Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help removing Tidserv Activity 2 [Closed] [Solved]


  • This topic is locked This topic is locked

#166
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
OTL logfile created on: 2/3/2012 2:08:49 PM - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.86 Mb Total Physical Memory | 682.78 Mb Available Physical Memory | 67.81% Memory free
1.62 Gb Paging File | 1.41 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 40.66 Gb Free Space | 72.76% Space Free | Partition Type: NTFS
Drive E: | 489.72 Mb Total Space | 185.54 Mb Free Space | 37.89% Space Free | Partition Type: FAT

Computer Name: TR15-BACKUP | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/03 13:07:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.com
PRC - [2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/18 16:18:40 | 000,126,976 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.exe
PRC - [2005/01/06 19:37:56 | 000,798,720 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
PRC - [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/12/27 21:32:02 | 000,110,592 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
PRC - [2004/12/27 21:31:58 | 000,270,336 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2004/12/27 21:31:38 | 000,036,864 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2004/12/25 03:51:02 | 000,172,032 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2004/12/13 21:25:28 | 000,266,240 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe
PRC - [2004/12/06 23:54:28 | 000,081,920 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
PRC - [2004/11/30 23:26:34 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2004/11/12 19:57:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2004/11/03 13:12:26 | 000,147,456 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2004/10/15 12:27:56 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/10/15 12:27:38 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/10/15 12:23:12 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/09/15 17:03:08 | 000,135,168 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2004/08/10 19:21:38 | 000,258,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2004/06/28 12:16:34 | 000,073,728 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2004/05/13 15:46:02 | 000,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2004/02/24 17:57:32 | 000,077,824 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMETEMnu.exe
PRC - [2003/08/01 16:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TME3\tmesbs32.exe
PRC - [2003/05/23 15:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/03/14 13:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2003/01/21 20:00:06 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 16:33:24 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2004/10/15 12:23:18 | 000,073,728 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL
MOD - [2004/05/13 15:46:02 | 000,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (napagent)
SRV - File not found [On_Demand | Stopped] -- -- (hkmsvc)
SRV - File not found [On_Demand | Stopped] -- -- (EapHost)
SRV - File not found [On_Demand | Stopped] -- -- (Dot3svc)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2006/09/02 18:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2005/01/18 16:18:40 | 000,126,976 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2004/12/25 03:51:02 | 000,172,032 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2004/05/13 15:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 16:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 15:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/03/01 21:37:30 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/05/25 16:01:00 | 000,069,098 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2005/04/30 16:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/01/08 02:11:42 | 000,029,184 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/01/07 17:42:07 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/12/28 01:31:50 | 000,016,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2004/11/30 18:04:16 | 000,409,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/11/13 14:24:52 | 000,006,144 | R--- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2004/10/15 12:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/09/09 12:49:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2004/08/23 13:20:06 | 000,158,720 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004/07/22 16:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/06/16 13:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/05/08 22:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/04/30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
DRV - [2004/02/04 12:27:28 | 000,138,240 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TMicAry.sys -- (TMicAry)
DRV - [2004/01/30 12:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/19 17:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/11 10:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2002/09/13 00:48:50 | 000,008,832 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TBtnKey.sys -- (TBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 13:05:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/02 13:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/29 09:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 07:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 07:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/03 13:56:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TosRotation] C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262802408948 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.133.170.2 66.133.150.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D8E192A-F041-4DD0-8A5C-CC97778BB461}: DhcpNameServer = 66.133.170.2 66.133.150.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/07 14:39:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/03 13:08:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.com
[2012/02/02 13:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/30 20:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/01/30 10:34:44 | 000,000,000 | ---D | C] -- C:\FRST
[2012/01/04 16:30:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/08 14:39:55 | 000,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2011/01/08 14:39:55 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2005/01/07 15:30:07 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll
[2005/01/07 15:30:07 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\Thkemrun.exe
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/03 14:01:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/03 14:01:09 | 1055,838,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 13:56:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/03 13:07:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.com
[2012/02/02 15:20:03 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2012/02/02 13:05:05 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/30 20:21:39 | 000,446,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/30 20:21:39 | 000,073,464 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/30 20:18:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 20:18:16 | 000,223,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/24 17:06:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/24 17:06:35 | 000,003,151 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/01/24 16:53:03 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2012/01/07 15:57:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2012/02/02 16:57:48 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\drivers\verfile.tic
[2012/02/02 13:05:05 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/02 13:05:04 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/30 20:18:15 | 1055,838,208 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/24 17:06:05 | 000,003,151 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/01/24 16:38:45 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/01/24 13:06:21 | 000,000,173 | ---- | C] () -- C:\WINDOWS\CBCDDEL.BAT
[2012/01/24 13:06:21 | 000,000,128 | ---- | C] () -- C:\WINDOWS\BVER.BAT
[2012/01/02 15:55:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/02 15:55:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/02 15:55:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/02 15:55:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/02 15:55:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/24 12:32:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/24 12:12:38 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/24 12:12:38 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/05/14 22:31:28 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/19 10:52:28 | 000,000,026 | ---- | C] () -- C:\WINDOWS\wb09d2se.INI
[2011/01/08 18:50:12 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2010/02/08 16:06:29 | 000,000,215 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/01/05 19:21:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2010/01/04 20:59:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/01/04 19:48:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2010/01/04 19:25:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/16 13:10:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/16 13:09:45 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/21 13:05:14 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/01/21 13:05:14 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/01/07 17:52:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/01/07 17:52:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/01/07 17:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/01/07 17:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/01/07 17:52:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/01/07 17:52:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/01/07 17:40:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/07 16:26:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/01/07 15:58:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/01/07 15:58:08 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/01/07 15:42:54 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/01/07 15:42:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/01/07 15:42:54 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/01/07 15:42:54 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/01/07 15:41:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/01/07 15:30:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2005/01/07 14:46:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/07 14:42:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/07 14:35:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/07 14:33:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/07 12:06:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/07 12:03:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/07 12:03:38 | 000,446,424 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/07 12:03:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/07 12:03:38 | 000,073,464 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/07 12:03:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/07 12:03:36 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/07 12:03:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/07 12:03:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/07 12:03:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/07 12:03:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/07 12:03:09 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/07 12:03:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/07 06:28:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/07 06:27:42 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/12 09:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/10/02 19:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AliasWavefront
[2010/01/04 19:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/04/14 11:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Software MacKiev
[2005/01/07 17:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/12/27 00:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2011/12/27 00:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\InterVideo
[2011/04/14 11:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Software MacKiev
[2005/01/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\toshiba
[2011/04/14 11:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WB09D2SE

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#167
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does it now connect and how many other users do you have
  • 0

#168
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
doesn't connect. I have 5 users total: Dad, Mom, and 3 kids. We can remove some if needed.
  • 0

#169
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we will run an OTL scan for each to ensure that everything gets marmalised and then we will confirm all services are running

So run the custom scan on each user not yet done - I will remove what is there and then continue to track down the connection problem

Also check each user for access to the net
  • 0

#170
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
will do.
  • 0

#171
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well at least we get the full tour of your computer :lol:
  • 0

#172
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
can you repost what scan or fix to run? Just so I can be sure. Thanks!
  • 0

#173
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
For sure this is the standard initial scan per user

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#174
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
OTL logfile created on: 2/3/2012 3:45:12 PM - Run 8
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Isabel\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.86 Mb Total Physical Memory | 676.21 Mb Available Physical Memory | 67.16% Memory free
1.62 Gb Paging File | 1.39 Gb Available in Paging File | 85.64% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 40.64 Gb Free Space | 72.73% Space Free | Partition Type: NTFS
Drive E: | 489.72 Mb Total Space | 185.55 Mb Free Space | 37.89% Space Free | Partition Type: FAT

Computer Name: TR15-BACKUP | User Name: Isabel | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/31 13:47:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Isabel\Desktop\OTL.exe
PRC - [2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/06 19:37:56 | 000,798,720 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
PRC - [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/12/27 21:32:02 | 000,110,592 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
PRC - [2004/12/25 03:51:02 | 000,172,032 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2004/12/13 21:25:28 | 000,266,240 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe
PRC - [2004/12/06 23:54:28 | 000,081,920 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
PRC - [2004/11/30 23:26:34 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2004/11/12 19:57:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2004/10/15 12:27:56 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/10/15 12:27:38 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/10/15 12:23:12 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/09/15 17:03:08 | 000,135,168 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2004/08/10 19:21:38 | 000,258,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2004/06/28 12:16:34 | 000,073,728 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2004/02/24 17:57:32 | 000,077,824 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMETEMnu.exe
PRC - [2003/08/01 16:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TME3\tmesbs32.exe
PRC - [2003/03/14 13:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2003/01/21 20:00:06 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe


========== Modules (No Company Name) ==========

MOD - [2004/10/15 12:23:18 | 000,073,728 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-348162203-2603255770-593814586-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-21-348162203-2603255770-593814586-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-348162203-2603255770-593814586-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 13:05:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/03 12:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Isabel\Application Data\Mozilla\Extensions
[2012/02/02 13:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/29 09:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 07:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 07:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/03 13:56:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TosRotation] C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-348162203-2603255770-593814586-1010..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-21-348162203-2603255770-593814586-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262802408948 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.133.170.2 66.133.150.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D8E192A-F041-4DD0-8A5C-CC97778BB461}: DhcpNameServer = 66.133.170.2 66.133.150.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NecUsb3Sevice: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Isabel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Isabel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/07 14:39:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: napagent - File not found
NetSvcs: hkmsvc - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/02/03 15:43:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Isabel\Desktop\OTL.exe
[2012/02/03 12:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Isabel\Local Settings\Application Data\Mozilla
[2012/02/03 12:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Isabel\Application Data\Mozilla
[2012/02/02 13:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/30 20:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/01/30 10:34:44 | 000,000,000 | ---D | C] -- C:\FRST
[2012/01/04 16:30:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/08 14:39:55 | 000,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2011/01/08 14:39:55 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2005/01/07 15:30:07 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll
[2005/01/07 15:30:07 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\Thkemrun.exe
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/03 14:01:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/03 14:01:09 | 1055,838,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 13:56:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/02 15:20:03 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2012/02/02 13:05:05 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/31 13:47:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Isabel\Desktop\OTL.exe
[2012/01/30 20:21:39 | 000,446,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/30 20:21:39 | 000,073,464 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/30 20:18:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 20:18:16 | 000,223,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/24 17:06:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/24 17:06:35 | 000,003,151 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/01/24 16:53:03 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2012/01/07 15:57:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2012/02/02 16:57:48 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\drivers\verfile.tic
[2012/02/02 13:05:05 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/02 13:05:04 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/30 20:18:15 | 1055,838,208 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/24 17:06:05 | 000,003,151 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/01/24 16:38:45 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/01/24 13:06:21 | 000,000,173 | ---- | C] () -- C:\WINDOWS\CBCDDEL.BAT
[2012/01/24 13:06:21 | 000,000,128 | ---- | C] () -- C:\WINDOWS\BVER.BAT
[2012/01/02 15:55:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/02 15:55:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/02 15:55:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/02 15:55:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/02 15:55:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/24 12:32:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/24 12:12:38 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/24 12:12:38 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/04/19 10:52:28 | 000,000,026 | ---- | C] () -- C:\WINDOWS\wb09d2se.INI
[2011/01/08 19:20:00 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Isabel\Local Settings\Application Data\fusioncache.dat
[2010/02/08 16:06:29 | 000,000,215 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/01/05 19:21:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2010/01/04 20:59:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/01/04 19:48:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2010/01/04 19:25:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/16 13:10:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/16 13:09:45 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/21 13:05:14 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/01/21 13:05:14 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/01/07 17:52:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/01/07 17:52:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/01/07 17:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/01/07 17:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/01/07 17:52:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/01/07 17:52:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/01/07 17:40:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/07 16:26:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/01/07 15:58:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/01/07 15:58:08 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/01/07 15:42:54 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/01/07 15:42:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/01/07 15:42:54 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/01/07 15:42:54 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/01/07 15:41:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/01/07 15:30:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2005/01/07 14:46:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/07 14:42:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/07 14:35:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/07 14:33:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/07 12:06:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/07 12:03:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/07 12:03:38 | 000,446,424 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/07 12:03:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/07 12:03:38 | 000,073,464 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/07 12:03:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/07 12:03:36 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/07 12:03:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/07 12:03:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/07 12:03:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/07 12:03:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/07 12:03:09 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/07 12:03:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/07 06:28:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/07 06:27:42 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/12 09:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/10/02 19:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AliasWavefront
[2010/01/04 19:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/04/14 11:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Software MacKiev
[2005/01/07 17:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/12/27 00:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2011/12/27 00:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterVideo
[2005/01/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\InterVideo
[2005/01/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\toshiba
[2011/05/28 15:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\WB09D2SE

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 07:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/14 07:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe

< MD5 for: WINLOGON.EXE >
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 07:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 07:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2004/08/04 06:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3D8E192A-F041-4DD0-8A5C-CC97778BB461}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3F3F485D-E64D-46DC-AC44-63BFEB98F9BC}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8CC3B895-CBCC-4007-8B3A-5DAA967BE707}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{948DDF37-EC52-4D3F-A3EB-25C081EE8FA7}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{95F9A266-E7C2-4B51-BB4F-C774F18B4ABA}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DD066170-CAB7-4FCE-B235-83458B8580ED}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{ED78B5F7-C5AD-4C2A-99A1-D946C9E15D6C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F5375A63-3D52-4422-8F39-FDC2F274E2E5}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2004/08/04 06:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 06 01 05 01 04 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 06:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2004/08/04 06:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2004/08/04 06:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >
  • 0

#175
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
OTL logfile created on: 2/3/2012 3:51:31 PM - Run 9
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jessica\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.86 Mb Total Physical Memory | 665.63 Mb Available Physical Memory | 66.11% Memory free
1.62 Gb Paging File | 1.39 Gb Available in Paging File | 85.67% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 40.64 Gb Free Space | 72.73% Space Free | Partition Type: NTFS
Drive E: | 489.72 Mb Total Space | 185.48 Mb Free Space | 37.87% Space Free | Partition Type: FAT

Computer Name: TR15-BACKUP | User Name: Jessica | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/31 13:47:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
PRC - [2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/06 19:37:56 | 000,798,720 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
PRC - [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/12/27 21:32:02 | 000,110,592 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
PRC - [2004/12/25 03:51:02 | 000,172,032 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2004/12/13 21:25:28 | 000,266,240 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe
PRC - [2004/12/06 23:54:28 | 000,081,920 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
PRC - [2004/11/30 23:26:34 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2004/11/12 19:57:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2004/10/15 12:27:56 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/10/15 12:27:38 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/10/15 12:23:12 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/09/15 17:03:08 | 000,135,168 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2004/08/10 19:21:38 | 000,258,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2004/06/28 12:16:34 | 000,073,728 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2004/02/24 17:57:32 | 000,077,824 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMETEMnu.exe
PRC - [2003/08/01 16:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TME3\tmesbs32.exe
PRC - [2003/03/14 13:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2003/01/21 20:00:06 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe


========== Modules (No Company Name) ==========

MOD - [2004/10/15 12:23:18 | 000,073,728 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-348162203-2603255770-593814586-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-21-348162203-2603255770-593814586-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-348162203-2603255770-593814586-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 13:05:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/03 12:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions
[2012/02/02 13:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/29 09:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 07:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 07:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/03 13:56:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TosRotation] C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-348162203-2603255770-593814586-1009..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-21-348162203-2603255770-593814586-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262802408948 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.133.170.2 66.133.150.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D8E192A-F041-4DD0-8A5C-CC97778BB461}: DhcpNameServer = 66.133.170.2 66.133.150.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NecUsb3Sevice: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/07 14:39:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: napagent - File not found
NetSvcs: hkmsvc - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/02/03 15:51:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
[2012/02/03 12:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Local Settings\Application Data\Mozilla
[2012/02/03 12:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Application Data\Mozilla
[2012/02/02 13:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/30 20:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/01/30 10:34:44 | 000,000,000 | ---D | C] -- C:\FRST
[2012/01/04 16:30:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/08 14:39:55 | 000,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2011/01/08 14:39:55 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2005/01/07 15:30:07 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll
[2005/01/07 15:30:07 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\Thkemrun.exe
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/03 14:01:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/03 14:01:09 | 1055,838,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 13:56:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/02 15:20:03 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2012/02/02 13:05:05 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/31 13:47:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
[2012/01/30 20:21:39 | 000,446,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/30 20:21:39 | 000,073,464 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/30 20:18:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 20:18:16 | 000,223,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/24 17:06:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/24 17:06:35 | 000,003,151 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/01/24 16:53:03 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2012/01/07 15:57:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2012/02/02 16:57:48 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\drivers\verfile.tic
[2012/02/02 13:05:05 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/02 13:05:04 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/30 20:18:15 | 1055,838,208 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/24 17:06:05 | 000,003,151 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/01/24 16:38:45 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/01/24 13:06:21 | 000,000,173 | ---- | C] () -- C:\WINDOWS\CBCDDEL.BAT
[2012/01/24 13:06:21 | 000,000,128 | ---- | C] () -- C:\WINDOWS\BVER.BAT
[2012/01/02 15:55:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/02 15:55:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/02 15:55:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/02 15:55:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/02 15:55:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/24 12:32:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/24 12:12:38 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/24 12:12:38 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/04/19 10:52:28 | 000,000,026 | ---- | C] () -- C:\WINDOWS\wb09d2se.INI
[2011/01/08 18:47:32 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\fusioncache.dat
[2010/02/08 16:06:29 | 000,000,215 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/01/05 19:21:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2010/01/04 20:59:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/01/04 19:48:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2010/01/04 19:25:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/16 13:10:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/16 13:09:45 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/21 13:05:14 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/01/21 13:05:14 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/01/07 17:52:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/01/07 17:52:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/01/07 17:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/01/07 17:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/01/07 17:52:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/01/07 17:52:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/01/07 17:40:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/07 16:26:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/01/07 15:58:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/01/07 15:58:08 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/01/07 15:42:54 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/01/07 15:42:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/01/07 15:42:54 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/01/07 15:42:54 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/01/07 15:41:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/01/07 15:30:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2005/01/07 14:46:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/07 14:42:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/07 14:35:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/07 14:33:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/07 12:06:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/07 12:03:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/07 12:03:38 | 000,446,424 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/07 12:03:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/07 12:03:38 | 000,073,464 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/07 12:03:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/07 12:03:36 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/07 12:03:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/07 12:03:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/07 12:03:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/07 12:03:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/07 12:03:09 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/07 12:03:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/07 06:28:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/07 06:27:42 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/12 09:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/10/02 19:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AliasWavefront
[2010/01/04 19:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/04/14 11:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Software MacKiev
[2005/01/07 17:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/12/27 00:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2011/12/27 00:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterVideo
[2005/01/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\InterVideo
[2011/09/01 17:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Software MacKiev
[2005/01/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\toshiba
[2011/05/09 13:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\WB09D2SE

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 07:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/14 07:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe

< MD5 for: WINLOGON.EXE >
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 07:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 07:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2004/08/04 06:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3D8E192A-F041-4DD0-8A5C-CC97778BB461}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3F3F485D-E64D-46DC-AC44-63BFEB98F9BC}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8CC3B895-CBCC-4007-8B3A-5DAA967BE707}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{948DDF37-EC52-4D3F-A3EB-25C081EE8FA7}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{95F9A266-E7C2-4B51-BB4F-C774F18B4ABA}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DD066170-CAB7-4FCE-B235-83458B8580ED}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{ED78B5F7-C5AD-4C2A-99A1-D946C9E15D6C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F5375A63-3D52-4422-8F39-FDC2F274E2E5}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2004/08/04 06:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 06 01 05 01 04 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 06:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2004/08/04 06:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2004/08/04 06:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >
  • 0

Advertisements


#176
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
OTL logfile created on: 2/3/2012 3:57:25 PM - Run 10
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Maria!!\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.86 Mb Total Physical Memory | 667.70 Mb Available Physical Memory | 66.32% Memory free
1.62 Gb Paging File | 1.39 Gb Available in Paging File | 85.65% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 40.64 Gb Free Space | 72.73% Space Free | Partition Type: NTFS
Drive E: | 489.72 Mb Total Space | 185.41 Mb Free Space | 37.86% Space Free | Partition Type: FAT

Computer Name: TR15-BACKUP | User Name: Maria!! | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/31 13:47:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maria!!\Desktop\OTL.exe
PRC - [2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/06 19:37:56 | 000,798,720 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
PRC - [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/12/27 21:32:02 | 000,110,592 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
PRC - [2004/12/25 03:51:02 | 000,172,032 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2004/12/13 21:25:28 | 000,266,240 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe
PRC - [2004/12/06 23:54:28 | 000,081,920 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
PRC - [2004/11/30 23:26:34 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2004/11/12 19:57:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2004/10/15 12:27:56 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/10/15 12:27:38 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/10/15 12:23:12 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/09/15 17:03:08 | 000,135,168 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2004/08/10 19:21:38 | 000,258,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2004/06/28 12:16:34 | 000,073,728 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2004/02/24 17:57:32 | 000,077,824 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMETEMnu.exe
PRC - [2003/08/01 16:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TME3\tmesbs32.exe
PRC - [2003/03/14 13:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2003/01/21 20:00:06 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe


========== Modules (No Company Name) ==========

MOD - [2004/10/15 12:23:18 | 000,073,728 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-348162203-2603255770-593814586-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-21-348162203-2603255770-593814586-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-348162203-2603255770-593814586-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 13:05:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/03 12:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maria!!\Application Data\Mozilla\Extensions
[2012/02/02 13:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/29 09:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 07:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 07:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/03 13:56:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TosRotation] C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-348162203-2603255770-593814586-1012..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-21-348162203-2603255770-593814586-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262802408948 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.133.170.2 66.133.150.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D8E192A-F041-4DD0-8A5C-CC97778BB461}: DhcpNameServer = 66.133.170.2 66.133.150.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NecUsb3Sevice: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/07 14:39:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: napagent - File not found
NetSvcs: hkmsvc - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/02/03 15:56:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maria!!\Desktop\OTL.exe
[2012/02/03 12:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maria!!\Local Settings\Application Data\Mozilla
[2012/02/03 12:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maria!!\Application Data\Mozilla
[2012/02/02 13:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/30 20:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/01/30 10:34:44 | 000,000,000 | ---D | C] -- C:\FRST
[2012/01/04 16:30:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/08 14:39:55 | 000,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2011/01/08 14:39:55 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2005/01/07 15:30:07 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll
[2005/01/07 15:30:07 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\Thkemrun.exe
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/03 14:01:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/03 14:01:09 | 1055,838,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 13:56:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/02 15:20:03 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2012/02/02 13:05:05 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/31 13:47:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maria!!\Desktop\OTL.exe
[2012/01/30 20:21:39 | 000,446,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/30 20:21:39 | 000,073,464 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/30 20:18:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 20:18:16 | 000,223,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/24 17:06:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/24 17:06:35 | 000,003,151 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/01/24 16:53:03 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2012/01/07 15:57:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2012/02/02 16:57:48 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\drivers\verfile.tic
[2012/02/02 13:05:05 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/02 13:05:04 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/30 20:18:15 | 1055,838,208 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/24 17:06:05 | 000,003,151 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/01/24 16:38:45 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/01/24 13:06:21 | 000,000,173 | ---- | C] () -- C:\WINDOWS\CBCDDEL.BAT
[2012/01/24 13:06:21 | 000,000,128 | ---- | C] () -- C:\WINDOWS\BVER.BAT
[2012/01/02 15:55:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/02 15:55:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/02 15:55:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/02 15:55:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/02 15:55:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/24 12:32:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/24 12:12:38 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/24 12:12:38 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/10/28 13:40:36 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Maria!!\Local Settings\Application Data\fusioncache.dat
[2011/04/19 10:52:28 | 000,000,026 | ---- | C] () -- C:\WINDOWS\wb09d2se.INI
[2010/02/08 16:06:29 | 000,000,215 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/01/05 19:21:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2010/01/04 20:59:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/01/04 19:48:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2010/01/04 19:25:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/16 13:10:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/16 13:09:45 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/21 13:05:14 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/01/21 13:05:14 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/01/07 17:52:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/01/07 17:52:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/01/07 17:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/01/07 17:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/01/07 17:52:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/01/07 17:52:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/01/07 17:40:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/07 16:26:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/01/07 15:58:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/01/07 15:58:08 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/01/07 15:42:54 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/01/07 15:42:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/01/07 15:42:54 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/01/07 15:42:54 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/01/07 15:41:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/01/07 15:30:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2005/01/07 14:46:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/07 14:42:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/07 14:35:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/07 14:33:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/07 12:06:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/07 12:03:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/07 12:03:38 | 000,446,424 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/07 12:03:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/07 12:03:38 | 000,073,464 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/07 12:03:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/07 12:03:36 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/07 12:03:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/07 12:03:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/07 12:03:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/07 12:03:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/07 12:03:09 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/07 12:03:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/07 06:28:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/07 06:27:42 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/12 09:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/10/02 19:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AliasWavefront
[2010/01/04 19:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/04/14 11:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Software MacKiev
[2005/01/07 17:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/12/27 00:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2011/12/27 00:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterVideo
[2005/01/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria!!\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria!!\Application Data\InterVideo
[2005/01/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria!!\Application Data\toshiba

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 07:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/14 07:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe

< MD5 for: WINLOGON.EXE >
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 07:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 07:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2004/08/04 06:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3D8E192A-F041-4DD0-8A5C-CC97778BB461}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3F3F485D-E64D-46DC-AC44-63BFEB98F9BC}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8CC3B895-CBCC-4007-8B3A-5DAA967BE707}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{948DDF37-EC52-4D3F-A3EB-25C081EE8FA7}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{95F9A266-E7C2-4B51-BB4F-C774F18B4ABA}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DD066170-CAB7-4FCE-B235-83458B8580ED}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{ED78B5F7-C5AD-4C2A-99A1-D946C9E15D6C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F5375A63-3D52-4422-8F39-FDC2F274E2E5}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2004/08/04 06:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 06 01 05 01 04 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 06:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2004/08/04 06:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2004/08/04 06:00:00 | 000,034,304 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2004/08/04 06:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >
  • 0

#177
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK they are all OK so lets blame Mom :lol:

From one of the admin accounts we will run Farbar and check the services

Open Services...
Start > Run > Type: services.msc > Click OK
Scroll down to and double click DNS Client
Set to Automatic under Startup type
Click the Apply button
Click the Start button
When it starts click OK

Repeat for DHCP Client.
And repeat for Remote Procedure Call (RPC).

When done, close Services.

Try the connection again

THEN

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#178
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
All 3 were already set to automatic and started. Remote Procedure Call (RPC) was greyed out but set to automatic and started.

Farbar Service Scanner Version: 18-01-2012 01
Ran by Show User (administrator) on 03-02-2012 at 16:32:43
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2010-01-04 19:48] - [2004-08-04 06:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2010-01-04 19:48] - [2005-05-25 13:04] - 0359808 ____A (Microsoft Corporation) 88763A98A4C26C409741B4AA162720C9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2010-01-04 19:48] - [2004-08-04 06:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2005-01-07 12:03] - [2004-08-04 06:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2005-01-07 12:03] - [2004-08-04 06:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2005-01-07 12:03] - [2004-08-04 06:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys
[2010-01-04 19:48] - [2004-08-04 06:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2005-01-07 12:03] - [2004-08-04 06:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2005-01-07 14:36] - [2004-08-04 06:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2010-01-04 19:51] - [2004-08-04 06:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2005-01-07 12:03] - [2004-08-04 06:00] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2010-01-04 19:48] - [2004-08-04 06:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
AegisP(12) Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(9) Tcpip(3)
0x0B00000004000000010000000200000003000000050000000600000007000000090000000A0000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#179
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible

Your system is able to access the net

Could you type the following into the IE address bar and let me know the result 204.145.81.68

Meanwhile I will get a reg fix together to fix the windows update and security centre problem
  • 0

#180
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
when i type that in i get to what looks like a stripped down geeks to go webpage. Its a white page with blue and black text. it looks like the headers, content, and links are there but a lot of stuff is missing, like pictures videos etc.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP