Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help removing Tidserv Activity 2 [Closed] [Solved]

Started by jaydog11 , Jan 02 2012 12:32 PM

  • This topic is locked This topic is locked

#91
Essexboy
Posted 12 January 2012 - 01:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is it a retail version .. I.e is it just called windows XP as opposed to Dell system disc ?
  • 0

Advertisements

#92
jaydog11
Posted 12 January 2012 - 02:38 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
It is the CD that came with my other dell laptop when I bought it.

It is labeled:

Reinstallation CD Microsoft Windows XP Professional Service Pack 2

This software is already installed on your computer. Use this CD only to reinstall the operating system on a Dell PC.

This CD is not for reinstallation of programs and drivers.

For Distribution Only With a New Dell PC.
  • 0

#93
Essexboy
Posted 12 January 2012 - 02:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No that will not work - what is your location ?
  • 0

#94
jaydog11
Posted 12 January 2012 - 03:06 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
iowa
  • 0

#95
Essexboy
Posted 12 January 2012 - 03:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just checking around now for a cheap disc
  • 0

#96
Essexboy
Posted 16 January 2012 - 02:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#97
Essexboy
Posted 25 January 2012 - 03:42 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We will work outside of windows
Please print these instruction out so that you know what you are doing

  • Download OTLPENet.exe to your desktop
  • Download this scan.txt to USB
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start
  • Drag and drop this attached scan.txt into the Custom scans and fixes box, or double click the scan box
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#98
jaydog11
Posted 25 January 2012 - 03:45 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
I can burn this cd with my other computer correct?
  • 0

#99
Essexboy
Posted 25 January 2012 - 03:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes that is correct
  • 0

#100
jaydog11
Posted 25 January 2012 - 04:56 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
OTL logfile created on: 1/25/2012 4:45:53 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,007.00 Mb Total Physical Memory | 775.00 Mb Available Physical Memory | 77.00% Memory free
894.00 Mb Paging File | 817.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 41.97 Gb Free Space | 75.10% Space Free | Partition Type: NTFS
Drive D: | 489.72 Mb Total Space | 29.17 Mb Free Space | 5.96% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (NecUsb)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2009/01/07 21:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2006/09/02 19:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [Disabled] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2005/01/18 17:18:40 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2004/12/25 04:51:02 | 000,172,032 | ---- | M] (TOSHIBA Corporation) [Disabled] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2004/05/13 16:46:02 | 000,053,248 | ---- | M] () [Disabled] -- C:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 17:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (usbvideo) USB Video Device (WDM)
DRV - File not found [Kernel | On_Demand] -- -- (smwdm)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (aeaudio)
DRV - [2012/01/02 00:02:57 | 000,026,872 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\FixTDSS.sys -- (FixTDSS)
DRV - [2011/12/31 20:25:10 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/30 02:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120102.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/30 02:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/30 02:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/30 02:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120102.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/28 19:35:30 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20111228.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/12/21 23:50:32 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/30 22:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,369,784 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 21:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SymEFA.sys -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SymDS.sys -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/03/01 22:37:30 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/05/25 17:01:00 | 000,069,098 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2005/01/08 03:11:42 | 000,029,184 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/01/07 18:42:07 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/12/28 02:31:50 | 000,016,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2004/11/30 19:04:16 | 000,409,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/11/13 15:24:52 | 000,006,144 | R--- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2004/10/29 21:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/15 13:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/09/09 13:49:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2004/08/23 14:20:06 | 000,158,720 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus)
DRV - [2004/07/22 17:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/06/16 14:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/05/08 23:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/04/30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi)
DRV - [2004/02/04 13:27:28 | 000,138,240 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TMicAry.sys -- (TMicAry)
DRV - [2004/01/30 13:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2002/09/13 01:48:50 | 000,008,832 | ---- | M] (TOSHIBA) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TBtnKey.sys -- (TBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\Isabel_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Isabel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\Jessica_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Jessica_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\Maria!!_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Maria!!_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\Mom_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Mom_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\Show_User_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Show_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midwestdrafting.com/
IE - HKU\Show_User_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\Show_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Toshiba_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Toshiba_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.Net\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2011/12/31 23:26:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_4_3 [2012/01/06 14:49:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/01/02 17:39:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Isabel_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Isabel_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Jessica_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Jessica_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Maria!!_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Maria!!_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Mom_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Mom_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Show_User_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\Toshiba_User_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Toshiba_User_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\User_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TosRotation] C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [tabletwizard] File not found
O4 - HKU\Administrator_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Isabel_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Jessica_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Maria!!_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Mom_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Show_User_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Toshiba_User_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\User_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Isabel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jessica_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Maria!!_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mom_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Show_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Show_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Show_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Toshiba_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262802408948 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NecUsb3Sevice: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/07 15:39:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{e7ef0500-f99a-11de-99d4-000e35cd0cf5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e7ef0500-f99a-11de-99d4-000e35cd0cf5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
O33 - MountPoints2\{e7ef0500-f99a-11de-99d4-000e35cd0cf5}\Shell\Explore\command - "" = autorun.exe
O33 - MountPoints2\{e7ef0500-f99a-11de-99d4-000e35cd0cf5}\Shell\Open\command - "" = autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/07 13:34:44 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Show User\Desktop\tdsskiller.exe
[2012/01/06 18:20:46 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Show User\Desktop\VEW.exe
[2012/01/04 17:30:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/04 16:27:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2012/01/02 17:01:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/02 16:55:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/02 16:55:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/02 16:55:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/02 16:55:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/02 16:55:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/02 16:55:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/02 16:53:39 | 004,360,898 | R--- | C] (Swearware) -- C:\Documents and Settings\Show User\Desktop\ComboFix.exe
[2012/01/02 16:53:24 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Show User\Desktop\aswMBR.exe
[2012/01/02 14:16:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/02 11:46:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Show User\Desktop\OTL.exe
[2012/01/02 11:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Desktop\antivirus stuff
[2012/01/02 00:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Application Data\Malwarebytes
[2012/01/02 00:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 00:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/02 00:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/01 23:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Application Data\FixTDSS
[2012/01/01 23:57:22 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2012/01/01 23:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\My ware
[2012/01/01 23:54:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/01 23:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\My Ware
[2012/01/01 21:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Application Data\FixZeroAccess
[2012/01/01 17:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/01 04:40:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/01 04:11:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Show User\Recent
[2011/12/31 22:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\My Documents\Symantec
[2011/12/31 20:25:10 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/31 20:25:10 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/31 20:24:55 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymEFA.sys
[2011/12/31 20:24:55 | 000,369,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symtdi.sys
[2011/12/31 20:24:55 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymDS.sys
[2011/12/31 20:24:55 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symtdiv.sys
[2011/12/31 20:24:55 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/12/31 20:24:54 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/12/31 20:24:54 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Ironx86.sys
[2011/12/31 20:24:54 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/12/31 20:24:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2011/12/31 20:24:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1206000.01D
[2011/12/31 20:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/12/31 20:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/12/31 20:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/12/31 20:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/12/31 20:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/12/31 20:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Start Menu\Programs\Norton
[2011/12/31 20:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/12/31 20:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/12/27 01:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2011/12/27 01:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\MTA
[2011/01/08 15:39:55 | 000,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2011/01/08 15:39:55 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2005/01/07 16:30:07 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll
[2005/01/07 16:30:07 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\Thkemrun.exe
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[163 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/24 18:07:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/24 18:06:35 | 000,003,151 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/01/24 17:53:47 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tablet PC
[2012/01/24 17:53:03 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2012/01/24 17:45:52 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\$~$Sys0$.job
[2012/01/24 10:55:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/08 15:50:32 | 000,000,253 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\seek.bat
[2012/01/08 14:15:58 | 000,028,158 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\safeboot.reg
[2012/01/08 14:08:46 | 000,000,260 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\seek2.zip
[2012/01/07 16:57:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/07 13:33:40 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Show User\Desktop\tdsskiller.exe
[2012/01/06 18:20:04 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Show User\Desktop\VEW.exe
[2012/01/06 14:17:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\MBR.dat
[2012/01/05 16:38:28 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Show User\NTUSER.bak
[2012/01/03 17:41:32 | 000,001,571 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\MyNICDetails.bat
[2012/01/03 17:18:38 | 000,333,917 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\FSS.exe
[2012/01/02 17:39:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/02 17:02:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/02 16:47:17 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Show User\Desktop\aswMBR.exe
[2012/01/02 16:38:11 | 004,360,898 | R--- | M] (Swearware) -- C:\Documents and Settings\Show User\Desktop\ComboFix.exe
[2012/01/02 11:46:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Show User\Desktop\OTL.exe
[2012/01/02 00:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 00:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\My ware
[2012/01/02 00:02:57 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2012/01/01 17:39:57 | 001,193,394 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/01 14:31:56 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/01/01 04:29:04 | 000,439,186 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120101-220221.backup
[2011/12/31 20:25:36 | 001,193,892 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/12/31 20:25:10 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/31 20:25:10 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/31 20:25:10 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/31 20:25:10 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/31 20:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[163 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 18:06:05 | 000,003,151 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/01/24 17:45:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\$~$Sys0$.job
[2012/01/24 14:06:21 | 000,000,173 | ---- | C] () -- C:\WINDOWS\CBCDDEL.BAT
[2012/01/24 14:06:21 | 000,000,128 | ---- | C] () -- C:\WINDOWS\BVER.BAT
[2012/01/08 15:50:32 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\seek.bat
[2012/01/08 14:15:58 | 000,028,158 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\safeboot.reg
[2012/01/08 14:15:24 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\seek2.zip
[2012/01/03 17:43:45 | 000,001,571 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\MyNICDetails.bat
[2012/01/03 17:20:00 | 000,333,917 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\FSS.exe
[2012/01/02 18:06:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\MBR.dat
[2012/01/02 17:01:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/02 17:01:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/02 16:55:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/02 16:55:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/02 16:55:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/02 16:55:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/02 16:55:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/01 17:39:22 | 001,193,394 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/12/31 20:25:18 | 001,193,892 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/12/31 20:25:10 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/31 20:25:10 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/31 20:24:55 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymDS.cat
[2011/12/31 20:24:29 | 000,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymEFA.inf
[2011/12/31 20:24:29 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymDS.inf
[2011/12/31 20:24:29 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymNetV.inf
[2011/12/31 20:24:29 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymNet.inf
[2011/12/31 20:24:29 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/12/31 20:24:29 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/12/31 20:24:29 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Iron.inf
[2011/12/31 20:24:26 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnetv.cat
[2011/12/31 20:24:26 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\iron.cat
[2011/12/31 20:24:26 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymNet.cat
[2011/12/31 20:24:26 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymEFA.cat
[2011/12/31 20:24:26 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/12/31 20:24:26 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/12/31 20:24:25 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/12/24 13:32:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/24 13:12:38 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/24 13:12:38 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/12/24 01:49:27 | 000,013,706 | -HS- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\vnvbpu6x1jag7vch0tmi7v176t6q
[2011/10/28 14:40:36 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Maria!!\Local Settings\Application Data\fusioncache.dat
[2011/05/14 23:31:28 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/19 11:52:28 | 000,000,026 | ---- | C] () -- C:\WINDOWS\wb09d2se.INI
[2011/01/08 20:20:00 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Isabel\Local Settings\Application Data\fusioncache.dat
[2011/01/08 19:50:12 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2011/01/08 19:47:32 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\fusioncache.dat
[2010/02/11 08:59:41 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Show User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 17:06:29 | 000,000,215 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/01/05 20:21:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2010/01/04 21:59:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/01/04 20:48:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2010/01/04 20:25:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/22 17:32:41 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Show User\Local Settings\Application Data\fusioncache.dat
[2005/09/22 17:32:38 | 003,145,728 | -H-- | C] () -- C:\Documents and Settings\Show User\NTUSER.bak
[2005/04/06 01:40:16 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Toshiba User\Local Settings\Application Data\fusioncache.dat
[2005/04/05 07:28:02 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2005/02/16 14:10:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/16 14:09:45 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/16 14:05:01 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2005/01/21 14:05:14 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/01/21 14:05:14 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/01/07 18:52:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/01/07 18:52:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/01/07 18:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/01/07 18:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/01/07 18:52:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/01/07 18:52:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/01/07 18:40:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/07 17:26:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/01/07 16:58:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/01/07 16:58:08 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/01/07 16:42:54 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/01/07 16:42:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/01/07 16:42:54 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/01/07 16:42:54 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/01/07 16:41:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/01/07 16:30:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2005/01/07 15:46:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/07 15:42:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/07 15:35:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/07 15:33:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/07 13:06:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/07 13:03:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/07 13:03:38 | 000,446,424 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/07 13:03:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/07 13:03:38 | 000,073,464 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/07 13:03:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/07 13:03:36 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/07 13:03:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/07 13:03:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/07 13:03:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/07 13:03:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/07 13:03:09 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/07 13:03:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/07 07:28:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/07 07:27:42 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/12 10:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/01/09 00:01:05 | 000,000,024 | -HS- | C] () -- C:\Documents and Settings\Show User\Local Settings\Application Data\TabletPlanner.tb4

========== LOP Check ==========

[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\InterVideo
[2005/01/07 17:54:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2010/01/04 20:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\InterVideo
[2005/01/07 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\toshiba
[2011/05/28 16:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\WB09D2SE
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\InterVideo
[2011/09/01 18:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Software MacKiev
[2005/01/07 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\toshiba
[2011/05/09 14:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\WB09D2SE
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria!!\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria!!\Application Data\InterVideo
[2005/01/07 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria!!\Application Data\toshiba
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\InterVideo
[2011/04/14 12:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Software MacKiev
[2005/01/07 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\toshiba
[2011/04/14 12:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WB09D2SE
[2012/01/01 23:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\FixTDSS
[2012/01/01 21:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\FixZeroAccess
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\InterVideo
[2010/01/07 23:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\toshiba
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba User\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba User\Application Data\InterVideo
[2005/01/07 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba User\Application Data\toshiba
[2005/01/07 18:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterTrust
[2005/01/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterVideo
[2005/01/07 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\toshiba
[2009/10/02 20:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AliasWavefront
[2010/01/04 20:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/04/14 12:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Software MacKiev
[2005/01/07 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/12/27 01:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2011/12/27 01:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2012/01/24 17:45:52 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\$~$Sys0$.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 08:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2011/12/24 18:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/14 08:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe

< MD5 for: WINLOGON.EXE >
[2011/12/24 18:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 08:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 08:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems /s >
"Debug" =
"Kmode" = %SystemRoot%\system32\win32k.sys -- [2005/03/01 20:06:57 | 001,836,288 | ---- | M] (Microsoft Corporation)
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
"Required" = DebugWindows [binary data]
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2004/08/04 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3D8E192A-F041-4DD0-8A5C-CC97778BB461}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3F3F485D-E64D-46DC-AC44-63BFEB98F9BC}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8CC3B895-CBCC-4007-8B3A-5DAA967BE707}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{948DDF37-EC52-4D3F-A3EB-25C081EE8FA7}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{95F9A266-E7C2-4B51-BB4F-C774F18B4ABA}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DD066170-CAB7-4FCE-B235-83458B8580ED}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{ED78B5F7-C5AD-4C2A-99A1-D946C9E15D6C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F5375A63-3D52-4422-8F39-FDC2F274E2E5}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2004/08/04 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 06 01 05 01 04 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 07:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]

< C:\Windows\assembly\tmp\U\*.* /s >

Invalid Environment Variable: %Temp%\smtmp\1\*.*

Invalid Environment Variable: %Temp%\smtmp\2\*.*

Invalid Environment Variable: %Temp%\smtmp\3\*.*

Invalid Environment Variable: %Temp%\smtmp\4\*.*

< CREATERESTOREPOINT >
< End of report >
  • 0

Advertisements

#101
jaydog11
Posted 25 January 2012 - 05:39 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Should I shut the computer off now?
  • 0

#102
Essexboy
Posted 26 January 2012 - 12:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#103
jaydog11
Posted 26 January 2012 - 01:04 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
I just want to confirm that after I run this fix I reboot with the disc removed so that the laptop tries to start Windows normally correct? Then I run OTL from Windows? Sorry if I am asking too much I just want to make sure.
  • 0

#104
jaydog11
Posted 26 January 2012 - 01:16 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Sorry. After running fix I wont start in either normal or safe mode.
  • 0

#105
Essexboy
Posted 26 January 2012 - 02:37 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK run the CD
Then using the explorer on reatogo locate the following folder :

C:\windows\minidump

There will be several files there locate the latest two and copy them to a USB drive
On the oher computer zip the fies and attach them here
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP