Virtually every file I have will display the "Illegal operation attempted on a registry key that has been marked for deletion" pop-up.
I look forward to a helpful response and appreciate you having taken the time to read.
Best regards
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
We usually see that error after running Combofix. The solution is usually just to reboot. Please copy and paste your OTL log.
Ron
:processes killallprocesses :Services gusvc :OTL SRV - File not found [On_Demand | Stopped] -- -- (gusvc) O4 - HKLM..\Run: [msWJ7dEL8RqYwUe8234A] C:\Windows\System32\LEL8gTZqhCkVlBx.exe () O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [o8fZ9hTXwClBzNx8234A] C:\Windows\System32\azNycAuvDoF5Q6E.exe () [2011/10/07 10:13:49 | 000,000,000 | ---D | C] -- C:\Users\terri\AppData\Roaming\FcccA11ivD2oF4m [2011/10/07 10:13:48 | 000,000,000 | ---D | C] -- C:\Users\terri\AppData\Roaming\tttxxP0ycS1iv3n [2011/10/07 10:13:48 | 000,000,000 | ---D | C] -- C:\Users\terri\AppData\Roaming\RqqqhhYXwkU [2011/10/07 09:21:21 | 003,001,856 | ---- | M] () -- C:\Windows\System32\azNycAuvDoF5Q6E.exe [2011/10/05 16:12:04 | 000,001,752 | ---- | M] () -- C:\AV Guard Online.lnk [2011/10/05 16:11:51 | 002,411,520 | ---- | M] () -- C:\Windows\System32\LEL8gTZqhCkVlBx.exe [2011/10/05 15:19:13 | 000,120,832 | ---- | M] () -- C:\Windows\System32\drivers\4122A9D.sys [2011/10/05 15:18:29 | 000,120,832 | ---- | M] () -- C:\Windows\System32\drivers\1957E85.sys [2011/10/05 15:18:23 | 000,120,832 | ---- | M] () -- C:\Windows\System32\drivers\167650B.sys [2011/10/05 15:17:48 | 000,120,832 | ---- | M] () -- C:\Windows\System32\drivers\184DE6E.sys [2011/10/07 09:21:21 | 003,001,856 | ---- | C] () -- C:\Windows\System32\azNycAuvDoF5Q6E.exe [2011/10/05 08:58:37 | 000,001,005 | ---- | C] () -- C:\Users\terri\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk [2011/10/05 08:58:36 | 000,000,981 | ---- | C] () -- C:\Users\terri\Desktop\AVG PC Tuneup 2011.lnk [2011/10/05 08:40:28 | 000,695,729 | ---- | C] () -- C:\Users\terri\AVGInstLog.cab [2011/05/15 22:16:25 | 000,011,086 | -HS- | C] () -- C:\Users\terri\AppData\Local\hk67n73apv1 [2011/05/15 22:16:25 | 000,011,086 | -HS- | C] () -- C:\ProgramData\hk67n73apv1 [2011/05/15 09:50:28 | 000,011,188 | -HS- | C] () -- C:\Users\terri\AppData\Local\w6r2f6ci4p63ya75hgb4wc01 [2011/05/15 09:50:28 | 000,011,188 | -HS- | C] () -- C:\ProgramData\w6r2f6ci4p63ya75hgb4wc01 :files xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C sc config gusvc start= disabled /c :Commands [purity] [Reboot]
Copy the text in the code box by highlighting and Ctrl + c
:processes killallprocesses :Services gusvc :OTL SRV - File not found [On_Demand | Stopped] -- -- (gusvc) O4 - HKLM..\Run: [msWJ7dEL8RqYwUe8234A] C:\Windows\System32\LEL8gTZqhCkVlBx.exe () O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [o8fZ9hTXwClBzNx8234A] C:\Windows\System32\azNycAuvDoF5Q6E.exe () [2011/10/07 10:13:49 | 000,000,000 | ---D | C] -- C:\Users\terri\AppData\Roaming\FcccA11ivD2oF4m [2011/10/07 10:13:48 | 000,000,000 | ---D | C] -- C:\Users\terri\AppData\Roaming\tttxxP0ycS1iv3n [2011/10/07 10:13:48 | 000,000,000 | ---D | C] -- C:\Users\terri\AppData\Roaming\RqqqhhYXwkU [2011/10/07 09:21:21 | 003,001,856 | ---- | M] () -- C:\Windows\System32\azNycAuvDoF5Q6E.exe [2011/10/05 16:12:04 | 000,001,752 | ---- | M] () -- C:\AV Guard Online.lnk [2011/10/05 16:11:51 | 002,411,520 | ---- | M] () -- C:\Windows\System32\LEL8gTZqhCkVlBx.exe [2011/10/05 15:19:13 | 000,120,832 | ---- | M] () -- C:\Windows\System32\drivers\4122A9D.sys [2011/10/05 15:18:29 | 000,120,832 | ---- | M] () -- C:\Windows\System32\drivers\1957E85.sys [2011/10/05 15:18:23 | 000,120,832 | ---- | M] () -- C:\Windows\System32\drivers\167650B.sys [2011/10/05 15:17:48 | 000,120,832 | ---- | M] () -- C:\Windows\System32\drivers\184DE6E.sys [2011/10/07 09:21:21 | 003,001,856 | ---- | C] () -- C:\Windows\System32\azNycAuvDoF5Q6E.exe [2011/10/05 08:58:37 | 000,001,005 | ---- | C] () -- C:\Users\terri\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk [2011/10/05 08:58:36 | 000,000,981 | ---- | C] () -- C:\Users\terri\Desktop\AVG PC Tuneup 2011.lnk [2011/10/05 08:40:28 | 000,695,729 | ---- | C] () -- C:\Users\terri\AVGInstLog.cab [2011/05/15 22:16:25 | 000,011,086 | -HS- | C] () -- C:\Users\terri\AppData\Local\hk67n73apv1 [2011/05/15 22:16:25 | 000,011,086 | -HS- | C] () -- C:\ProgramData\hk67n73apv1 [2011/05/15 09:50:28 | 000,011,188 | -HS- | C] () -- C:\Users\terri\AppData\Local\w6r2f6ci4p63ya75hgb4wc01 [2011/05/15 09:50:28 | 000,011,188 | -HS- | C] () -- C:\ProgramData\w6r2f6ci4p63ya75hgb4wc01 :files xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C sc config gusvc start= disabled /c :Commands [purity] [Reboot]
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.
Download, Save and Right click on unhide.exe and Run As Administrator from
http://download.blee...nler/unhide.exe
Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.
If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.
Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwarebytes.org/mbam.php
SAVE Malwarebytes' Anti-Malware to your desktop.
Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
ComboFix
:!: It must be saved to your desktop, do not run it from your browser:!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Rightclick on ComboFix and select Run As Administrator to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
A caution - Do not run Combofix more than once. Allow it to update if it wants to. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
Ron
Go on with the steps.
Ron
Here are the new logs identified as sections 1 & 2. Am I to procede following the additional steps you have prescribed, or should I wait until you have time to review the logs pasted below?. Please advise.
Thank you again for your assistance! I look forward to your reply. Best regards.
Chris2078
SECTION 1
OTL logfile created on: 10/9/2011 7:58:10 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\terri\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.38 Mb Total Physical Memory | 228.82 Mb Available Physical Memory | 22.58% Memory free
2.23 Gb Paging File | 1.12 Gb Available in Paging File | 50.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 93.57 Gb Free Space | 63.40% Space Free | Partition Type: NTFS
Computer Name: TERRI-PC | User Name: terri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/07 16:03:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\terri\Desktop\OTL.exe
PRC - [2011/05/15 11:45:40 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\flash\FlashUtil10q_ActiveX.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/05/18 19:11:02 | 004,472,832 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/27 22:15:46 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/04/26 20:56:10 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2007/04/26 20:22:36 | 004,803,584 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2007/04/24 05:31:10 | 000,529,976 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2007/04/20 17:09:16 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/04/10 18:40:28 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 12:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2007/03/22 13:46:54 | 000,448,632 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 19:50:26 | 000,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/27 15:11:02 | 000,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/09 07:01:32 | 000,518,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\86f11c538ade043910d7510a948d4f6a\TCrdMain.ni.exe
MOD - [2011/08/09 06:10:06 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4d5fc62cbae71aae3cf1fa90446920ef\System.Windows.Forms.ni.dll
MOD - [2011/08/09 06:09:53 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\daf35d9703895998bae9efd6d23be282\System.Drawing.ni.dll
MOD - [2011/08/09 06:09:30 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\de898892a723d0b470a904f35009026e\PresentationFramework.Aero.ni.dll
MOD - [2011/08/09 06:09:27 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\42febbc98987f1eb481bef951f33a15d\PresentationFramework.ni.dll
MOD - [2011/08/09 06:08:59 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d8ed93f3a3123eb08cddadd84a56327e\PresentationCore.ni.dll
MOD - [2011/08/09 06:08:35 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\7aa97db6c6147a8dc4ba3a7416aff401\WindowsBase.ni.dll
MOD - [2011/08/09 06:08:26 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f5fa811725cbc26754b26fb9cb2bda63\System.ni.dll
MOD - [2011/08/09 06:07:36 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2007/04/26 20:22:36 | 004,803,584 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2007/04/23 12:38:08 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\ConfigFree\NotifyCFF.dll
MOD - [2007/04/20 17:09:16 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
MOD - [2007/03/30 13:04:48 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/12/11 19:39:02 | 000,011,776 | ---- | M] () -- C:\Program Files\Toshiba\HDD Protection\NotifyTHP.dll
MOD - [2006/12/01 20:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\TBS\NotifyTBS.dll
MOD - [2006/11/09 20:27:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/11/08 20:08:30 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2006/10/10 13:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/04/14 07:49:44 | 000,703,008 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2008/02/26 14:19:46 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/24 17:41:06 | 000,333,064 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2007/04/27 22:15:46 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/04/24 05:31:10 | 000,529,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 19:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
========== Driver Services (SafeList) ==========
DRV - [2010/11/08 16:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 16:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/05 16:20:02 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/05 16:19:56 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/05 16:19:50 | 000,154,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/12/04 17:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/04 17:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/04 17:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/06/03 11:01:28 | 000,341,504 | ---- | M] (Novatel Wireless, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWVNdis.sys -- (NWVNDIS)
DRV - [2009/06/03 11:01:28 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/05/25 16:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/04/10 23:45:37 | 000,185,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2008/02/15 23:37:50 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/04/27 22:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/04/27 12:22:00 | 000,021,504 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/04/16 12:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/04/09 18:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/28 20:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/07 19:29:18 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/10/23 18:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/18 05:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/18 05:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/10/06 00:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 22:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/02/14 13:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2005/09/27 18:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\terri\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\terri\AppData\Roaming\Move Networks [2010/01/16 22:13:05 | 000,000,000 | ---D | M]
[2011/10/05 08:30:14 | 000,002,223 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\websearch.xml
O1 HOSTS File: ([2011/10/07 10:12:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8164994F-863E-4D6F-8F33-2A968823761B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE235EF4-7D2A-4A03-8E83-72EB035413B1}: NameServer = 24.217.0.5,24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B44ABE6F-E686-4FDA-9AB5-0D50D6E5DF68}: DhcpNameServer = 69.78.96.14 66.174.92.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5BDD6CF-00C5-434C-9F8F-07871FF76A0E}: NameServer = 69.78.235.35 69.78.96.14
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/10/09 19:45:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/07 16:03:24 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\terri\Desktop\OTL.exe
[2011/10/07 16:00:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/07 10:42:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/07 10:42:54 | 000,000,000 | ---D | C] -- C:\Users\terri\AppData\Local\temp
[2011/10/07 10:37:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/07 09:43:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/07 09:43:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/07 09:43:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/07 09:42:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/07 09:42:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/07 09:38:23 | 004,247,628 | R--- | C] (Swearware) -- C:\Users\terri\Desktop\ComboFix.exe
[2011/10/07 09:16:06 | 000,000,000 | ---D | C] -- C:\Guard Online
[2011/10/07 09:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WSTB
[2011/10/07 09:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/10/05 16:12:03 | 000,000,000 | ---D | C] -- C:\AV Guard Online
[2011/10/05 09:00:27 | 000,000,000 | ---D | C] -- C:\Users\terri\AppData\Roaming\AVG
[2011/10/05 08:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/10/05 08:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/10/05 08:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/05 08:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2011/10/05 08:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/03 13:13:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/10/09 19:56:10 | 000,608,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/09 19:56:10 | 000,105,952 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/09 19:55:21 | 000,684,297 | ---- | M] () -- C:\Users\terri\Desktop\unhide.exe
[2011/10/09 19:49:50 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/09 19:49:46 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 19:49:45 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 19:49:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/09 19:49:35 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/09 19:36:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/09 15:21:11 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{78072361-A1B9-4D89-909D-1D03BB472410}.job
[2011/10/07 16:03:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\terri\Desktop\OTL.exe
[2011/10/07 15:52:37 | 013,356,640 | ---- | M] () -- C:\Users\terri\Desktop\Geek1.one
[2011/10/07 13:08:19 | 004,247,628 | R--- | M] (Swearware) -- C:\Users\terri\Desktop\ComboFix.exe
[2011/10/07 10:14:11 | 000,001,212 | ---- | M] () -- C:\Users\terri\AppData\Roaming\ldr.ini
[2011/10/07 10:12:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/05 16:12:04 | 000,001,752 | ---- | M] () -- C:\AV Guard Online.lnk
[2011/10/05 14:30:30 | 142,907,712 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/16 10:38:02 | 047,369,160 | ---- | M] () -- C:\Windows\System32\mrt.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/10/09 19:55:16 | 000,684,297 | ---- | C] () -- C:\Users\terri\Desktop\unhide.exe
[2011/10/07 15:52:26 | 013,356,640 | ---- | C] () -- C:\Users\terri\Desktop\Geek1.one
[2011/10/07 10:13:49 | 000,001,212 | ---- | C] () -- C:\Users\terri\AppData\Roaming\ldr.ini
[2011/10/07 09:43:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/07 09:43:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/07 09:43:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/07 09:43:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/07 09:43:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/05 16:12:04 | 000,001,752 | ---- | C] () -- C:\AV Guard Online.lnk
[2011/10/05 09:21:19 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/15 17:45:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/05/15 17:45:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/15 17:44:23 | 000,185,856 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys
[2011/04/06 20:23:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/27 13:00:35 | 000,030,208 | ---- | C] () -- C:\Users\terri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/14 18:56:24 | 000,003,658 | ---- | C] () -- C:\Windows\checkip.dat
[2007/05/16 17:25:30 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/16 17:25:30 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/16 17:25:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/16 17:25:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/16 17:25:30 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/16 17:25:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/16 17:17:31 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/16 16:49:40 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/16 16:49:40 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/16 16:49:40 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/16 16:49:40 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/05/16 16:44:49 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/03/30 14:27:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2006/12/05 15:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,326,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,608,884 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,952 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:21 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:24:01 | 047,369,160 | ---- | C] () -- C:\Windows\System32\mrt.exe
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/22 23:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0441DB7A
< End of report >
SECTION TWO
OTL Extras logfile created on: 10/9/2011 7:58:10 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\terri\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.38 Mb Total Physical Memory | 228.82 Mb Available Physical Memory | 22.58% Memory free
2.23 Gb Paging File | 1.12 Gb Available in Paging File | 50.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 93.57 Gb Free Space | 63.40% Space Free | Partition Type: NTFS
Computer Name: TERRI-PC | User Name: terri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "%1" %*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{53205BE1-B15F-44E8-A5D7-A99585563F4B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55A79764-AB76-40E2-A8D2-C3939DDAE270}" = lport=1701 | protocol=17 | dir=in | app=system |
"{A104FAA8-9215-4D4C-A304-3BDA32FB9F7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{AAC4D867-7891-414C-8E23-FDEC651FC208}" = lport=1723 | protocol=6 | dir=in | app=system |
"{B006969E-1B0C-48E6-A4E1-4B6EFF69BB7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DC4BC064-95C4-4578-B9FA-B433ECCCCDA5}" = rport=1723 | protocol=6 | dir=out | app=system |
"{E7645CAC-202B-4370-9D32-3DC60F4B69E4}" = rport=1701 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{091CBFD5-C38B-424B-97A4-9382571D0147}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4138F43F-B23A-4BE3-9A5C-AB7523FD2C7B}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{5D034346-0566-4B32-A4B2-73D07AED9764}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{6427B102-C842-4E9D-919D-C437B4031F71}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{683A444D-1C10-46F0-97BA-F8571BF30381}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{9DD12DCB-8B48-476F-AAF8-407AF9816D93}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{D01B0DD8-12FE-483C-85AC-429114C8D0B1}" = protocol=6 | dir=out | app=system |
"{D389CCE5-D129-49B8-927C-5C4FF07B7FF6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{FCAAFCED-303E-41B3-95E0-583A2C5C2200}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{F42436D1-AA8D-46AE-8FD0-E4A2DD83EEA9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{5EED683F-D833-4991-82C6-F3731106D3FB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{49B85E35-3C56-4420-9A0A-D125348A2D7F}" = TOSHIBA Supervisor Password
"{4F5CE18C-D97D-48FF-A510-A0D90C918294}" = iTunes
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{51E7609E-F086-4ECA-9870-5B9E4E5096BD}" = Verizon Wireless USB720-V740 Firmware Updates
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B35D327-0607-4EED-A2E9-1312D10FD5EC}" = Verizon Wireless USB727 Firmware Updates
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8B81CF96-0223-40E9-B6E7-1461F450B605}" = TOSHIBA Hardware Setup
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{9763E36A-08E9-4228-BBCE-12989A4EB1A8}" = QuickTime
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro AntiVirus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CDC85536-A0EF-4401-82A6-25D8EFC7EFAC}" = VZAccess Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DA846E79-1C13-4AB0-8DEB-77935469CD9A}" = Mobile Broadband Generic Drivers
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}" = Microsoft Office Live Meeting 2007
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Desktop Dialer" = Desktop Dialer
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{49B85E35-3C56-4420-9A0A-D125348A2D7F}" = TOSHIBA Supervisor Password
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{8B81CF96-0223-40E9-B6E7-1461F450B605}" = TOSHIBA Hardware Setup
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Internet Offers from Toshiba" = Internet Offers
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"oggcodecs" = oggcodecs 0.71.0946
"Picasa2" = Picasa 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Media Center Game Console" = TOSHIBA Media Center Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WT022084" = Bejeweled 2 Deluxe
"WT022085" = Blackhawk Striker 2
"WT022086" = Blasterball 3
"WT022087" = Diner Dash - Flo on the Go
"WT022089" = FATE
"WT022090" = Mah Jong Quest
"WT022091" = Penguins!
"WT022092" = Polar Bowler
"WT022093" = Polar Golfer
"Yahoo! Mail" = att.net Internet Mail
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d06fdace4f64c131" = RightNow
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/9/2011 8:04:15 AM | Computer Name = terri-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/9/2011 8:04:15 AM | Computer Name = terri-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/9/2011 8:04:17 AM | Computer Name = terri-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/9/2011 8:04:18 AM | Computer Name = terri-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/9/2011 8:04:20 AM | Computer Name = terri-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/9/2011 8:04:21 AM | Computer Name = terri-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/9/2011 8:16:53 AM | Computer Name = terri-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/9/2011 8:16:54 AM | Computer Name = terri-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/11/2011 9:41:27 PM | Computer Name = terri-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.19088 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 348 Start Time: 01cc709c921fea60 Termination Time: 78
Error - 9/26/2011 8:46:49 AM | Computer Name = terri-PC | Source = Application Error | ID = 1000
Description = Faulting application VZAccess Manager.exe, version 7.2.1.2, time stamp
0x4b060a48, faulting module WmcNvtl32.dll_unloaded, version 0.0.0.0, time stamp
0x4ab95afe, exception code 0xc0000005, fault offset 0x059d286c, process id 0x424,
application start time 0x01cc79f758e0ac80.
[ Media Center Events ]
Error - 4/29/2008 9:19:50 PM | Computer Name = terri-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 5/30/2008 9:19:32 PM | Computer Name = terri-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 2/7/2010 2:31:30 PM | Computer Name = terri-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 10/9/2011 11:56:25 AM | Computer Name = terri-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 10/9/2011 12:11:06 PM | Computer Name = terri-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.
Error - 10/9/2011 4:05:01 PM | Computer Name = terri-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 10/9/2011 8:45:14 PM | Computer Name = terri-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 10/9/2011 8:45:14 PM | Computer Name = terri-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 10/9/2011 8:50:00 PM | Computer Name = terri-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10/9/2011 8:50:00 PM | Computer Name = terri-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10/9/2011 8:50:00 PM | Computer Name = terri-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10/9/2011 8:50:01 PM | Computer Name = terri-PC | Source = DCOM | ID = 10005
Description =
Error - 10/9/2011 8:50:02 PM | Computer Name = terri-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >Copy the text in the code box by highlighting and Ctrl + c
:processes killallprocesses :Services gusvc :OTL SRV - File not found [On_Demand | Stopped] -- -- (gusvc) O4 - HKLM..\Run: [msWJ7dEL8RqYwUe8234A] C:\Windows\System32\LEL8gTZqhCkVlBx.exe () O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [o8fZ9hTXwClBzNx8234A] C:\Windows\System32\azNycAuvDoF5Q6E.exe () [2011/10/07 10:13:49 | 000,000,000 | ---D | C] -- C:\Users\terri\AppData\Roaming\FcccA11ivD2oF4m [2011/10/07 10:13:48 | 000,000,000 | ---D | C] -- C:\Users\terri\AppData\Roaming\tttxxP0ycS1iv3n [2011/10/07 10:13:48 | 000,000,000 | ---D | C] -- C:\Users\terri\AppData\Roaming\RqqqhhYXwkU [2011/10/07 09:21:21 | 003,001,856 | ---- | M] () -- C:\Windows\System32\azNycAuvDoF5Q6E.exe [2011/10/05 16:12:04 | 000,001,752 | ---- | M] () -- C:\AV Guard Online.lnk [2011/10/05 16:11:51 | 002,411,520 | ---- | M] () -- C:\Windows\System32\LEL8gTZqhCkVlBx.exe [2011/10/05 15:19:13 | 000,120,832 | ---- | M] () -- C:\Windows\System32\drivers\4122A9D.sys [2011/10/05 15:18:29 | 000,120,832 | ---- | M] () -- C:\Windows\System32\drivers\1957E85.sys [2011/10/05 15:18:23 | 000,120,832 | ---- | M] () -- C:\Windows\System32\drivers\167650B.sys [2011/10/05 15:17:48 | 000,120,832 | ---- | M] () -- C:\Windows\System32\drivers\184DE6E.sys [2011/10/07 09:21:21 | 003,001,856 | ---- | C] () -- C:\Windows\System32\azNycAuvDoF5Q6E.exe [2011/10/05 08:58:37 | 000,001,005 | ---- | C] () -- C:\Users\terri\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk [2011/10/05 08:58:36 | 000,000,981 | ---- | C] () -- C:\Users\terri\Desktop\AVG PC Tuneup 2011.lnk [2011/10/05 08:40:28 | 000,695,729 | ---- | C] () -- C:\Users\terri\AVGInstLog.cab [2011/05/15 22:16:25 | 000,011,086 | -HS- | C] () -- C:\Users\terri\AppData\Local\hk67n73apv1 [2011/05/15 22:16:25 | 000,011,086 | -HS- | C] () -- C:\ProgramData\hk67n73apv1 [2011/05/15 09:50:28 | 000,011,188 | -HS- | C] () -- C:\Users\terri\AppData\Local\w6r2f6ci4p63ya75hgb4wc01 [2011/05/15 09:50:28 | 000,011,188 | -HS- | C] () -- C:\ProgramData\w6r2f6ci4p63ya75hgb4wc01 :files xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C sc config gusvc start= disabled /c :Commands [purity] [Reboot]
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.
Download, Save and Right click on unhide.exe and Run As Administrator from
http://download.blee...nler/unhide.exe
Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.
If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.
Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwarebytes.org/mbam.php
SAVE Malwarebytes' Anti-Malware to your desktop.
Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
ComboFix
:!: It must be saved to your desktop, do not run it from your browser:!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Rightclick on ComboFix and select Run As Administrator to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
A caution - Do not run Combofix more than once. Allow it to update if it wants to. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
Ron
cd \windows\logs\cbs copy cbs.log cbs.old del cbs.log sfc /scannow findstr /c:"[SR]" cbs.log > junk.txt
Can you delete these files/folders:
C:\Guard Online
c:\programdata\WSTB
C:\AV Guard Online
Re run TDSSKiller to make sure it was able to clear the problem it found.
aswMBR creates two files. One is a dump of the mbr (the .dat file) the other is a .log or .txt file which you should be able to open and copy/paste to a reply. IF the FIX button was lit in aswMBR (not the FixMBR button) then run it again and press it.
Submit C:\Windows\System 32\Drivers\Netbt.sys to http://virustotal.com and let's see what they say about it. IF they don't say ssomething like 0/43 then copy the report and paste it into a reply.
Perhaps windows can fix it for us:
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:cd \windows\logs\cbs copy cbs.log cbs.old del cbs.log sfc /scannow findstr /c:"[SR]" cbs.log > junk.txt
attach the file \windows\logs\cbs\junk.txt to your next reply.
Ron
Windows says SFC replaced the bad file so run aswMBR again and see if still detects a problem.
Is it running OK now?
Ron
/md5start Netbt.sys volsnap.sys tcpip.sys userinit.exe /md5stopthen run OTL (right click and Run as Administrator) and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top
Copy the text in the code box by highlighting and Ctrl + c
/md5start Netbt.sys volsnap.sys tcpip.sys userinit.exe /md5stopthen run OTL (right click and Run as Administrator) and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will probably not reboot the PC when it is done this time. Save the log and copy and paste it to a reply. This searches through the PC looking for the files in the list we gave it. It will calculate the MD5 values for each file it finds. We should find a good copy we can use. I'm also having it check the files that Combofix and TDSSKiller claimed to have fixed plus tcpip.sys which was recently replaced.
For your office problem:
Make sure you can see hidden and system files:
Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.
Then look and see if the folder is still empty.
Ron
(bedtime for me)
:processes killallprocesses :files C:\WINDOWS\System32\drivers\netbt.sys|c:\netbt.txt /replace C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys|c:\netbt.txt /replace :Commands [Reboot]
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.