. eventually, the screen went dark and I had to hard shut-down.

Thank you in advance for your help.


.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jim Barabe at 11:22:51 on 2011-06-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.268 [GMT -4:00]
.
AV: ESET NOD32 antivirus system 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\Jim Barabe\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jim Barabe\Desktop\unhide.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jim Barabe\My Documents\Downloads\Defogger.exe
c:\program files\real\realplayer\RealPlay.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: TwcToolbarBhoApp Class: {aa1f9ddb-e605-4ba6-81d4-e427dee012ad} - c:\windows\system32\TwcToolbarBho.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: BrowseFlow: {1f229476-80dd-450a-8fca-fb14bc0901b1} - c:\program files\browseflow\history window\BrowseHistoryBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [HeypPtdMGKlWj] c:\documents and settings\all users\application data\HeypPtdMGKlWj.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [CrossMenu] c:\program files\toshiba\crossmenu\CrossMenu.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TFNF5] TFNF5.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TRot.exe] c:\program files\toshiba\toshiba rotation utility\TRot.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [TAcelMgr] c:\program files\toshiba\acceleration utilities\tacelmgr\TAcelMgr.exe
mRun: [TSkrMain] c:\program files\toshiba\acceleration utilities\shaker\TSkrMain.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [TPSMain] TPSMain.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run
mRun: [TOSDCR] TOSDCR.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [dlcjmon.exe] "c:\program files\dell photo aio printer 964\dlcjmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 964\memcard.exe"
mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jimbar~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\jim barabe\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\jimbar~1\startm~1\programs\startup\hc_tray.lnk - c:\program files\dogfight games\hcsystray\hc_tray.exe
StartupFolder: c:\docume~1\jimbar~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173620649109
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{13373ED1-D62E-47EA-8CAC-10C1DF3F63CF} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: psfus - psqlpwd.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
Notify: TSigNP - TSigNP.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jim barabe\application data\mozilla\firefox\profiles\82zldlfi.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&apn_uid=9E004637-6FF4-4B34-AC32-ED71E4C0C8FD&apn_ptnrs=OE&apn_sauid=6F34B896-F965-4628-9B57-91A41C344C67&apn_dtid=VIN003YYUS&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\jim barabe\application data\mozilla\firefox\profiles\82zldlfi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\jim barabe\application data\mozilla\firefox\profiles\82zldlfi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\jim barabe\application data\mozilla\firefox\profiles\82zldlfi.default\extensions\toolbar@ask.com\chrome\content\AudioService.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jim barabe\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\documents and settings\jim barabe\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-28 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-5-12 6144]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-6-13 15424]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-12 5888]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2007-6-13 552064]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2006-5-12 126976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-3 105592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-6-10 35968]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110603.002\naveng.sys [2011-6-3 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110603.002\navex15.sys [2011-6-3 1542392]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2006-5-12 8832]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2006-5-31 641152]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-5-12 14208]
S2 Ca50xav;Icatch(V) Video Camera Device;c:\windows\system32\drivers\ca50xav.sys [2009-1-12 515803]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-14 133104]
S2 gupdate1ca7cd4256070ce;Google Update Service (gupdate1ca7cd4256070ce);c:\program files\google\update\GoogleUpdate.exe [2009-12-14 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-14 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
.
=============== Created Last 30 ================
.
2011-06-03 16:02:28 -------- d-sh--w- C:\found.000
2011-06-02 14:59:57 -------- d-----w- c:\program files\iPod
2011-06-02 14:36:32 -------- d-----w- c:\program files\Bonjour
2011-06-02 13:54:14 -------- d-----w- c:\windows\system32\Adobe
2011-06-01 22:35:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-01 22:35:10 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-06-01 22:27:52 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-06-01 22:27:52 715736 ----a-w- c:\program files\mozilla firefox\mozcrt19.dll
2011-06-01 22:27:52 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-06-01 22:27:52 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-06-01 22:27:51 924632 ----a-w- c:\program files\mozilla firefox\firefox.exe
2011-06-01 22:27:51 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-06-01 22:27:51 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-06-01 22:27:51 269272 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2011-06-01 22:27:51 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-06-01 22:27:51 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2011-06-01 22:27:51 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-06-01 22:27:51 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2011-06-01 22:07:28 -------- d-----w- c:\documents and settings\jim barabe\local settings\application data\Secunia PSI
2011-06-01 22:07:09 -------- d-----w- c:\program files\Secunia
2011-05-31 13:17:30 -------- d-----w- c:\documents and settings\jim barabe\application data\Malwarebytes
2011-05-31 13:16:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-31 13:16:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-31 13:16:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-31 13:16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-28 12:50:01 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-05-28 12:49:36 -------- d-----w- c:\program files\common files\xing shared
2011-05-28 12:49:21 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-05-28 12:49:12 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-05-17 21:16:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-01-15 13:29:15 7518240 ----a-w- c:\program files\Firefox Setup 3.0.5.exe
2007-04-11 14:14:17 6006832 ----a-w- c:\program files\Firefox Setup 2.0.0.3.exe
2006-11-11 14:31:17 14879120 ----a-w- c:\program files\GoogleEarthWin.exe
2004-08-18 14:35:46 4806997 ----a-w- c:\program files\shockwave_installer.exe
.
============= FINISH: 11:24:00.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:49 AM

Posted 10 June 2011 - 02:26 PM

Good evening. :)

The first thing you need to do is to pick one anti-virus program and uninstall it. According to the DDS log you have both ESET NOD32 antivirus system 2.70 and Symantec AntiVirus Corporate Edition running in real time and this is a no-no. Two or more AVs running this way can cause conflictions giving less, not more, protection.

Once you've removed whichever one is your least favourite and rebooted the system, please post a fresh DDS log, you can ignore Attach.txt, and we'll take it from their.

So long, and thanks for all the fish.

 

 


#3 dabarabe

dabarabe
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 11 June 2011 - 09:18 AM

Novicitae,

Thanks for your help.

I tried to uninstall Symantec, but I am not sure that it worked. The computer sort of froze in mid uninstall, but it no longer appears in the list of programs to add/remove under control panel, and as I said, I can't access anything in a subfolder from the start menu. I will say that Symantec live-update is still in the control panel file. In fact, there are about 30 files (apps and extensions mostly) in the live-update folder. Nary a trace of the actual anti-virus program as far as I can tell.

new DDS below.

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jim Barabe at 10:03:53 on 2011-06-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.274 [GMT -4:00]
.
AV: ESET NOD32 antivirus system 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Documents and Settings\Jim Barabe\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: TwcToolbarBhoApp Class: {aa1f9ddb-e605-4ba6-81d4-e427dee012ad} - c:\windows\system32\TwcToolbarBho.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: BrowseFlow: {1f229476-80dd-450a-8fca-fb14bc0901b1} - c:\program files\browseflow\history window\BrowseHistoryBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [HeypPtdMGKlWj] c:\documents and settings\all users\application data\HeypPtdMGKlWj.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [CrossMenu] c:\program files\toshiba\crossmenu\CrossMenu.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TFNF5] TFNF5.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TRot.exe] c:\program files\toshiba\toshiba rotation utility\TRot.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [TAcelMgr] c:\program files\toshiba\acceleration utilities\tacelmgr\TAcelMgr.exe
mRun: [TSkrMain] c:\program files\toshiba\acceleration utilities\shaker\TSkrMain.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [TPSMain] TPSMain.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run
mRun: [TOSDCR] TOSDCR.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [dlcjmon.exe] "c:\program files\dell photo aio printer 964\dlcjmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 964\memcard.exe"
mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jimbar~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\jim barabe\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\jimbar~1\startm~1\programs\startup\hc_tray.lnk - c:\program files\dogfight games\hcsystray\hc_tray.exe
StartupFolder: c:\docume~1\jimbar~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173620649109
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{13373ED1-D62E-47EA-8CAC-10C1DF3F63CF} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: psfus - psqlpwd.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
Notify: TSigNP - TSigNP.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jim barabe\application data\mozilla\firefox\profiles\82zldlfi.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&apn_uid=9E004637-6FF4-4B34-AC32-ED71E4C0C8FD&apn_ptnrs=OE&apn_sauid=6F34B896-F965-4628-9B57-91A41C344C67&apn_dtid=VIN003YYUS&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\jim barabe\application data\mozilla\firefox\profiles\82zldlfi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\jim barabe\application data\mozilla\firefox\profiles\82zldlfi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\jim barabe\application data\mozilla\firefox\profiles\82zldlfi.default\extensions\toolbar@ask.com\chrome\content\AudioService.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jim barabe\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\documents and settings\jim barabe\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-28 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-5-12 6144]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-6-13 15424]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-12 5888]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2007-6-13 552064]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2006-5-12 126976]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-6-10 35968]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2006-5-12 8832]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2006-5-31 641152]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-5-12 14208]
S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
S2 Ca50xav;Icatch(V) Video Camera Device;c:\windows\system32\drivers\ca50xav.sys [2009-1-12 515803]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-14 133104]
S2 gupdate1ca7cd4256070ce;Google Update Service (gupdate1ca7cd4256070ce);c:\program files\google\update\GoogleUpdate.exe [2009-12-14 133104]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-3 105592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-14 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110610.002\naveng.sys [2011-6-11 86008]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110610.002\navex15.sys [2011-6-11 1542392]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
.
=============== Created Last 30 ================
.
2011-06-03 16:02:28 -------- d-sh--w- C:\found.000
2011-06-02 14:59:57 -------- d-----w- c:\program files\iPod
2011-06-02 14:36:32 -------- d-----w- c:\program files\Bonjour
2011-06-02 13:54:14 -------- d-----w- c:\windows\system32\Adobe
2011-06-01 22:35:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-01 22:35:10 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-06-01 22:27:52 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-06-01 22:27:52 715736 ----a-w- c:\program files\mozilla firefox\mozcrt19.dll
2011-06-01 22:27:52 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-06-01 22:27:52 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-06-01 22:27:51 924632 ----a-w- c:\program files\mozilla firefox\firefox.exe
2011-06-01 22:27:51 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-06-01 22:27:51 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-06-01 22:27:51 269272 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2011-06-01 22:27:51 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-06-01 22:27:51 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2011-06-01 22:27:51 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-06-01 22:27:51 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2011-06-01 22:07:28 -------- d-----w- c:\documents and settings\jim barabe\local settings\application data\Secunia PSI
2011-06-01 22:07:09 -------- d-----w- c:\program files\Secunia
2011-05-31 13:17:30 -------- d-----w- c:\documents and settings\jim barabe\application data\Malwarebytes
2011-05-31 13:16:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-31 13:16:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-31 13:16:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-31 13:16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-28 12:50:01 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-05-28 12:49:36 -------- d-----w- c:\program files\common files\xing shared
2011-05-28 12:49:21 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-05-28 12:49:12 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-05-17 21:16:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-01-15 13:29:15 7518240 ----a-w- c:\program files\Firefox Setup 3.0.5.exe
2007-04-11 14:14:17 6006832 ----a-w- c:\program files\Firefox Setup 2.0.0.3.exe
2006-11-11 14:31:17 14879120 ----a-w- c:\program files\GoogleEarthWin.exe
2004-08-18 14:35:46 4806997 ----a-w- c:\program files\shockwave_installer.exe
.
============= FINISH: 10:06:08.06 ===============

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:49 AM

Posted 12 June 2011 - 02:05 PM

Good evening. :)

Some anti-virus programs can be notoriously difficult to get rid off, sadly!

Download AppRemover by OPSWAT from here and save it to your Desktop.

Follow the instructions here and let the tool take the strain - 2. How to Use AppRemover to Clean Up a Failed Uninstall.

Let me know how you get on.

So long, and thanks for all the fish.

 

 


#5 dabarabe

dabarabe
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 13 June 2011 - 10:18 AM

Not so good.

AppRemover only lists one application; ESET NOD 32 (at 90%). This is the software I had intended to continue to use. There is no mention or trace of Symantec. Now I have several concerns.
I am concerned that if I delete NOD 32, I will be left with nothing.
I am concerned that NOD 32 is not fully installed/operational (hence the 90%)
I am concerned that there is still some portion of the Symantec thing running that I can't find. Again, there are a lot of associated files still in hte folder.

The good news is that I am no longer getting those Bloodhound.MalPE mesages.

Any idea where I stand with this stuff? Do I have any antivirus software running?

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:49 AM

Posted 13 June 2011 - 01:30 PM

Good evening. :)

If you are uncertain as to whether NOD32 is fully functional or not, I suggest you download the installing file for it, uninstall your existing program, reboot and then reinstall - that should reassure you that all is well.

Norton doesn't always remove itself properly, so if AppRemover doesn't sort it we'll just have to do it manually.

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#7 dabarabe

dabarabe
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 14 June 2011 - 11:32 AM

Ok,

Here's the OTL

OTL logfile created on: 6/14/2011 12:26:40 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Jim Barabe\My Documents\Downloads
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.17 Mb Total Physical Memory | 283.49 Mb Available Physical Memory | 27.93% Memory free
2.39 Gb Paging File | 1.46 Gb Available in Paging File | 61.19% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 84.54 Gb Total Space | 24.44 Gb Free Space | 28.91% Space Free | Partition Type: NTFS

Computer Name: PUPPY | User Name: Jim Barabe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/14 12:21:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim Barabe\My Documents\Downloads\OTL.scr
PRC - [2011/05/28 08:49:06 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Jim Barabe\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 02:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/04/14 12:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
PRC - [2010/06/04 08:10:36 | 000,822,384 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009/02/03 09:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/27 21:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/05/17 15:02:04 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/05/11 20:23:22 | 000,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2006/05/05 20:39:54 | 000,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2006/04/28 00:00:48 | 000,344,144 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
PRC - [2006/04/26 17:39:42 | 000,258,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2006/04/24 22:54:14 | 000,110,592 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
PRC - [2006/04/24 22:54:12 | 000,315,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2006/04/24 22:54:04 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2006/04/12 19:25:22 | 000,798,720 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
PRC - [2006/04/10 21:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/02/22 20:41:00 | 000,086,016 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
PRC - [2005/12/14 15:00:32 | 000,126,976 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.exe
PRC - [2005/12/05 15:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/29 19:37:22 | 000,266,240 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe
PRC - [2005/11/28 14:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 14:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/17 18:44:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
PRC - [2005/11/02 19:41:04 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005/10/11 17:59:58 | 000,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2005/10/06 08:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/10 09:12:14 | 000,286,720 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
PRC - [2005/07/21 21:38:24 | 000,901,120 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFXFER.exe
PRC - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2005/07/12 16:33:02 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcjcoms.exe
PRC - [2005/06/28 23:43:00 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe
PRC - [2005/05/23 19:21:36 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/05/17 14:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe
PRC - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 03:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/12/16 14:56:52 | 000,090,112 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
PRC - [2004/10/20 09:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 16:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/18 06:37:44 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2004/06/30 19:29:34 | 000,049,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe
PRC - [2004/02/24 18:57:32 | 000,077,824 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMETEMnu.exe


========== Modules (SafeList) ==========

MOD - [2011/06/14 12:21:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim Barabe\My Documents\Downloads\OTL.scr
MOD - [2011/05/28 08:49:31 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/29 08:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
MOD - [2008/07/29 08:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
MOD - [2005/10/11 17:59:56 | 000,131,072 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\PrnTrack.dll
MOD - [2005/10/11 17:59:56 | 000,109,568 | ---- | M] (www.madshi.net) -- C:\WINDOWS\system32\MadCHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [Unknown | Stopped] -- -- (idsvc)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EHttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/22 22:08:44 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/08/25 13:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/05/17 15:02:04 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/05/11 20:23:22 | 000,176,128 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/12/14 15:00:32 | 000,126,976 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005/10/11 17:59:58 | 000,294,912 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/07/12 16:33:02 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/20 09:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/06/29 12:29:30 | 000,184,373 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe -- (AOLService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/10 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110610.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/10 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110610.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/13 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2006/09/18 18:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/05/17 15:02:04 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/05/09 20:27:24 | 004,273,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/05 21:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 20:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 20:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2006/04/28 14:29:38 | 000,641,152 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/12/26 17:33:26 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2005/12/05 04:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 13:12:36 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 15:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/15 12:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/06 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 08:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/09 17:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 15:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 15:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 18:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/10 16:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/06/02 06:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/12/28 02:31:50 | 000,016,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2004/11/13 15:24:52 | 000,006,144 | R--- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2004/06/16 14:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/05/08 23:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/19 15:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/21 12:37:16 | 000,515,803 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ca50xav.sys -- (Ca50xav) Icatch(V)
DRV - [2002/09/13 01:48:50 | 000,008,832 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TBtnKey.sys -- (TBtnKey)
DRV - [2002/07/25 12:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk50x.sys -- (USBCamera) Icatch(V)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&apn_uid=9E004637-6FF4-4B34-AC32-ED71E4C0C8FD&apn_ptnrs=OE&apn_sauid=6F34B896-F965-4628-9B57-91A41C344C67&apn_dtid=VIN003YYUS&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/28 08:49:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/02 10:47:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/02 10:47:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/06/14 11:31:59 | 000,000,000 | ---D | M]

[2010/05/14 13:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Extensions
[2010/05/14 13:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/06 10:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Firefox\Profiles\82zldlfi.default\extensions
[2010/06/26 09:13:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Firefox\Profiles\82zldlfi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/14 17:48:46 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Firefox\Profiles\82zldlfi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/06 10:17:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Firefox\Profiles\82zldlfi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/09 17:29:00 | 000,000,000 | ---D | M] ("LimeWire Toolbar") -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Firefox\Profiles\82zldlfi.default\extensions\toolbar@ask.com
[2011/06/14 10:14:02 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Firefox\Profiles\82zldlfi.default\searchplugins\askcom.xml
[2011/06/02 11:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/28 08:49:33 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/04/14 12:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/06/01 18:34:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 04:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 04:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (TwcToolbarBhoApp Class) - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (BrowseFlow) - {1F229476-80DD-450A-8FCA-FB14BC0901B1} - C:\Program Files\BrowseFlow\History Window\BrowseHistoryBHO.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe (PureEdge Solutions Inc.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 964\memcard.exe ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAcelMgr] C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRot.exe] c:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)
O4 - HKLM..\Run: [TSkrMain] C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [HeypPtdMGKlWj] File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Jim Barabe\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Jim Barabe\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Jim Barabe\Start Menu\Programs\Startup\hc_tray.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173620649109 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\TSigNP: DllName - TSigNP.dll - C:\WINDOWS\System32\TSigNP.dll (TOSHIBA)
O24 - Desktop WallPaper: C:\Documents and Settings\Jim Barabe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jim Barabe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/12 14:57:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{08007011-2513-11dc-993a-00038a000015}\Shell\Auto\command - "" = E:\infrom.exe
O33 - MountPoints2\{08007011-2513-11dc-993a-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{08007011-2513-11dc-993a-00038a000015}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
O33 - MountPoints2\{f304a2cc-9e78-11de-9a0b-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{f304a2cc-9e78-11de-9a0b-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f304a2cc-9e78-11de-9a0b-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/14 11:32:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/14 11:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/06/14 11:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/06/14 11:31:15 | 000,109,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/06/14 11:21:06 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Jim Barabe\My Documents\My Safe
[2011/06/13 10:43:37 | 006,443,128 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Jim Barabe\Desktop\AppRemover.exe
[2011/06/10 10:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Yahoo
[2011/06/10 10:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\The Weather Channel
[2011/06/09 11:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim Barabe\Desktop\gmer
[2011/06/09 11:18:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jim Barabe\Start Menu\Programs\Administrative Tools
[2011/06/09 11:17:56 | 000,607,222 | R--- | C] (Swearware) -- C:\Documents and Settings\Jim Barabe\Desktop\dds.scr
[2011/06/03 12:02:28 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/06/03 08:57:32 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Jim Barabe\Desktop\esetsmartinstaller_enu.exe
[2011/06/02 11:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/02 10:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/02 10:46:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/02 10:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/06/02 10:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/02 09:54:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/06/01 19:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/01 18:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim Barabe\Local Settings\Application Data\Secunia PSI
[2011/06/01 18:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/06/01 18:03:40 | 001,739,400 | ---- | C] (Secunia) -- C:\Documents and Settings\Jim Barabe\Desktop\PSISetup.exe
[2011/05/31 09:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim Barabe\Application Data\Malwarebytes
[2011/05/31 09:16:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/31 09:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/31 09:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/31 09:16:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/31 09:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/31 09:13:43 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jim Barabe\Desktop\mbam-setup.exe
[2011/05/31 09:09:46 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim Barabe\Desktop\batbleep.com.exe
[2011/05/30 10:31:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jim Barabe\Recent
[2011/05/28 12:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim Barabe\Start Menu\Programs\Windows XP Recovery
[2011/05/28 08:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/05/28 08:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2009/01/15 09:26:47 | 007,518,240 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.5.exe
[2007/04/11 10:07:02 | 006,006,832 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 2.0.0.3.exe
[2006/11/11 10:31:16 | 014,879,120 | ---- | C] (Macrovision Corporation) -- C:\Program Files\GoogleEarthWin.exe
[2006/05/12 16:27:11 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll
[2006/05/12 16:27:11 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\Thkemrun.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/14 12:10:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/14 12:01:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/14 11:45:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/14 11:45:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/14 11:20:49 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/14 11:20:48 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3095322723-1236337141-2919945432-1005.job
[2011/06/14 11:20:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/14 11:20:44 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/06/14 11:18:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/14 11:18:45 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/14 11:14:27 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3095322723-1236337141-2919945432-1005.job
[2011/06/13 10:44:36 | 006,443,128 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Jim Barabe\Desktop\AppRemover.exe
[2011/06/11 10:05:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/09 11:35:44 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\Desktop\gmer.zip
[2011/06/09 11:18:27 | 000,607,222 | R--- | M] (Swearware) -- C:\Documents and Settings\Jim Barabe\Desktop\dds.scr
[2011/06/09 11:16:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\defogger_reenable
[2011/06/08 20:03:08 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/03 08:57:52 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Jim Barabe\Desktop\esetsmartinstaller_enu.exe
[2011/06/02 11:02:21 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/02 10:46:32 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/01 19:30:20 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/01 19:20:53 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\Start Menu\Programs\Startup\Dropbox.lnk
[2011/06/01 19:20:51 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\Desktop\Dropbox.lnk
[2011/06/01 18:28:08 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/01 18:07:22 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/01 18:03:52 | 001,739,400 | ---- | M] (Secunia) -- C:\Documents and Settings\Jim Barabe\Desktop\PSISetup.exe
[2011/05/31 09:45:26 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\Desktop\unhide.exe
[2011/05/31 09:16:47 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 09:08:14 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim Barabe\Desktop\batbleep.com.exe
[2011/05/31 08:52:14 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jim Barabe\Desktop\mbam-setup.exe
[2011/05/31 08:48:48 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\Desktop\iExplore.exe
[2011/05/28 13:58:22 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\22077220
[2011/05/28 13:51:20 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22077220r
[2011/05/28 13:51:20 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22077220
[2011/05/28 12:55:51 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\Desktop\Windows XP Recovery.lnk
[2011/05/28 08:49:53 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/28 08:49:08 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/09 11:35:50 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Desktop\gmer.zip
[2011/06/09 11:16:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\defogger_reenable
[2011/06/08 11:28:00 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2011/06/02 11:02:21 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/02 10:46:32 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/02 10:06:50 | 000,001,924 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/06/01 19:28:10 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/01 19:28:10 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/01 18:28:07 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/01 18:07:22 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/01 18:07:22 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/05/31 10:11:04 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool 2.0.lnk
[2011/05/31 10:11:04 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/31 10:11:04 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TOSHIBA Assist.lnk
[2011/05/31 10:11:04 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2011/05/31 10:11:04 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/31 10:11:04 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/31 10:11:04 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/31 10:11:04 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/31 10:11:04 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2011/05/31 10:11:04 | 000,000,494 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TOSHIBA Application Installer.lnk
[2011/05/31 10:11:04 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/31 10:11:03 | 000,301,321 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Office 2003 Editions 60 Day Trial.exe
[2011/05/31 10:11:03 | 000,001,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Macromedia Breeze Presenter Sample.lnk
[2011/05/31 10:11:03 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/05/31 10:11:03 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/05/31 10:11:03 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Buy at ToshibaDirect.lnk
[2011/05/31 10:11:03 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/05/31 10:11:03 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/31 09:52:57 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Desktop\unhide.exe
[2011/05/31 09:16:47 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 09:00:20 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Desktop\iExplore.exe
[2011/05/28 12:56:10 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22077220r
[2011/05/28 12:56:09 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22077220
[2011/05/28 12:55:51 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Desktop\Windows XP Recovery.lnk
[2011/05/28 12:55:15 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\22077220
[2010/05/28 11:01:06 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/12/21 21:54:11 | 000,056,756 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/23 09:02:36 | 000,000,104 | ---- | C] () -- C:\Program Files\Internet Explorer (3).lnk
[2009/10/23 09:02:15 | 000,000,745 | ---- | C] () -- C:\Program Files\Absolute Poker (2).lnk
[2009/10/23 09:02:15 | 000,000,104 | ---- | C] () -- C:\Program Files\Internet Explorer (2).lnk
[2009/10/23 09:01:28 | 000,000,745 | ---- | C] () -- C:\Program Files\Absolute Poker
[2009/10/23 09:01:28 | 000,000,104 | ---- | C] () -- C:\Program Files\Internet Explorer
[2009/05/14 14:29:30 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/01/12 12:59:16 | 000,014,381 | ---- | C] () -- C:\WINDOWS\Tw500c.ini
[2009/01/12 12:59:15 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2009/01/12 12:59:15 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2009/01/12 12:59:11 | 000,001,891 | ---- | C] () -- C:\WINDOWS\CA504A.INI
[2009/01/12 12:59:11 | 000,001,885 | ---- | C] () -- C:\WINDOWS\CA500C.INI
[2009/01/09 11:09:03 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/10 10:27:29 | 000,038,532 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft Excel.ADR
[2008/08/19 12:37:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\PureEdgeAPI.ini
[2008/08/19 12:37:13 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MSQOLE.DLL
[2008/03/12 18:40:57 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/10 15:05:32 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2007/08/09 07:47:37 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2007/08/02 18:09:50 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/08/02 17:46:40 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2007/08/02 17:46:40 | 001,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2007/08/02 17:46:40 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2007/08/02 17:46:40 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2007/08/02 17:46:40 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjcoms.exe
[2007/08/02 17:46:40 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2007/08/02 17:46:40 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlcjih.exe
[2007/08/02 17:46:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2007/08/02 17:46:40 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2007/08/02 17:46:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2007/08/02 17:46:39 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2007/08/02 17:46:39 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2007/08/02 17:46:39 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2007/08/02 17:46:39 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.exe
[2007/08/02 17:46:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2007/08/02 17:46:38 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2007/08/02 17:46:38 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2007/08/02 17:46:38 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2007/08/02 17:46:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2007/08/02 17:46:37 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2007/08/02 17:46:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2007/08/02 17:46:37 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2007/07/11 12:23:46 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2007/07/11 12:23:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2007/07/05 12:28:37 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/02 14:39:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/02/07 21:40:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/10/08 09:16:43 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/04 22:37:38 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/02 23:52:18 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\Unwise32.exe
[2006/10/02 23:51:55 | 000,000,570 | ---- | C] () -- C:\WINDOWS\DTOOLS.INI
[2006/09/18 02:39:41 | 004,806,997 | ---- | C] () -- C:\Program Files\shockwave_installer.exe
[2006/09/16 09:59:51 | 000,000,827 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/09/09 10:27:22 | 000,000,024 | -HS- | C] () -- C:\Documents and Settings\Jim Barabe\Local Settings\Application Data\TabletPlanner.tb4
[2006/09/08 13:27:32 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Local Settings\Application Data\fusioncache.dat
[2006/09/08 13:27:32 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\SL48HED7MYECCV62T5QUKAG385
[2006/09/08 13:27:32 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\PT4CJXFHYGGCXPMX73253MC85G
[2006/05/31 14:06:42 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/31 14:06:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/05/17 16:28:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/17 14:05:22 | 000,000,224 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/15 12:15:00 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/05/12 19:21:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/12 18:21:50 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\GBInf.dll
[2006/05/12 17:31:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/12 17:31:28 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/12 17:31:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/12 17:31:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/12 17:31:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/12 17:31:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/12 17:21:11 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/05/12 16:58:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/05/12 16:44:20 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/05/12 16:44:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/05/12 16:44:20 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/05/12 16:44:20 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/05/12 16:39:16 | 000,001,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2006/05/12 16:27:11 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2006/05/12 15:03:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/12 15:00:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/12 14:54:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/12 14:27:24 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/12 14:21:38 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/05/12 14:21:28 | 000,414,318 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/05/12 14:21:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/05/12 14:21:28 | 000,067,370 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/05/12 14:21:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/05/12 14:21:25 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/05/12 14:21:23 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/05/12 14:21:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/05/12 14:21:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/05/12 14:21:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/05/12 14:20:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/05/12 14:20:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/05/12 07:48:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/12 07:47:58 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/30 17:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 17:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 18:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 20:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/05/12 18:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix
[2006/05/12 18:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix GoBinder
[2011/06/14 11:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2007/09/26 21:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2008/08/19 12:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2008/04/07 09:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2007/03/14 10:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/28 22:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/02/15 21:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2010/05/11 14:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/05 22:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/26 09:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/11 17:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\Absolute Poker
[2011/06/14 11:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\Dropbox
[2007/09/26 21:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\FileOpen
[2009/11/04 09:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\GlarySoft
[2006/05/17 15:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\InterVideo
[2007/10/24 09:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\Nikon
[2006/05/12 17:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\Protector Suite
[2008/08/19 12:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\PureEdge
[2009/09/25 15:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\SmartDraw
[2006/05/12 17:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\toshiba
[2007/03/14 10:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\Viewpoint
[2006/12/12 10:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\WildTangent
[2011/06/14 11:20:49 | 000,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/06/14 12:01:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/06/14 11:20:44 | 000,000,474 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



< End of report >

#8 dabarabe

dabarabe
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 14 June 2011 - 11:33 AM

Here's the extras.txt


OTL Extras logfile created on: 6/14/2011 12:26:40 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Jim Barabe\My Documents\Downloads
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.17 Mb Total Physical Memory | 283.49 Mb Available Physical Memory | 27.93% Memory free
2.39 Gb Paging File | 1.46 Gb Available in Paging File | 61.19% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 84.54 Gb Total Space | 24.44 Gb Free Space | 28.91% Space Free | Partition Type: NTFS

Computer Name: PUPPY | User Name: Jim Barabe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"" =

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pharos\bin\PSNotify.exe" = C:\Program Files\Pharos\bin\PSNotify.exe:*:Enabled:Pharos Notify Client -- (Pharos Systems International)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Toshiba\ConfigFree\CFXFER.exe" = C:\Program Files\Toshiba\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- (Yahoo!)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\Jim Barabe\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Jim Barabe\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
"C:\Program Files\Absolute Poker\mainclient.exe" = C:\Program Files\Absolute Poker\mainclient.exe:*:Disabled:Absolute Poker -- (ABSOLUTE POKER)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL -- ()
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\1147476082\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1147476082\EE\AOLServiceHost.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire
"C:\Program Files\Pharos\bin\PSNotify.exe" = C:\Program Files\Pharos\bin\PSNotify.exe:*:Disabled:Pharos Notify Client -- (Pharos Systems International)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Disabled:Rosetta Stone Online Component -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Disabled:Rosetta Stone V3 Application -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00A87405-997C-4B75-9129-0338B08DE177}" = TOSHIBA SD Memory Card Format
"{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect
"{0759CACC-6CF9-4C3C-92C5-39668679AB16}" = Microsoft Ink Desktop
"{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}" = Tablet PC Tutorials for Microsoft Windows XP SP2
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EED99B2-B895-4930-B1FE-F315C4DDF6DA}" = History Window
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{12DA7874-E1A2-4606-ADFC-EBB6C8B1ADBF}" = Darden Media Product Security
"{1759CACC-6CF9-4C3C-92C5-39668679AB17}" = Microsoft Ink Crossword
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C37DA50-F353-4810-9224-ECC1A84D05FB}" = Macromedia Breeze Presenter 5
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1FBEE61B-F90E-4EE3-AE94-FCB8BD6EC443}" = Ink Art
"{20348F6A-38D0-45F6-A103-C6FB2CD5695B}" = FranklinCovey TabletPlanner
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24300A63-DD78-4AA5-A914-4D582C41D33A}" = TOSHIBA TouchPad On/Off Utility V2.05.01
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DE593E0-D44C-4E73-9A02-E59B970265CD}" = TOSHIBA Backup Utility V2.0.1
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{40FFC202-F842-44C7-ACBE-8B0EA690B1A3}" = Microsoft Education Pack for Windows XP Tablet PC Edition
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5E71102C-2CEB-4C8B-99D3-D33B9741EEDA}" = Agilix GoBinder Lite
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8853C080-7F5C-4020-B663-C57FE29BB858}" = Microsoft Snipping Tool 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC}" = MyConnect Special Offer
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A66242A1-9101-425D-9BE5-D19A50E1D0D8}" = ESET NOD32 Antivirus
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC971CEE-1480-479D-81AF-1CB4D10467B0}" = TOSHIBA Tablet Access Code Logon Utility
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7F4B477-8EA3-4028-B458-2AE5E4A9D853}" = TOSHIBA Rotation Utility
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C12EB29D-9D64-4ACA-84C2-33D8729AABD3}" = Microsoft Experience Pack for Tablet PC
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DEF11860-2158-11D7-B0B9-0000E24D4B29}" = Digital Camera
"{E0000600-0600-0600-0600-000000000600}" = ICS Viewer 6.0
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6C2D09F-6C82-48BB-A9D5-6A0478F52BD6}" = Microsoft Media Transfer
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FA7314E7-9428-4866-80A8-762A538444DB}" = Microsoft Energy Blue Theme Pack
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Photo AIO Printer 964" = Dell Photo AIO Printer 964
"Dell_ENA" = 3300 Software Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"Glary Utilities_is1" = Glary Utilities Pro 2.16.0.758
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Hard Disk Recovery Utilities" = Hard Disk Recovery Utilities
"Icatch V" = Icatch(V) Camera Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{3DE593E0-D44C-4E73-9A02-E59B970265CD}" = TOSHIBA Backup Utility V2.0.1
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PALISADEBK11" = Palisade Numerical Tools - Book Version
"Paradise Poker" = Paradise Poker
"Pharos" = Pharos
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PokerStars.net" = PokerStars.net
"Port Magic" = Pure Networks Port Magic
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"SOLVERTABLE" = SolverTable for Excel
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"The Weather Channel Toolbar" = The Weather Channel Toolbar
"TME3" = TOSHIBA Mobile Extension3 for Windows XP V3.82.00.XP
"TOSHIBA Accelerometer Utilities" = TOSHIBA Accelerometer Utilities
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT004725" = SCRABBLE
"WT004829" = Polar Golfer
"WT012815" = Alien Sky
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Music Engine" = Yahoo! Music Engine
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker
"Dropbox" = Dropbox
"SmartDraw 2010" = SmartDraw 2010
"UnityWebPlayer" = Unity Web Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/10/2011 8:54:26 AM | Computer Name = PUPPY | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Bloodhound.MalPE in File: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQF.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 6/10/2011 8:54:26 AM | Computer Name = PUPPY | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Bloodhound.MalPE in File: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ10.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 6/10/2011 8:54:26 AM | Computer Name = PUPPY | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Bloodhound.MalPE in File: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ11.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 6/10/2011 8:54:26 AM | Computer Name = PUPPY | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Bloodhound.MalPE in File: C:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ12.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 6/11/2011 9:11:50 AM | Computer Name = PUPPY | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/11/2011 9:35:27 AM | Computer Name = PUPPY | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb958483,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 6/11/2011 9:44:26 AM | Computer Name = PUPPY | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Bloodhound.MalPE in File: by: Auto-Protect scan.
Action: Quarantine succeeded : Access denied. Action Description: The file was
quarantined successfully.

Error - 6/13/2011 10:13:37 AM | Computer Name = PUPPY | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb958483,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 6/14/2011 9:38:52 AM | Computer Name = PUPPY | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb958483,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 6/14/2011 11:31:10 AM | Computer Name = PUPPY | Source = MsiInstaller | ID = 11704
Description = Product: ESET NOD32 Antivirus -- Error 1704. An installation for Symantec
AntiVirus is currently suspended. You must undo the changes made by that installation
to continue. Do you want to undo those changes?

[ System Events ]
Error - 6/13/2011 10:18:27 AM | Computer Name = PUPPY | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 6/14/2011 9:37:54 AM | Computer Name = PUPPY | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 6/14/2011 9:39:01 AM | Computer Name = PUPPY | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 6/14/2011 11:18:58 AM | Computer Name = PUPPY | Source = SAVRT | ID = 458758
Description = Incompatible version of SYMEVENT.SYS is loaded.

Error - 6/14/2011 11:19:18 AM | Computer Name = PUPPY | Source = Service Control Manager | ID = 7000
Description = The Icatch(V) Video Camera Device service failed to start due to the
following error: %%1058

Error - 6/14/2011 11:19:24 AM | Computer Name = PUPPY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SAVRT SYMTDI

Error - 6/14/2011 11:19:43 AM | Computer Name = PUPPY | Source = SAVRT | ID = 458758
Description = Incompatible version of SYMEVENT.SYS is loaded.

Error - 6/14/2011 11:19:44 AM | Computer Name = PUPPY | Source = Service Control Manager | ID = 7000
Description = The SAVRT service failed to start due to the following error: %%31

Error - 6/14/2011 11:19:48 AM | Computer Name = PUPPY | Source = SAVRT | ID = 458758
Description = Incompatible version of SYMEVENT.SYS is loaded.

Error - 6/14/2011 11:19:48 AM | Computer Name = PUPPY | Source = Service Control Manager | ID = 7000
Description = The SAVRT service failed to start due to the following error: %%31


< End of report >

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:49 AM

Posted 14 June 2011 - 01:52 PM

Good evening. :)

Let's see what we can do to get rid of Symantec then. Run OTL.exe.

  • Copy and paste the following into the Custom Scans/Fixes box at the bottom:

    :OTL
    SRV - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2006/08/25 13:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
    SRV - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


    DRV - [2011/06/10 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110610.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/06/10 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110610.002\NAVENG.SYS -- (NAVENG)
    DRV - [2011/05/13 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2006/09/18 18:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
    DRV - [2006/08/07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2006/08/07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [CFSServ.exe] File not found
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O4 - HKCU..\Run: [HeypPtdMGKlWj] File not found

    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

    O33 - MountPoints2\{08007011-2513-11dc-993a-00038a000015}\Shell\Auto\command - "" = E:\infrom.exe

    :Commands
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]

  • Click the Run Fix button at the top.
  • Let the program run until it has completed.
Please let me have a copy of the log that appears once OTL has completed it's run.

So long, and thanks for all the fish.

 

 


#10 dabarabe

dabarabe
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 15 June 2011 - 07:49 AM

Good morning oh Glorious Anonymous Benefactor. I ran the scan as you suggested. The log file that was generated upon reboot was too large to post, so I have attached it.

Hope that is ok.

J

#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:49 AM

Posted 15 June 2011 - 02:18 PM

Good evening. :)

I can't see the log - are you sure you attached it successfully? You may to zip the log up.

So long, and thanks for all the fish.

 

 


#12 dabarabe

dabarabe
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 15 June 2011 - 03:01 PM

OK,

Let's try this, Novicitae.

J

Attached Files

  • Attached File  OTL.zip   20.21KB   1 downloads


#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:49 AM

Posted 15 June 2011 - 04:25 PM

Will you run OTL again and let it scan as you did originally - you should only get OTL.Txt this time. I'd like you to post the contents in the next reply.

So long, and thanks for all the fish.

 

 


#14 dabarabe

dabarabe
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 16 June 2011 - 05:17 AM

Novicitae,

Here it is:

OTL logfile created on: 6/15/2011 6:33:56 PM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Jim Barabe\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.17 Mb Total Physical Memory | 208.31 Mb Available Physical Memory | 20.52% Memory free
2.39 Gb Paging File | 1.45 Gb Available in Paging File | 60.79% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 84.54 Gb Total Space | 27.05 Gb Free Space | 32.00% Space Free | Partition Type: NTFS

Computer Name: PUPPY | User Name: Jim Barabe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/14 12:21:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim Barabe\desktop\OTL.scr
PRC - [2011/05/28 08:49:06 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Jim Barabe\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 02:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/04/14 12:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
PRC - [2010/06/04 08:10:36 | 000,822,384 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009/02/03 09:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/27 21:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/05/17 15:02:04 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/05/11 20:23:22 | 000,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2006/05/05 20:39:54 | 000,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2006/04/28 00:00:48 | 000,344,144 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
PRC - [2006/04/26 17:39:42 | 000,258,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2006/04/24 22:54:14 | 000,110,592 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
PRC - [2006/04/24 22:54:12 | 000,315,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2006/04/24 22:54:04 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2006/04/12 19:25:22 | 000,798,720 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
PRC - [2006/04/10 21:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/02/22 20:41:00 | 000,086,016 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
PRC - [2005/12/14 15:00:32 | 000,126,976 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.exe
PRC - [2005/12/05 15:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/29 19:37:22 | 000,266,240 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe
PRC - [2005/11/28 14:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 14:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/17 18:44:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
PRC - [2005/11/02 19:41:04 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005/10/11 17:59:58 | 000,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2005/10/06 08:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/10 09:12:14 | 000,286,720 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
PRC - [2005/07/21 21:38:24 | 000,901,120 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFXFER.exe
PRC - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2005/07/12 16:33:02 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcjcoms.exe
PRC - [2005/06/28 23:43:00 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe
PRC - [2005/05/23 19:21:36 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/05/17 14:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe
PRC - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 03:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/12/16 14:56:52 | 000,090,112 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
PRC - [2004/10/20 09:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 16:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/18 06:37:44 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2004/06/30 19:29:34 | 000,049,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe
PRC - [2004/02/24 18:57:32 | 000,077,824 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMETEMnu.exe


========== Modules (SafeList) ==========

MOD - [2011/06/14 12:21:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim Barabe\desktop\OTL.scr
MOD - [2011/05/28 08:49:31 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/29 08:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
MOD - [2008/07/29 08:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
MOD - [2005/10/11 17:59:56 | 000,131,072 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\PrnTrack.dll
MOD - [2005/10/11 17:59:56 | 000,109,568 | ---- | M] (www.madshi.net) -- C:\WINDOWS\system32\MadCHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [Unknown | Stopped] -- -- (idsvc)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/22 22:08:44 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/05/17 15:02:04 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/05/11 20:23:22 | 000,176,128 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/12/14 15:00:32 | 000,126,976 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005/10/11 17:59:58 | 000,294,912 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/07/12 16:33:02 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/20 09:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/06/29 12:29:30 | 000,184,373 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe -- (AOLService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/03 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110603.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/03 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110603.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/13 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/08/07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/05/17 15:02:04 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/05/09 20:27:24 | 004,273,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/05 21:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 20:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 20:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2006/04/28 14:29:38 | 000,641,152 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/12/26 17:33:26 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2005/12/05 04:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 13:12:36 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 15:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/15 12:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/06 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 08:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/09 17:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 15:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 15:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 18:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/10 16:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/06/02 06:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/12/28 02:31:50 | 000,016,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2004/11/13 15:24:52 | 000,006,144 | R--- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2004/06/16 14:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/05/08 23:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/19 15:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/21 12:37:16 | 000,515,803 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ca50xav.sys -- (Ca50xav) Icatch(V)
DRV - [2002/09/13 01:48:50 | 000,008,832 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TBtnKey.sys -- (TBtnKey)
DRV - [2002/07/25 12:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk50x.sys -- (USBCamera) Icatch(V)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&apn_uid=9E004637-6FF4-4B34-AC32-ED71E4C0C8FD&apn_ptnrs=OE&apn_sauid=6F34B896-F965-4628-9B57-91A41C344C67&apn_dtid=VIN003YYUS&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/28 08:49:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/02 10:47:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/02 10:47:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/06/14 11:31:59 | 000,000,000 | ---D | M]

[2010/05/14 13:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Extensions
[2010/05/14 13:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/06 10:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Firefox\Profiles\82zldlfi.default\extensions
[2010/06/26 09:13:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Firefox\Profiles\82zldlfi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/14 17:48:46 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Firefox\Profiles\82zldlfi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/06 10:17:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Firefox\Profiles\82zldlfi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/09 17:29:00 | 000,000,000 | ---D | M] ("LimeWire Toolbar") -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Firefox\Profiles\82zldlfi.default\extensions\toolbar@ask.com
[2011/06/14 10:14:02 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\Application Data\Mozilla\Firefox\Profiles\82zldlfi.default\searchplugins\askcom.xml
[2011/06/02 11:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/28 08:49:33 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/04/14 12:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/06/01 18:34:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 04:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 04:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (TwcToolbarBhoApp Class) - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (BrowseFlow) - {1F229476-80DD-450A-8FCA-FB14BC0901B1} - C:\Program Files\BrowseFlow\History Window\BrowseHistoryBHO.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe (PureEdge Solutions Inc.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 964\memcard.exe ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAcelMgr] C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRot.exe] c:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)
O4 - HKLM..\Run: [TSkrMain] C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [HeypPtdMGKlWj] File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Jim Barabe\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Jim Barabe\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Jim Barabe\Start Menu\Programs\Startup\hc_tray.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173620649109 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\TSigNP: DllName - TSigNP.dll - C:\WINDOWS\System32\TSigNP.dll (TOSHIBA)
O24 - Desktop WallPaper: C:\Documents and Settings\Jim Barabe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jim Barabe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/12 14:57:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f304a2cc-9e78-11de-9a0b-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{f304a2cc-9e78-11de-9a0b-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f304a2cc-9e78-11de-9a0b-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/15 15:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Client Security
[2011/06/15 08:46:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/14 20:04:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/14 13:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/14 13:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/14 12:21:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim Barabe\Desktop\OTL.scr
[2011/06/14 11:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/06/14 11:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/06/14 11:31:15 | 000,109,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/06/14 11:21:06 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Jim Barabe\My Documents\My Safe
[2011/06/13 10:43:37 | 006,443,128 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Jim Barabe\Desktop\AppRemover.exe
[2011/06/10 10:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Yahoo
[2011/06/10 10:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\The Weather Channel
[2011/06/09 11:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim Barabe\Desktop\gmer
[2011/06/09 11:18:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jim Barabe\Start Menu\Programs\Administrative Tools
[2011/06/09 11:17:56 | 000,607,222 | R--- | C] (Swearware) -- C:\Documents and Settings\Jim Barabe\Desktop\dds.scr
[2011/06/03 12:02:28 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/06/03 08:57:32 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Jim Barabe\Desktop\esetsmartinstaller_enu.exe
[2011/06/02 10:46:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/02 10:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/06/02 10:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/02 09:54:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/06/01 19:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/01 18:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim Barabe\Local Settings\Application Data\Secunia PSI
[2011/06/01 18:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/06/01 18:03:40 | 001,739,400 | ---- | C] (Secunia) -- C:\Documents and Settings\Jim Barabe\Desktop\PSISetup.exe
[2011/05/31 09:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim Barabe\Application Data\Malwarebytes
[2011/05/31 09:16:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/31 09:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/31 09:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/31 09:16:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/31 09:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/31 09:13:43 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jim Barabe\Desktop\mbam-setup.exe
[2011/05/31 09:09:46 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim Barabe\Desktop\batbleep.com.exe
[2011/05/30 10:31:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jim Barabe\Recent
[2011/05/28 12:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim Barabe\Start Menu\Programs\Windows XP Recovery
[2011/05/28 08:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/05/28 08:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2009/01/15 09:26:47 | 007,518,240 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.5.exe
[2007/04/11 10:07:02 | 006,006,832 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 2.0.0.3.exe
[2006/11/11 10:31:16 | 014,879,120 | ---- | C] (Macrovision Corporation) -- C:\Program Files\GoogleEarthWin.exe
[2006/05/12 16:27:11 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll
[2006/05/12 16:27:11 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\Thkemrun.exe

========== Files - Modified Within 30 Days ==========

[2011/06/15 16:01:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/15 16:00:45 | 000,020,694 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\Desktop\OTL.zip
[2011/06/15 15:50:44 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/15 09:45:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/15 08:35:30 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/15 08:35:29 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3095322723-1236337141-2919945432-1005.job
[2011/06/15 08:35:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/15 08:35:23 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/06/15 08:35:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/15 08:31:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/15 08:31:23 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/14 20:05:08 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3095322723-1236337141-2919945432-1005.job
[2011/06/14 13:49:21 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/14 13:41:28 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/14 12:21:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim Barabe\Desktop\OTL.scr
[2011/06/13 10:44:36 | 006,443,128 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Jim Barabe\Desktop\AppRemover.exe
[2011/06/09 11:35:44 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\Desktop\gmer.zip
[2011/06/09 11:18:27 | 000,607,222 | R--- | M] (Swearware) -- C:\Documents and Settings\Jim Barabe\Desktop\dds.scr
[2011/06/09 11:16:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\defogger_reenable
[2011/06/08 20:03:08 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/03 08:57:52 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Jim Barabe\Desktop\esetsmartinstaller_enu.exe
[2011/06/02 10:46:32 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/01 19:30:20 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/01 19:20:53 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\Start Menu\Programs\Startup\Dropbox.lnk
[2011/06/01 19:20:51 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\Desktop\Dropbox.lnk
[2011/06/01 18:28:08 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/01 18:07:22 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/01 18:03:52 | 001,739,400 | ---- | M] (Secunia) -- C:\Documents and Settings\Jim Barabe\Desktop\PSISetup.exe
[2011/05/31 09:45:26 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\Desktop\unhide.exe
[2011/05/31 09:16:47 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 09:08:14 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim Barabe\Desktop\batbleep.com.exe
[2011/05/31 08:52:14 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jim Barabe\Desktop\mbam-setup.exe
[2011/05/31 08:48:48 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\Desktop\iExplore.exe
[2011/05/28 13:58:22 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\22077220
[2011/05/28 13:51:20 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22077220r
[2011/05/28 13:51:20 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~22077220
[2011/05/28 12:55:51 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Jim Barabe\Desktop\Windows XP Recovery.lnk
[2011/05/28 08:49:53 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/28 08:49:08 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2011/06/15 15:59:51 | 000,020,694 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Desktop\OTL.zip
[2011/06/14 13:49:21 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/14 13:41:28 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/09 11:35:50 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Desktop\gmer.zip
[2011/06/09 11:16:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\defogger_reenable
[2011/06/08 11:28:00 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2011/06/02 10:46:32 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/02 10:06:50 | 000,001,924 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/06/01 19:28:10 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/01 19:28:10 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/01 18:28:07 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/01 18:07:22 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/01 18:07:22 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/05/31 10:11:04 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool 2.0.lnk
[2011/05/31 10:11:04 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/31 10:11:04 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TOSHIBA Assist.lnk
[2011/05/31 10:11:04 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2011/05/31 10:11:04 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/31 10:11:04 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/31 10:11:04 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/31 10:11:04 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/31 10:11:04 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2011/05/31 10:11:04 | 000,000,494 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TOSHIBA Application Installer.lnk
[2011/05/31 10:11:04 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/31 10:11:03 | 000,301,321 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Office 2003 Editions 60 Day Trial.exe
[2011/05/31 10:11:03 | 000,001,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Macromedia Breeze Presenter Sample.lnk
[2011/05/31 10:11:03 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/05/31 10:11:03 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/05/31 10:11:03 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Buy at ToshibaDirect.lnk
[2011/05/31 10:11:03 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/05/31 10:11:03 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/31 09:52:57 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Desktop\unhide.exe
[2011/05/31 09:16:47 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 09:00:20 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Desktop\iExplore.exe
[2011/05/28 12:56:10 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22077220r
[2011/05/28 12:56:09 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~22077220
[2011/05/28 12:55:51 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Desktop\Windows XP Recovery.lnk
[2011/05/28 12:55:15 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\22077220
[2010/05/28 11:01:06 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/12/21 21:54:11 | 000,056,756 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/23 09:02:36 | 000,000,104 | ---- | C] () -- C:\Program Files\Internet Explorer (3).lnk
[2009/10/23 09:02:15 | 000,000,745 | ---- | C] () -- C:\Program Files\Absolute Poker (2).lnk
[2009/10/23 09:02:15 | 000,000,104 | ---- | C] () -- C:\Program Files\Internet Explorer (2).lnk
[2009/10/23 09:01:28 | 000,000,745 | ---- | C] () -- C:\Program Files\Absolute Poker
[2009/10/23 09:01:28 | 000,000,104 | ---- | C] () -- C:\Program Files\Internet Explorer
[2009/05/14 14:29:30 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/01/12 12:59:16 | 000,014,381 | ---- | C] () -- C:\WINDOWS\Tw500c.ini
[2009/01/12 12:59:15 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2009/01/12 12:59:15 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2009/01/12 12:59:11 | 000,001,891 | ---- | C] () -- C:\WINDOWS\CA504A.INI
[2009/01/12 12:59:11 | 000,001,885 | ---- | C] () -- C:\WINDOWS\CA500C.INI
[2009/01/09 11:09:03 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/10 10:27:29 | 000,038,532 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\Microsoft Excel.ADR
[2008/08/19 12:37:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\PureEdgeAPI.ini
[2008/08/19 12:37:13 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MSQOLE.DLL
[2008/03/12 18:40:57 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/10 15:05:32 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2007/08/09 07:47:37 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2007/08/02 18:09:50 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/08/02 17:46:40 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2007/08/02 17:46:40 | 001,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2007/08/02 17:46:40 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2007/08/02 17:46:40 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2007/08/02 17:46:40 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjcoms.exe
[2007/08/02 17:46:40 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2007/08/02 17:46:40 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlcjih.exe
[2007/08/02 17:46:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2007/08/02 17:46:40 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2007/08/02 17:46:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2007/08/02 17:46:39 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2007/08/02 17:46:39 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2007/08/02 17:46:39 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2007/08/02 17:46:39 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.exe
[2007/08/02 17:46:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2007/08/02 17:46:38 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2007/08/02 17:46:38 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2007/08/02 17:46:38 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2007/08/02 17:46:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2007/08/02 17:46:37 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2007/08/02 17:46:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2007/08/02 17:46:37 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2007/07/11 12:23:46 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2007/07/11 12:23:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2007/07/05 12:28:37 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/02 14:39:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/02/07 21:40:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/10/08 09:16:43 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/04 22:37:38 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/02 23:52:18 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\Unwise32.exe
[2006/10/02 23:51:55 | 000,000,570 | ---- | C] () -- C:\WINDOWS\DTOOLS.INI
[2006/09/18 02:39:41 | 004,806,997 | ---- | C] () -- C:\Program Files\shockwave_installer.exe
[2006/09/16 09:59:51 | 000,000,827 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/09/09 10:27:22 | 000,000,024 | -HS- | C] () -- C:\Documents and Settings\Jim Barabe\Local Settings\Application Data\TabletPlanner.tb4
[2006/09/08 13:27:32 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Jim Barabe\Local Settings\Application Data\fusioncache.dat
[2006/09/08 13:27:32 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\SL48HED7MYECCV62T5QUKAG385
[2006/09/08 13:27:32 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Jim Barabe\Application Data\PT4CJXFHYGGCXPMX73253MC85G
[2006/05/31 14:06:42 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/31 14:06:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/05/17 16:28:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/17 14:05:22 | 000,000,224 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/15 12:15:00 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/05/12 19:21:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/12 18:21:50 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\GBInf.dll
[2006/05/12 17:31:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/12 17:31:28 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/12 17:31:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/12 17:31:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/12 17:31:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/12 17:31:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/12 17:21:11 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/05/12 16:58:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/05/12 16:44:20 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/05/12 16:44:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/05/12 16:44:20 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/05/12 16:44:20 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/05/12 16:39:16 | 000,001,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2006/05/12 16:27:11 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2006/05/12 15:03:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/12 15:00:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/12 14:54:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/12 14:27:24 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/12 14:21:38 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/05/12 14:21:28 | 000,414,318 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/05/12 14:21:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/05/12 14:21:28 | 000,067,370 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/05/12 14:21:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/05/12 14:21:25 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/05/12 14:21:23 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/05/12 14:21:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/05/12 14:21:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/05/12 14:21:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/05/12 14:20:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/05/12 14:20:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/05/12 07:48:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/12 07:47:58 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/30 17:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 17:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 18:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 20:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/05/12 18:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix
[2006/05/12 18:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix GoBinder
[2011/06/14 11:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2007/09/26 21:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2008/08/19 12:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2008/04/07 09:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2007/03/14 10:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/28 22:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/02/15 21:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2010/05/11 14:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/05 22:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/26 09:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/11 17:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\Absolute Poker
[2011/06/15 08:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\Dropbox
[2007/09/26 21:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\FileOpen
[2009/11/04 09:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\GlarySoft
[2006/05/17 15:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\InterVideo
[2007/10/24 09:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\Nikon
[2006/05/12 17:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\Protector Suite
[2008/08/19 12:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\PureEdge
[2009/09/25 15:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\SmartDraw
[2006/05/12 17:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\toshiba
[2007/03/14 10:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\Viewpoint
[2006/12/12 10:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Barabe\Application Data\WildTangent
[2011/06/15 08:35:30 | 000,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/06/15 16:01:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/06/15 08:35:23 | 000,000,474 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



< End of report >

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:49 AM

Posted 16 June 2011 - 03:13 PM

Good evening. :)

1) Download Avenger by Swandog from here and save it to your Desktop.

2) Log off from the internet.

3) Close all open windows as this will require a reboot or two.

4) You will then need to unzip Avenger before you run it.

To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


5) Double click avenger.exe to run it - read and accept the warning to continue.

6) Copy and paste the following text into the Input script here: window:

Drivers to delete:
SavRoam
Symantec AntiVirus
DefWatch
SNDSrvc
ccSetMgr
ccEvtMgr
SPBBCSvc
NAVEX15
NAVENG
eeCtrl
SAVRTPEL
SAVRT
SYMTDI
SYMREDRV
SPBBCDrv

Files to delete:
C:\WINDOWS\System32\Drivers\SYMTDI.SYS
C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

Folders to delete:
C:\Program Files\Symantec AntiVirus
C:\Program Files\Common Files\Symantec Shared


7) Click Execute and let things take their course.

Avenger creates a log once it has run, which it should open once the PC has finished rebooting - i'd like a copy of that.
If the Avenger log doesn't open, you should find a copy in the avenger folder you unzipped earlier.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users