Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus affecting my internet access [Solved]


  • This topic is locked This topic is locked

#1
asb447

asb447

    Member

  • Member
  • PipPip
  • 94 posts
HI there,

I initially submitted this to the networking section but was advised to come here as it sounds like the virus still exists.

I am unable to connect to the internet on my laptop. I am running windows xp professional. This is a family members computer who said they had a virus and now they cant connect to the internet. I ran Malwarebytes on it and removed alot of Trojan Vundo entries. When the computer boots a folder automatically opens call c:\program files\common. It is an empty folder but opens everytime on reboot. When i run network diagnositcs the error message says:

Windows cannot connect to the internet using HTTP,HTTPS, or FTP. This is probably caused by your firewall settings on this computer.

Check the firewall settings for the HTTP port (80). HTTPS port(443) and FTP port (21).

I have disabled the firewall and antivirus software but that didnt change the condition. I will be very obliged if someone can help!

Thanks Angela
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if I can cure some of your ills. These can be transfered to the infected computer

Please download Brute Force Uninstaller .
  • Right click the downloaded BFU folder, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download DeepDive Remover.
Save it in the same folder you made earlier (c:\BFU).

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select DeepDive.bfu
  • Press Execute and let the program do it’s job. (Do not be startled as your taskbar will disappear for a little while.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
  • A notepad file called BFUlogdeepdive.txt will be created on the systemdrive (usually the location will be C:\BFUlogdeepdive.txt). Post the content of that file please.

THEN

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#3
asb447

asb447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Thank you for helping me! I saved the above to a flash drive and tried to unzip BFU onto the c drive on the sick computer and a box came up saying please insert the last disk of the multi-volume set and click ok to continue... ?????? When i click cancel it says there are no filed to extract.....
  • 0

#4
asb447

asb447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Forget the last email i tried it again and it worked!! Here are the 3 text files you asked for. Thanks!

BFU v1.11.0
Windows XP SP3 (WinNT 5.01.2600 SP3)
Script started at 5:42:57 PM, on 4/14/2009

Option Unload Explorer: Yes
Option Delete files to Recycle Bin: Yes
Success: ProcessKillByPID 2804
Success: ProcessKill C:\WINDOWS\explorer.exe|1
Failed: DllUnregister C:\Program Files\Common\helper.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Common\_helper.dll|1 (file not found)
Failed: DllUnregister \main.dll|1 (file not found)
Success: RegDeleteKey HKLM\SOFTWARE\Classes\AppID\main.DLL
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\AppID\{A0E1054B-01EE-4D57-A059-4D99F339709F} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\Interface\{986A8AC1-AB4D-4F41-9068-4B01C0197867} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\main.BHO (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\main.BHO.1 (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (key does not exist)
Success: FolderDelete C:\Program Files\Common
Success: SystemRun C:\WINDOWS\explorer.exe||1
Script completed at 5:43:28 PM.

OTListIt logfile created on: 4/14/2009 5:50:30 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\TOSHIBA\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 636.78 Mb Available Physical Memory | 62.30% Memory free
2.40 Gb Paging File | 2.11 Gb Available in Paging File | 87.76% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.80 Gb Total Space | 115.50 Gb Free Space | 77.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.80 Gb Total Space | 5.41 Gb Free Space | 69.42% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIMMY
Current User Name: TOSHIBA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SMSC\CIRHID\V1_0_0000_0\ToshibaRC.exe ()
PRC - C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\DrvMon.exe (Alcor Micro, Corp.)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\TOSHIBA\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (6to4 [Auto | Running]) -- C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (IISADMIN [Auto | Running]) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LPDSVC [On_Demand | Stopped]) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (MSMQ [Auto | Running]) -- C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)
SRV - (MSMQTriggers [Auto | Running]) -- C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (NWCWorkstation [Auto | Running]) -- C:\WINDOWS\System32\nwwks.dll (Microsoft Corporation)
SRV - (NwSapAgent [Auto | Running]) -- C:\WINDOWS\System32\ipxsap.dll (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (SMTPSVC [Auto | Running]) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SNMP [Auto | Running]) -- C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
SRV - (Swupdtmr [Auto | Running]) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (W3SVC [Auto | Running]) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (104EC7C4BBB6A9EE [Auto | Running]) -- C:\WINDOWS\System32\104EC7C4BBB6A9EE [2008/12/14 23:14:48 | 00,000,000 | -HSD | M]
DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (ASAPIW2K [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (BoiHwsetup [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys (Quanta Computer Corp)
DRV - (CEUSBAUD [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\CEUSBAUD.sys (CEntrance, Inc.)
DRV - (DfuUsb [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\DFUUsb.sys (Texas Instruments)
DRV - (e1express [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HdAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (KR10N [Boot | Running]) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (MarvinBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (MBAMSwissArmy [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MQAC [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (Netdevio [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys (TOSHIBA Corporation.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (NWRDR [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nwrdr.sys (Microsoft Corporation)
DRV - (PCLEPCI [System | Running]) -- C:\WINDOWS\system32\drivers\pclepci.sys (Pinnacle Systems GmbH)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (qkbfiltr [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys (Quanta Computer, Inc.)
DRV - (qmofiltr [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\qmofiltr.sys (Quanta Computer, Inc.)
DRV - (RMCAST [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RMCast.sys (Microsoft Corporation)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMCB000 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\hidsmsc.sys (SMSC)
DRV - (SynasUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\SynasUSB.sys (SIA Syncrosoft)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tbiosdrv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys ()
DRV - (Tcpip6 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (TcUsb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tcusb.sys (UPEK Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (toshidpt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosporte [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbd [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbnp [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom [System | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfec [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV - (Tosrfhid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfnds [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (USBIO [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbio.sys (Thesycon GmbH, Germany)
DRV - (USB_RNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys (Microsoft Corporation)
DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys (Intel® Corporation)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.prevhomep...omepage.com/?q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet ()
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run (TOSHIBA Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [rtasks] C:\Program Files\TrustedProtection\rtasks.exe File not found
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en (TOSHIBA Inc.)
O4 - HKLM..\Run: [ToshibaApp] C:\WINDOWS\SMSC\CIRHID\V1_0_0000_0\ToshibaRC.exe ()
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe (Alcor Micro, Corp.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1177343568296 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (pgpuvn.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - E:\autorun.inf () - [ FAT32 ]
O33 - MountPoints2\{a9c7d414-2881-11de-bc0c-00130225040a}\Shell - "" = AutoRun
O33 - MountPoints2\{a9c7d414-2881-11de-bc0c-00130225040a}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/04/14 17:47:50 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TOSHIBA\Desktop\OTListIt2.exe
[2009/04/14 17:30:21 | 00,000,000 | ---D | C] -- C:\bfu
[2009/04/13 18:13:45 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/04/13 18:08:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/13 18:05:07 | 10,718,28992 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/13 16:40:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TOSHIBA\Application Data\Malwarebytes
[2009/04/13 16:40:11 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/13 16:40:11 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/13 16:40:09 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/13 16:40:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/13 16:40:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/13 16:39:17 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\TOSHIBA\Desktop\malwarebytes.exe
[2009/04/13 16:33:26 | 00,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2009/04/13 16:21:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TOSHIBA\Application Data\vusbsp
[2009/04/13 16:20:53 | 00,053,248 | ---- | C] (Alcor Micro, Corp.) -- C:\WINDOWS\System32\DrvMon.exe
[2009/04/13 16:14:40 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/12/13 22:45:02 | 01,646,825 | -HS- | C] () -- C:\WINDOWS\System32\reovoumw.ini
[2008/12/13 20:29:24 | 01,646,825 | -HS- | C] () -- C:\WINDOWS\System32\afecqtah.ini
[2008/12/12 00:05:51 | 01,703,547 | -HS- | C] () -- C:\WINDOWS\System32\ffvndwdd.ini
[2008/12/11 00:05:51 | 01,659,553 | -HS- | C] () -- C:\WINDOWS\System32\agwqcsva.ini
[2008/12/10 00:02:51 | 01,659,553 | -HS- | C] () -- C:\WINDOWS\System32\msbwdxml.ini
[2008/12/06 23:14:42 | 01,620,470 | -HS- | C] () -- C:\WINDOWS\System32\vhxqqumb.ini
[2008/12/05 11:06:29 | 01,479,822 | -HS- | C] () -- C:\WINDOWS\System32\arebbmio.ini
[2008/12/01 23:53:28 | 01,413,378 | -HS- | C] () -- C:\WINDOWS\System32\wwxbihrq.ini
[2008/11/30 10:45:02 | 01,381,274 | -HS- | C] () -- C:\WINDOWS\System32\hgtuuqgm.ini
[2008/11/29 10:45:02 | 01,342,962 | -HS- | C] () -- C:\WINDOWS\System32\lvwhceue.ini
[2008/11/28 18:57:11 | 01,342,962 | -HS- | C] () -- C:\WINDOWS\System32\qbdaktuj.ini
[2008/11/24 21:32:34 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\rbnevy.dll
[2008/11/24 21:32:32 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\dfordmkj.dll
[2008/11/23 16:13:17 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\kciqdlmv.ini
[2008/11/19 22:12:06 | 01,738,632 | -HS- | C] () -- C:\WINDOWS\System32\iwaehsee.ini
[2008/11/17 22:11:00 | 01,628,421 | -HS- | C] () -- C:\WINDOWS\System32\swtegrly.ini
[2008/11/13 19:37:00 | 01,621,312 | -HS- | C] () -- C:\WINDOWS\System32\ammjntpr.ini
[2008/11/12 19:40:05 | 01,605,958 | -HS- | C] () -- C:\WINDOWS\System32\damflfie.ini
[2008/11/11 16:53:23 | 01,605,958 | -HS- | C] () -- C:\WINDOWS\System32\uyuceytf.ini
[2008/11/11 16:46:16 | 01,579,053 | -HS- | C] () -- C:\WINDOWS\System32\gbruxint.ini
[2008/11/06 21:43:58 | 01,932,253 | -HS- | C] () -- C:\WINDOWS\System32\kijscjah.ini
[2008/11/04 20:09:53 | 00,008,216 | ---- | C] () -- C:\WINDOWS\System32\mst120.dll
[2008/11/04 18:56:09 | 01,953,316 | -HS- | C] () -- C:\WINDOWS\System32\pkgyaiid.ini
[2008/11/03 18:45:53 | 01,942,051 | -HS- | C] () -- C:\WINDOWS\System32\wiltacis.ini
[2008/11/02 12:00:50 | 01,933,247 | -HS- | C] () -- C:\WINDOWS\System32\odknecgp.ini
[2008/11/02 11:58:08 | 01,493,803 | -HS- | C] () -- C:\WINDOWS\System32\yovwhwhe.ini
[2008/10/29 21:26:51 | 01,486,543 | -HS- | C] () -- C:\WINDOWS\System32\hpoquipo.ini
[2008/10/28 20:08:52 | 01,049,512 | -HS- | C] () -- C:\WINDOWS\System32\boiwgdcm.ini
[2008/10/27 21:45:23 | 01,045,153 | -HS- | C] () -- C:\WINDOWS\System32\mpesgetx.ini
[2008/06/11 15:13:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSBrow.INI
[2008/06/10 22:37:50 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/06/10 22:37:49 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/06/10 22:37:02 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/06/10 22:37:02 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/06/10 22:37:01 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/08/17 19:28:08 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/08/17 16:28:35 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/08/17 16:28:35 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/08/17 16:28:35 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/10/15 15:20:36 | 00,000,500 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/10/04 14:56:07 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/07 17:23:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/09/06 10:37:57 | 00,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2006/09/06 10:22:46 | 00,001,194 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2006/09/06 10:22:45 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2006/09/06 10:22:45 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2006/09/06 10:22:45 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2006/09/06 10:22:45 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2006/09/06 10:22:45 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/08/04 18:15:45 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/04 15:22:59 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/11 15:45:59 | 00,000,000 | R--- | C] () -- C:\WINDOWS\System32\RCCustomSetup.ini
[2006/07/11 15:26:04 | 00,000,000 | R--- | C] () -- C:\WINDOWS\System32\svconfig.ini
[2006/07/11 11:26:55 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/11 11:25:47 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/11 11:25:47 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/11 11:25:47 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/11 11:25:46 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/11 11:25:46 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/11 11:25:46 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/09 10:56:02 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/09 10:56:02 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/09 10:56:02 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/09 10:56:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/09 10:56:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/09 10:55:59 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/02 11:54:05 | 00,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/03/02 11:54:05 | 00,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2005/12/27 15:02:20 | 00,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/27 15:00:11 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/12/27 14:58:12 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/12/27 14:58:12 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/12/27 14:58:12 | 00,009,366 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/12/27 14:58:12 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/12/27 12:54:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/12/27 12:43:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2005/12/27 12:05:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/27 11:55:54 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/12/27 10:39:35 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/27 10:36:45 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/12/27 10:36:40 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/12/16 10:35:12 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 12:56:50 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/11/28 21:33:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 15:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 16:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/07/22 22:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/12/20 18:24:03 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/07/20 18:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/08/19 01:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/19 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/13 17:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/14 17:47:00 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TOSHIBA\Desktop\OTListIt2.exe
[2009/04/14 17:31:45 | 00,523,232 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/14 17:31:45 | 00,441,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/14 17:31:45 | 00,073,622 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/14 17:27:45 | 00,045,423 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/14 17:27:41 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/14 17:27:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/14 17:27:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/14 17:27:12 | 10,718,28992 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/13 18:22:48 | 04,307,516 | -H-- | M] () -- C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\IconCache.db
[2009/04/13 18:13:42 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/13 18:13:42 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/13 18:13:42 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/04/13 17:19:26 | 00,165,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/13 16:40:11 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/13 16:37:46 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\TOSHIBA\Desktop\malwarebytes.exe
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== LOP Check ==========

[2009/04/13 16:40:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/26 12:58:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2005/12/27 14:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/04/13 17:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2007/09/25 21:34:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/06/24 18:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/06/29 16:39:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2006/09/23 21:08:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/10/08 20:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/04/30 22:32:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
[2007/04/20 20:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/07/11 11:37:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2005/12/27 14:59:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/04/13 16:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/13 16:08:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2007/04/25 07:12:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2008/12/14 23:28:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/08/02 22:53:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2006/09/07 16:21:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/09/06 10:18:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2005/12/27 15:08:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2005/12/27 15:08:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2008/10/15 12:10:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2006/09/06 10:25:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/04/29 20:16:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2007/07/08 21:55:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/08 21:18:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2007/10/06 23:04:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/04/20 20:57:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/08/11 20:54:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007/04/20 20:59:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2008/10/08 20:28:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2007/04/23 20:19:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/04/13 17:11:01 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\TOSHIBA\Application Data
[2007/10/06 23:06:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\acccore
[2006/01/10 19:23:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Adobe
[2007/04/25 21:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\AdobeUM
[2006/08/04 18:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\AOL
[2006/08/19 12:58:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Apple Computer
[2008/10/11 15:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Azureus
[2009/04/14 17:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\DNA
[2006/10/15 15:30:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Google
[2007/02/16 23:14:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Help
[2005/12/27 11:59:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Identities
[2006/07/11 11:36:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Intel
[2006/08/02 19:48:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\InterVideo
[2005/12/27 15:00:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Intuit
[2007/05/12 12:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Macromedia
[2009/04/13 16:40:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Malwarebytes
[2009/04/13 15:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\McAfee
[2008/11/09 20:37:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Microsoft
[2006/07/11 11:38:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Protector Suite
[2006/08/03 04:07:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\ShadeExplorer
[2006/08/05 15:13:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Sonic
[2006/10/07 22:07:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Sun
[2006/09/23 12:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Template
[2006/12/15 18:58:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\toshiba
[2008/11/14 08:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\U3
[2007/03/25 14:23:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Viewpoint
[2009/04/13 16:21:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\vusbsp
[2008/10/08 20:28:44 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\yahoo!
[2005/12/27 15:08:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\You've Got Pictures Screensaver
[2006/09/23 23:21:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\ZangoToolbar
[2008/12/10 00:02:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/03 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2006/07/11 11:36:44 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2006/07/11 11:36:45 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2006/07/11 11:36:45 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2009/04/14 17:27:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
< End of report >


OTListIt Extras logfile created on: 4/14/2009 5:50:30 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\TOSHIBA\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 636.78 Mb Available Physical Memory | 62.30% Memory free
2.40 Gb Paging File | 2.11 Gb Available in Paging File | 87.76% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.80 Gb Total Space | 115.50 Gb Free Space | 77.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.80 Gb Total Space | 5.41 Gb Free Space | 69.42% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIMMY
Current User Name: TOSHIBA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup File not found
C:\Program Files\Toshiba\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine (TOSHIBA CORPORATION)
C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing (Microsoft Corporation)
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\tinyproxy\tinyproxy.exe:*:Enabled:tinyproxy File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{44E24545-F317-4498-B7CD-240DE7BA8DE2}" = RAW Image Task
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC}" = MyConnect Special Offer
"{9A08615A-6113-46F9-8819-5BA66B6600FD}" = Toshiba Hotkey Utility
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E989FC1C-0643-4F54-A04E-828CC1D5BD73}" = TransActAT
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC CIR HID V5.3.2600.3
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AskSBar Uninstall" = Ask Toolbar
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5047&SUBSYS_1179FF31" = HDAUDIO Soft Data Fax Modem with SmartCP
"GoldWave v5.18" = GoldWave v5.18
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{44E24545-F317-4498-B7CD-240DE7BA8DE2}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"InstallShield_{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"sat_screensaver_30mb.scr" = sat_screensaver_30mb
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/13/2009 6:17:57 PM | Computer Name = JIMMY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 4/13/2009 6:18:30 PM | Computer Name = JIMMY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/13/2009 6:18:32 PM | Computer Name = JIMMY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/13/2009 6:18:45 PM | Computer Name = JIMMY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/13/2009 6:18:55 PM | Computer Name = JIMMY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/13/2009 6:19:02 PM | Computer Name = JIMMY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/13/2009 6:19:03 PM | Computer Name = JIMMY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/13/2009 6:20:12 PM | Computer Name = JIMMY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 4/13/2009 7:04:22 PM | Computer Name = JIMMY | Source = nview_info | ID = 11141121
Description =

Error - 4/13/2009 8:44:01 PM | Computer Name = JIMMY | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.36.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/13/2009 9:05:31 PM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7000
Description = The SMI helper driver service failed to start due to the following
error: %%2

Error - 4/13/2009 9:12:34 PM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7000
Description = The FileDisk Protector Kernel Driver service failed to start due to
the following error: %%2

Error - 4/13/2009 9:12:34 PM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7000
Description = The FdRedir service failed to start due to the following error: %%2

Error - 4/13/2009 9:12:34 PM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7000
Description = The SMI helper driver service failed to start due to the following
error: %%2

Error - 4/13/2009 9:15:40 PM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7000
Description = The FileDisk Protector Kernel Driver service failed to start due to
the following error: %%2

Error - 4/13/2009 9:15:40 PM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7000
Description = The FdRedir service failed to start due to the following error: %%2

Error - 4/13/2009 9:15:40 PM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7000
Description = The SMI helper driver service failed to start due to the following
error: %%2

Error - 4/14/2009 8:27:29 PM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7000
Description = The FileDisk Protector Kernel Driver service failed to start due to
the following error: %%2

Error - 4/14/2009 8:27:29 PM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7000
Description = The FdRedir service failed to start due to the following error: %%2

Error - 4/14/2009 8:27:29 PM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7000
Description = The SMI helper driver service failed to start due to the following
error: %%2


< End of report >
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets kill these and on completion can you let me know what problems you are having now

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
    DRV - (104EC7C4BBB6A9EE [Auto | Running]) -- C:\WINDOWS\System32\104EC7C4BBB6A9EE [2008/12/14 23:14:48 | 00,000,000 | -HSD | M]
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [rtasks] C:\Program Files\TrustedProtection\rtasks.exe File not found
    
    :Files
    C:\Program Files\TrustedProtection
    C:\Documents and Settings\TOSHIBA\Application Data\ZangoToolbar
    C:\Program Files\tinyproxy
    C:\WINDOWS\System32\reovoumw.ini
    C:\WINDOWS\System32\afecqtah.ini
    C:\WINDOWS\System32\ffvndwdd.ini
    C:\WINDOWS\System32\agwqcsva.ini
    C:\WINDOWS\System32\msbwdxml.ini
    C:\WINDOWS\System32\vhxqqumb.ini
    C:\WINDOWS\System32\arebbmio.ini
    C:\WINDOWS\System32\wwxbihrq.ini
    C:\WINDOWS\System32\hgtuuqgm.ini
    C:\WINDOWS\System32\lvwhceue.ini
    C:\WINDOWS\System32\qbdaktuj.ini
    C:\WINDOWS\System32\rbnevy.dll
    C:\WINDOWS\System32\dfordmkj.dll
    C:\WINDOWS\System32\kciqdlmv.ini
    C:\WINDOWS\System32\iwaehsee.ini
    C:\WINDOWS\System32\swtegrly.ini
    C:\WINDOWS\System32\ammjntpr.ini
    C:\WINDOWS\System32\damflfie.ini
    C:\WINDOWS\System32\uyuceytf.ini
    C:\WINDOWS\System32\gbruxint.ini
    C:\WINDOWS\System32\kijscjah.ini
    C:\WINDOWS\System32\mst120.dll
    C:\WINDOWS\System32\pkgyaiid.ini
    C:\WINDOWS\System32\wiltacis.ini
    C:\WINDOWS\System32\odknecgp.ini
    C:\WINDOWS\System32\yovwhwhe.ini
    C:\WINDOWS\System32\hpoquipo.ini
    C:\WINDOWS\System32\boiwgdcm.ini
    C:\WINDOWS\System32\mpesgetx.ini
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#6
asb447

asb447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
ok thanks! heres the log you need..

Error: Unable to interpret <OTLI> in the current context!
Error: Unable to interpret <DRV - (104EC7C4BBB6A9EE [Auto | Running]) -- C:\WINDOWS\System32\104EC7C4BBB6A9EE [2008/12/14 23:14:48 | 00,000,000 | -HSD | M]> in the current context!
Error: Unable to interpret <IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [rtasks] C:\Program Files\TrustedProtection\rtasks.exe File not found> in the current context!
========== FILES ==========
File/Folder C:\Program Files\TrustedProtection not found.
File/Folder C:\Documents and Settings\TOSHIBA\Application Data\ZangoToolbar not found.
File/Folder C:\Program Files\tinyproxy not found.
File/Folder C:\WINDOWS\System32\reovoumw.ini not found.
File/Folder C:\WINDOWS\System32\afecqtah.ini not found.
File/Folder C:\WINDOWS\System32\ffvndwdd.ini not found.
File/Folder C:\WINDOWS\System32\agwqcsva.ini not found.
File/Folder C:\WINDOWS\System32\msbwdxml.ini not found.
File/Folder C:\WINDOWS\System32\vhxqqumb.ini not found.
File/Folder C:\WINDOWS\System32\arebbmio.ini not found.
File/Folder C:\WINDOWS\System32\wwxbihrq.ini not found.
File/Folder C:\WINDOWS\System32\hgtuuqgm.ini not found.
File/Folder C:\WINDOWS\System32\lvwhceue.ini not found.
File/Folder C:\WINDOWS\System32\qbdaktuj.ini not found.
File/Folder C:\WINDOWS\System32\rbnevy.dll not found.
File/Folder C:\WINDOWS\System32\dfordmkj.dll not found.
File/Folder C:\WINDOWS\System32\kciqdlmv.ini not found.
File/Folder C:\WINDOWS\System32\iwaehsee.ini not found.
File/Folder C:\WINDOWS\System32\swtegrly.ini not found.
File/Folder C:\WINDOWS\System32\ammjntpr.ini not found.
File/Folder C:\WINDOWS\System32\damflfie.ini not found.
File/Folder C:\WINDOWS\System32\uyuceytf.ini not found.
File/Folder C:\WINDOWS\System32\gbruxint.ini not found.
File/Folder C:\WINDOWS\System32\kijscjah.ini not found.
File/Folder C:\WINDOWS\System32\mst120.dll not found.
File/Folder C:\WINDOWS\System32\pkgyaiid.ini not found.
File/Folder C:\WINDOWS\System32\wiltacis.ini not found.
File/Folder C:\WINDOWS\System32\odknecgp.ini not found.
File/Folder C:\WINDOWS\System32\yovwhwhe.ini not found.
File/Folder C:\WINDOWS\System32\hpoquipo.ini not found.
File/Folder C:\WINDOWS\System32\boiwgdcm.ini not found.
File/Folder C:\WINDOWS\System32\mpesgetx.ini not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\TOSHIBA\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6a4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04152009_181126

Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_6a4.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would now like you to run Malwarebytes and on completion let me know how your computer is running

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#8
asb447

asb447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Hi there,

Thanks! I ran Malwarebytes (see log below) Still cannot access the internet so was unable to update Malwarebytes. When i did the network diagnostic the same error came up as at the start. I have attached that log also.....When i initially went onto the networking forum for help with this they referred me to this forum as he said it was a virus causing the inability to access the internet. I have it hardwired to a DSL connection. I also tried the wireless connection with the same result.

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/16/2009 3:37:54 PM
mbam-log-2009-04-16 (15-37-54).txt

Scan type: Quick Scan
Objects scanned: 78346
Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Last diagnostic run time: 04/16/09 15:39:57 HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

info HTTPS: Successfully connected to www.microsoft.com.
info FTP (Passive): Successfully connected to ftp.microsoft.com.
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
error Could not make an HTTP connection.
info Redirecting user to support call



DNS Client Diagnostic
DNS - Not a home user scenario

info Using Web Proxy: yes
No DNS servers

DNS failure




Gateway Diagnostic
Gateway

info The following proxy configuration is being used by IE: Automatically Detect Settings:Enabled Automatic Configuration Script: Proxy Server:http=127.0.0.1:9090 Proxy Bypass list:<local>
info This computer has the following default gateway entry(ies): 192.168.1.1
info This computer has the following IP address(es): 192.168.1.106
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
info Skipped gateway connectivity check because of IE proxy configuration



IP Layer Diagnostic
Corrupted IP routing table

info The default route is valid
info The loopback route is valid
info The local host route is valid
info The local subnet route is valid
Invalid ARP cache entries

action The ARP cache has been flushed



IP Configuration Diagnostic
Invalid IP address

info Valid IP address detected: 192.168.1.106



Wireless Diagnostic
Wireless - Service disabled

Wireless - User SSID

Wireless - First time setup

Wireless - Radio off

Wireless - Out of range

Wireless - Hardware issue

Wireless - Novice user

Wireless - Ad-hoc network

Wireless - Less preferred

Wireless - 802.1x enabled

Wireless - Configuration mismatch

Wireless - Low SNR




WinSock Diagnostic
WinSock status

info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info Provider entry RSVP UDP Service Provider passed the loopback communication test.
info Provider entry RSVP TCP Service Provider passed the loopback communication test.
info Provider entry MSAFD Tcpip [TCP/IPv6] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IPv6] passed the loopback communication test.
info Connectivity is valid for all Winsock service providers.



Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=Intel® PRO/1000 PL Network Connection, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=Wireless Network Connection, Device=Intel® PRO/Wireless 3945ABG Network Connection, MediaType=LAN, SubMediaType=WIRELESS
info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394
info Network connection: Name=Virtual Private Connection, Device=WAN Miniport (PPTP), MediaType=TUNNEL, SubMediaType=NONE
info Network connection: Name=Broadband Connection, Device=WAN Miniport (PPPOE), MediaType=PPPOE, SubMediaType=NONE
info Network connection: Name=Direct Connection, Device=, MediaType=PHONE, SubMediaType=NONE
info Network connection: Name=Internet Connection, Device=Internet Connection, MediaType=SHARED ACCESS HOST LAN, SubMediaType=NONE
info Both Ethernet and Wireless connections available, prompting user for selection
action User input required: Select network connection
info Ethernet connection selected
Network adapter status

info Network connection status: Connected



HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

info FTP (Passive): Successfully connected to ftp.microsoft.com.
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
info HTTPS: Successfully connected to www.microsoft.com.
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
error Could not make an HTTP connection.
  • 0

#9
asb447

asb447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
By the way i menat to post my HJT log before, here it is :))

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:03 PM, on 4/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SMSC\CIRHID\V1_0_0000_0\ToshibaRC.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prevhomep...omepage.com/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ToshibaApp] C:\WINDOWS\SMSC\CIRHID\V1_0_0000_0\ToshibaRC.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [rtasks] C:\Program Files\TrustedProtection\rtasks.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.serviceme...om/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.serviceme...om/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1177343568296
O18 - Filter hijack: text/html - {30c7bba0-d4ad-496b-965b-1667103cbbad} - C:\WINDOWS\system32\mst120.dll
O20 - AppInit_DLLs: pgpuvn.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8688 bytes
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK looking at that the error is for HTTP addresses your secure ones are OK so lets try something from the left. First there is one registry entry to remove that I missed

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
    O20 - AppInit_DLLs: (pgpuvn.dll) - File not found
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

THEN

Lets try out Open DNS and see if your router has an infection

Go to this Page and follow the instructions to set your DNS address. Having done that then retry to connect
  • 0

Advertisements


#11
asb447

asb447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
thanks, heres the log...

========== OTLISTIT ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:pgpuvn.dll deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\TOSHIBA\Local Settings\Temp\in6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\TOSHIBA\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1b8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04182009_121916

Files moved on Reboot...
C:\Documents and Settings\TOSHIBA\Local Settings\Temp\in6.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_1b8.dat moved successfully.

Registry entries deleted on Reboot...

I followed the open DNS and there is no problem with my router but the laptop still wont connect, i have three other computers on my home network that work fine but not the infected one, still the same error message coming up?????
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have just noticed there is no Antivirus on your system - have you removed Norton recently
  • 0

#13
asb447

asb447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
No i dont believe thay had norton i think it was mcAfee, he wants AVG on there, that was what i was going to put on there after i cleaned the viruses but cant get online to install it...
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did that include a firewall ? If so download the McAfee removal tool from here and run it on the affected computer. Does that make any difference
  • 0

#15
asb447

asb447

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
I tried that but didnt work, bummer i was hoping that was the problem. I looked in the add and remove programs to see if there is any sign of norton but there isnt......:)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP