Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop not booting up [Solved]


  • This topic is locked This topic is locked

#1
dvd7e

dvd7e

    Member

  • Member
  • PipPip
  • 50 posts
When my laptop (Toshiba A55-S1063 Satellite, running Windows XP service pack 3) boots up, Windows starts (doesn't let me pick my user account though) and then just gets frozen with the desktop wallpaper displayed, but no Icons, no Taskbar, nothing. When I hit ctrl+alt+del, most of the time nothing happens, but every once in a while the task manager will come up, but the CPU is so bogged down it can't do anything. It is an older laptop with not much RAM, but it used to work fine for basic stuff. The problem showed up months ago, and haven't really gotten around to looking into it until recently.

When I start in Safe Mode, I can pick my user account, and XP boots up just fine.

I ran a virus scan, and Malaware Bytes scan and fixed the problems they found, and restarted my computer, but it didn't solve anything - still no desktop load in Normal mode. I can only get the desktop to load in Safe Mode. Also, I tried running a check disk, still no luck.....XP will only start in Safe Mode. Also ran a Hijack This scan, but didn't take any actions from it.

Any help would be very much appreciated. Thanks in advance!


Here's my OTL scan log:


OTL logfile created on: 6/8/2012 2:16:38 PM - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Documents and Settings\Valerie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

238.80 Mb Total Physical Memory | 115.55 Mb Available Physical Memory | 48.39% Memory free
585.46 Mb Paging File | 511.78 Mb Available in Paging File | 87.41% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 16.26 Gb Free Space | 43.64% Space Free | Partition Type: NTFS
Drive E: | 14.90 Gb Total Space | 9.77 Gb Free Space | 65.54% Space Free | Partition Type: FAT32

Computer Name: VALERIE | User Name: <deleted> | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/08 14:14:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2007/05/18 17:26:38 | 000,071,168 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2006/06/15 02:40:28 | 000,115,952 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/06/15 02:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/06/15 02:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/06/07 17:38:58 | 000,173,744 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2006/06/07 17:38:26 | 000,087,728 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/03/24 18:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/24 18:14:56 | 000,202,400 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006/03/24 18:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/01/24 21:06:58 | 000,214,720 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/12/22 19:50:04 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/06/16 19:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/05/13 16:46:02 | 000,053,248 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2004/04/07 15:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/08/18 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110823.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110823.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/28 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/09 04:43:20 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20111103.002\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2007/05/18 17:26:38 | 000,069,824 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2006/05/05 17:19:50 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/24 21:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2006/01/24 21:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2006/01/24 21:06:28 | 000,031,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)
DRV - [2006/01/24 21:06:24 | 000,028,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)
DRV - [2006/01/24 21:06:18 | 000,110,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)
DRV - [2006/01/24 21:06:14 | 000,012,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)
DRV - [2005/12/19 21:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 21:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/09/07 17:32:58 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/09/07 17:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/05/13 13:24:34 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/05/13 13:05:20 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/01/12 04:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2004/12/22 19:45:36 | 000,393,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/02/20 18:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/02/16 15:34:28 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2004/01/26 22:03:20 | 000,033,847 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wa301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2003/12/10 20:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/17 20:19:32 | 000,230,416 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 19:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:05:20 | 000,031,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCE.sys -- (QCEmerald)
DRV - [2001/08/17 14:05:06 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\OVSound2.sys -- (lusbaudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()



O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [msci] C:\Documents and Settings\Valeriet\Local Settings\Temp\20061030233658_mcinfo.exe (McAfee, Inc)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe ()
O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe (SigmaTel Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06101001.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5A09E11-CE18-45E1-93C9-0AB4B01F6579}: DhcpNameServer = 67.142.174.10 67.142.174.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Valerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/12 19:48:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{30df5db0-896d-11db-8e32-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{30df5db0-896d-11db-8e32-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{30df5db0-896d-11db-8e32-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{758d4e60-f339-11da-8dd5-00038a000015}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/08 14:16:20 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\OTL.exe
[2012/05/25 15:03:20 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Valerie\Desktop\HijackThis.exe
[2012/05/25 12:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Anti-Spyware 7.5
[2012/05/25 11:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valerie\Application Data\Malwarebytes
[2012/05/25 11:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/25 11:13:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/25 11:13:08 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/25 11:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/25 11:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/25 11:11:35 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Valerie\Desktop\mbam-setup(2).exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/08 14:14:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\OTL.exe
[2012/06/08 14:10:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/08 14:09:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/28 10:43:11 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/28 10:43:11 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/25 14:57:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Valerie\Desktop\HijackThis.exe
[2012/05/25 14:51:14 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\userinit.reg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/25 14:51:14 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\Valerie\Desktop\userinit.reg
[2012/05/25 12:38:59 | 006,469,352 | ---- | C] () -- C:\Documents and Settings\Valerie\Desktop\avgas-setup-7.5.0.50.exe
[2012/05/25 11:11:26 | 030,909,992 | ---- | C] () -- C:\Documents and Settings\Valerie\Desktop\avira_antivir_personal_en.exe
[2011/05/01 08:46:52 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

========== LOP Check ==========

[2010/03/14 19:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/02/09 13:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/06/15 17:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/01/31 13:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\acccore
[2006/03/01 14:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Aim
[2005/05/13 12:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\InterTrust
[2005/05/17 12:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\InterVideo
[2006/12/16 16:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Panasonic
[2006/01/31 08:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Template
[2005/05/13 12:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\toshiba
[2007/02/09 13:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Viewpoint
[2011/11/12 18:01:14 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, dvd7e! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.

Please delete your current copy of OTL and follow these directions to get a current copy ot OTL.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 3.

Please post:

aswMBR log
OTL.txt
Extras.txt


Give me an update on your computer's issues.
  • 0

#3
dvd7e

dvd7e

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
CompCav,

Thank you for the help.

I followed the instructions that you listed. There are no changes in the issues, I can still only boot in safe mode. Otherwise, it just freezes with the desktop background showing and no start menu, taskbar etc.

Here are my scan logs:

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 18:47:01
-----------------------------
18:47:01.767 OS Version: Windows 5.1.2600 Service Pack 3
18:47:01.767 Number of processors: 1 586 0xD08
18:47:01.767 ComputerName: VALERIE UserName:
18:47:02.358 Initialize success
18:57:47.666 AVAST engine defs: 12061001
19:01:46.879 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:01:46.889 Disk 0 Vendor: HTS541040G9AT00 MB2OA60A Size: 38154MB BusType: 3
19:01:46.920 Disk 0 MBR read successfully
19:01:46.930 Disk 0 MBR scan
19:01:47.160 Disk 0 unknown MBR code
19:01:47.180 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
19:01:47.310 Disk 0 scanning sectors +78140160
19:01:47.641 Disk 0 scanning C:\WINDOWS\system32\drivers
19:02:10.243 Service scanning
19:02:47.366 Modules scanning
19:02:59.474 Disk 0 trace - called modules:
19:02:59.524 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:02:59.534 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81a85588]
19:02:59.574 3 CLASSPNP.SYS[f9919fd7] -> nt!IofCallDriver -> \Device\0000007e[0x81a88e18]
19:02:59.614 5 ACPI.sys[f9870620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81ac7830]
19:03:01.016 AVAST engine scan C:\WINDOWS
19:03:25.361 AVAST engine scan C:\WINDOWS\system32
19:06:26.311 AVAST engine scan C:\WINDOWS\system32\drivers
19:06:49.034 AVAST engine scan C:\Documents and Settings\Valerie Walthert
19:23:32.717 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Valerie Walthert\Desktop\MBR.dat"
19:23:32.787 The log file has been saved successfully to "C:\Documents and Settings\Valerie Walthert\Desktop\aswMBR.txt"



OTL.txt:



OTL logfile created on: 6/10/2012 7:26:49 PM - Run 2
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Documents and Settings\Valerie Walthert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

238.80 Mb Total Physical Memory | 69.36 Mb Available Physical Memory | 29.04% Memory free
585.46 Mb Paging File | 406.86 Mb Available in Paging File | 69.49% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 16.14 Gb Free Space | 43.32% Space Free | Partition Type: NTFS
Drive E: | 14.90 Gb Total Space | 9.76 Gb Free Space | 65.51% Space Free | Partition Type: FAT32

Computer Name: VALERIE | User Name: Valerie Walthert | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/08 14:14:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie Walthert\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2007/05/18 17:26:38 | 000,071,168 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2006/06/15 02:40:28 | 000,115,952 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/06/15 02:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/06/15 02:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/06/07 17:38:58 | 000,173,744 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2006/06/07 17:38:26 | 000,087,728 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/03/24 18:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/24 18:14:56 | 000,202,400 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006/03/24 18:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/01/24 21:06:58 | 000,214,720 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/12/22 19:50:04 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/06/16 19:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/05/13 16:46:02 | 000,053,248 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2004/04/07 15:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2011/08/18 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110823.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110823.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/28 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/09 04:43:20 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20111103.002\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2007/05/18 17:26:38 | 000,069,824 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2006/05/05 17:19:50 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/24 21:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2006/01/24 21:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2006/01/24 21:06:28 | 000,031,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)
DRV - [2006/01/24 21:06:24 | 000,028,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)
DRV - [2006/01/24 21:06:18 | 000,110,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)
DRV - [2006/01/24 21:06:14 | 000,012,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)
DRV - [2005/12/19 21:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 21:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/09/07 17:32:58 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/09/07 17:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/05/13 13:24:34 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/05/13 13:05:20 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/01/12 04:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2004/12/22 19:45:36 | 000,393,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/02/20 18:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/02/16 15:34:28 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2004/01/26 22:03:20 | 000,033,847 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wa301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2003/12/10 20:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/17 20:19:32 | 000,230,416 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 19:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:05:20 | 000,031,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCE.sys -- (QCEmerald)
DRV - [2001/08/17 14:05:06 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\OVSound2.sys -- (lusbaudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-118688267-767785527-3773242843-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-21-118688267-767785527-3773242843-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-118688267-767785527-3773242843-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-118688267-767785527-3773242843-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-118688267-767785527-3773242843-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-118688267-767785527-3773242843-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()



O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-118688267-767785527-3773242843-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-118688267-767785527-3773242843-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [msci] C:\Documents and Settings\Valerie Walthert\Local Settings\Temp\20061030233658_mcinfo.exe (McAfee, Inc)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe ()
O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe (SigmaTel Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-118688267-767785527-3773242843-1006..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKU\S-1-5-21-118688267-767785527-3773242843-1006..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-118688267-767785527-3773242843-1006..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-118688267-767785527-3773242843-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06101001.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5A09E11-CE18-45E1-93C9-0AB4B01F6579}: DhcpNameServer = 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Valerie Walthert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valerie Walthert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/12 19:48:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{30df5db0-896d-11db-8e32-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{30df5db0-896d-11db-8e32-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{30df5db0-896d-11db-8e32-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{758d4e60-f339-11da-8dd5-00038a000015}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10

========== Files/Folders - Created Within 30 Days ==========

[2012/06/10 18:46:57 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Valerie Walthert\Desktop\aswMBR.exe
[2012/06/08 14:16:20 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valerie Walthert\Desktop\OTL.exe
[2012/05/25 15:03:20 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Valerie Walthert\Desktop\HijackThis.exe
[2012/05/25 12:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Anti-Spyware 7.5
[2012/05/25 11:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valerie Walthert\Application Data\Malwarebytes
[2012/05/25 11:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/25 11:13:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/25 11:13:08 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/25 11:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/25 11:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/25 11:11:35 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Valerie Walthert\Desktop\mbam-setup(2).exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/10 19:23:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Valerie Walthert\Desktop\MBR.dat
[2012/06/10 18:45:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/10 18:45:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/10 18:39:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Valerie Walthert\Desktop\aswMBR.exe
[2012/06/08 14:14:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie Walthert\Desktop\OTL.exe
[2012/05/28 10:43:11 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/28 10:43:11 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/25 14:57:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Valerie Walthert\Desktop\HijackThis.exe
[2012/05/25 14:51:14 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\Valerie Walthert\Desktop\userinit.reg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/10 19:23:32 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Valerie Walthert\Desktop\MBR.dat
[2012/05/25 14:51:14 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\Valerie Walthert\Desktop\userinit.reg
[2012/05/25 12:38:59 | 006,469,352 | ---- | C] () -- C:\Documents and Settings\Valerie Walthert\Desktop\avgas-setup-7.5.0.50.exe
[2012/05/25 11:11:26 | 030,909,992 | ---- | C] () -- C:\Documents and Settings\Valerie Walthert\Desktop\avira_antivir_personal_en.exe
[2011/05/01 08:46:52 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

========== LOP Check ==========

[2010/03/14 19:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/02/09 13:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/06/15 17:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2005/05/13 12:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2005/05/17 12:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterVideo
[2005/05/13 12:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2006/01/31 13:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie Walthert\Application Data\acccore
[2006/03/01 14:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie Walthert\Application Data\Aim
[2005/05/13 12:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie Walthert\Application Data\InterTrust
[2005/05/17 12:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie Walthert\Application Data\InterVideo
[2006/12/16 16:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie Walthert\Application Data\Panasonic
[2006/01/31 08:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie Walthert\Application Data\Template
[2005/05/13 12:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie Walthert\Application Data\toshiba
[2007/02/09 13:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie Walthert\Application Data\Viewpoint
[2011/11/12 18:01:14 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{19117570-CE3C-481C-A9FC-D10410234147}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{5A065297-35C1-451A-9B0A-DE8CA0315145}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{E5A09E11-CE18-45E1-93C9-0AB4B01F6579}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F252C9DB-4D7E-4118-A5F1-F08099432C86}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F326DCC8-746B-493A-A19F-B14588ED6164}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 08:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2005/02/07 16:04:30 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2005/02/07 16:04:30 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2005/02/07 16:04:30 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2005/02/07 16:04:30 | 000,038,000 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/17 08:21:24 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/17 08:21:24 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/17 08:21:24 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/08/17 07:01:37 | 000,634,632 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2005/02/07 16:04:30 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2005/02/07 16:04:30 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2005/02/07 16:04:30 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2005/02/07 16:04:30 | 000,038,000 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/17 08:21:24 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/17 08:21:24 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/17 08:21:24 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/08/17 07:01:37 | 000,634,632 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: VALERIE
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 C SQ003654 NTFS Partition 37 GB Healthy System
Volume 2 E FAT32 Removeable 15 GB

< End of report >



Extras.txt:


OTL Extras logfile created on: 6/8/2012 2:16:38 PM - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Documents and Settings\Valerie Walthert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

238.80 Mb Total Physical Memory | 115.55 Mb Available Physical Memory | 48.39% Memory free
585.46 Mb Paging File | 511.78 Mb Available in Paging File | 87.41% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 16.26 Gb Free Space | 43.64% Space Free | Partition Type: NTFS
Drive E: | 14.90 Gb Total Space | 9.77 Gb Free Space | 65.54% Space Free | Partition Type: FAT32

Computer Name: VALERIE | User Name: Valerie Walthert | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\AOL\1138729035\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1138729035\ee\aolsoftware.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\1138729035\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1138729035\ee\aim6.exe:*:Enabled:AIM
"C:\Program Files\CU Services\JtF.exe" = C:\Program Files\CU Services\JtF.exe:*:Enabled:JtF -- ()
"C:\WINDOWS\SideCar.exe" = C:\WINDOWS\SideCar.exe:*:Enabled:SideCar -- (Cornell Information Technologies)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{62298873-16FA-11D4-91D1-00A0C9CFD624}" = Bear Access Fall 2003
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for Toshiba
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C20729A4-C8C2-4DE3-94BE-5E3A2E9EFB63}" = Symantec Client Security
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Inkjet Printer J740" = Dell Inkjet Printer J740
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InterActual Player" = InterActual Player
"JDSecure" = JD Secure 3.1
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook_Maximizer" = Notebook Maximizer
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Port Magic" = Pure Networks Port Magic
"Power Saver" = TOSHIBA Power Saver
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Skype_is1" = Skype 2.0
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"TOSHIBA Utilities" = TOSHIBA Utilities
"TouchED" = TOSHIBA TouchPad On/Off Utility V2.05.00
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2011 5:27:02 AM | Computer Name = VALERIE | Source = ESENT | ID = 489
Description = wuauclt (1156) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/12/2011 5:27:02 AM | Computer Name = VALERIE | Source = ESENT | ID = 455
Description = wuaueng.dll (1156) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 11/12/2011 5:28:53 AM | Computer Name = VALERIE | Source = ESENT | ID = 489
Description = wuauclt (384) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/12/2011 5:28:53 AM | Computer Name = VALERIE | Source = ESENT | ID = 455
Description = wuaueng.dll (384) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 11/12/2011 5:29:03 AM | Computer Name = VALERIE | Source = ESENT | ID = 489
Description = wuauclt (384) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/12/2011 5:29:03 AM | Computer Name = VALERIE | Source = ESENT | ID = 455
Description = wuaueng.dll (384) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 11/12/2011 5:32:10 AM | Computer Name = VALERIE | Source = ESENT | ID = 489
Description = wuauclt (712) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/12/2011 5:32:10 AM | Computer Name = VALERIE | Source = ESENT | ID = 455
Description = wuaueng.dll (712) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 11/12/2011 5:32:20 AM | Computer Name = VALERIE | Source = ESENT | ID = 489
Description = wuauclt (712) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/12/2011 5:32:20 AM | Computer Name = VALERIE | Source = ESENT | ID = 455
Description = wuaueng.dll (712) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 5/25/2012 4:38:29 PM | Computer Name = VALERIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/28/2012 10:39:11 AM | Computer Name = VALERIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 5/28/2012 10:40:37 AM | Computer Name = VALERIE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl Fips intelppm SAVRT SAVRTPEL SPBBCDrv SYMTDI

Error - 5/28/2012 10:40:43 AM | Computer Name = VALERIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/28/2012 10:44:39 AM | Computer Name = VALERIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/28/2012 10:46:55 AM | Computer Name = VALERIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/8/2012 2:09:48 PM | Computer Name = VALERIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 6/8/2012 2:10:34 PM | Computer Name = VALERIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/8/2012 2:11:13 PM | Computer Name = VALERIE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl Fips intelppm SAVRT SAVRTPEL SPBBCDrv SYMTDI

Error - 6/8/2012 2:15:19 PM | Computer Name = VALERIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

Thank you for the help.

You are welcome! :thumbsup:




Your RAM memory is very low at 250 MB. You should have at least 500 MB and recommended for XP is 1.5 to 2.0 GB!
I will want you to look into purchasing additional RAM after we complete the next few steps.




Step 1.

Click Start >> Control Panel >> Add/Remove Programs and remove:

Ask.com Toolbar -- This is Adware
AOL Spyware Protection -- This is very out of date and not needed
Viewpoint Media Player -- This is foistware that was installed without your knowledge


If you cannot uninstall any of these in safe mode just skip them and go on to step 2.

Step 2.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKU\S-1-5-21-118688267-767785527-3773242843-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-118688267-767785527-3773242843-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [msci] C:\Documents and Settings\Valerie Walthert\Local Settings\Temp\20061030233658_mcinfo.exe (McAfee, Inc)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
    O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
    O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_08)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
    O33 - MountPoints2\{30df5db0-896d-11db-8e32-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{30df5db0-896d-11db-8e32-00038a000015}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{30df5db0-896d-11db-8e32-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{758d4e60-f339-11da-8dd5-00038a000015}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe
    [2012/05/25 12:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Anti-Spyware 7.5
    [2012/05/25 12:38:59 | 006,469,352 | ---- | C] () -- C:\Documents and Settings\Valerie Walthert\Desktop\avgas-setup-7.5.0.50.exe
    [2012/05/25 11:11:26 | 030,909,992 | ---- | C] () -- C:\Documents and Settings\Valerie Walthert\Desktop\avira_antivir_personal_en.exe
    [2007/02/09 13:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2007/02/09 13:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie Walthert\Application Data\Viewpoint
    [2011/11/12 18:01:14 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    [2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
    
    
    :files
    ipconfig /flushdns /c
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 3.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. This infection will require a reboot to correct so make sure these are turned off and will not turn back on at reboot. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions



Step 4.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 5.

Please post:

OTL fix log
ComboFix.txt
TDSSKiller log


Update me on your computer issues.
  • 0

#5
dvd7e

dvd7e

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I apologize, but I think I may have spoken too soon. Windows does boot now, even outside of Safe Mode. So it looks like it's OK now. (This is after the first set of instructions.)

I see that you have posted some additional instructions, so I'll follow those as well, in case there are any other issues that need to be taken care of.

Thanks

Edited by dvd7e, 10 June 2012 - 06:39 PM.

  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please do as much of it as you can in Normal mode!
  • 0

#7
dvd7e

dvd7e

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Hi,

I got a little stuck on Step 3 (ComboFix). I started the scan, but it's been going on for about 3 hours now and nothing new has happened. The window with the blue background still says the same thing when it started (it says it normally takes 10 mins, but could double for badly infected computers.) I did disable my Anti-virus (and firewall) before it started.

I successfully completed steps 1 and 2 (removed the programs and completed the OTL scan.) See below for the OTL log.

All processes killed
========== OTL ==========
HKU\S-1-5-21-118688267-767785527-3773242843-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.
File C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-118688267-767785527-3773242843-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msci deleted successfully.
File C:\Documents and Settings\Valerie Walthert\Local Settings\Temp\20061030233658_mcinfo.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30df5db0-896d-11db-8e32-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30df5db0-896d-11db-8e32-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30df5db0-896d-11db-8e32-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30df5db0-896d-11db-8e32-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30df5db0-896d-11db-8e32-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30df5db0-896d-11db-8e32-00038a000015}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{758d4e60-f339-11da-8dd5-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758d4e60-f339-11da-8dd5-00038a000015}\ not found.
File E:\JDSecure\Windows\JDSecure31.exe not found.
C:\Program Files\AVG Anti-Spyware 7.5 folder moved successfully.
File C:\Documents and Settings\Valerie Walthert\Desktop\avgas-setup-7.5.0.50.exe not found.
File C:\Documents and Settings\Valerie Walthert\Desktop\avira_antivir_personal_en.exe not found.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
Folder C:\Documents and Settings\Valerie Walthert\Application Data\Viewpoint\ not found.
File C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job not found.
C:\StubInstaller.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Valerie Walthert\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Valerie Walthert\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 735381 bytes
->Flash cache emptied: 300 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 69971617 bytes

User: Valerie Walthert
->Temp folder emptied: 184383064 bytes
->Temporary Internet Files folder emptied: 300611313 bytes
->Java cache emptied: 411210 bytes
->Flash cache emptied: 1900966 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138632397 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 106225527 bytes

Total Files Cleaned = 766.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.47.0 log created on 06112012_092412

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#8
dvd7e

dvd7e

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
(I should also say that I haven't cancelled or tried to stop the ComboFix scan, it is still going. I'm logged into another computer right now.)
  • 0

#9
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
What step does ComboFix show that it is on?

And has that step changed over time?

Regards,

CompCav
  • 0

#10
dvd7e

dvd7e

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
It says:


Scanning the infected files....
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double


And that hasn't changed since the scan started.
  • 0

Advertisements


#11
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
OK go ahead and stop it.
Delete the copy on your desktop.
Download a fresh copy.
Try it again.
If it hangs again, reboot then try to run it with this command:

Click Start >> Run
In the box that opens copy/paste or type:

C:\Documents and Settings\Valerie Walthert\Desktop\ComboFix.exe /nombr
then press Enter.

If you have additional problems please let me know :thumbsup:
  • 0

#12
dvd7e

dvd7e

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I tried rerunning, but it got hung up again. Both times, after a few minutes a little pop up window came up that said that the virtual memory was low.

So I tried going with your Start >> Run approach, but when I hit enter it says that that location cannot be found. I think it's because of the spaces in the path.

I also tried

'C:\Documents and Settings\Valerie Walthert\Desktop\ComboFix.exe' /nombr
"C:\Documents and Settings\Valerie Walthert\Desktop\ComboFix.exe" /nombr

but those didn't work either.
  • 0

#13
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
It is probably the low amount of memory you have.

Here is how ti find out what memory you have and could add:
For the memory I would recommend that you run the Crucial Scanner that will give you full details about the RAM that your system will accept.

You can purchase it from them or at a local computer store.




What are the current symptoms of the computer?
  • 0

#14
dvd7e

dvd7e

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
The initial problem (that the computer was missing the desktop icons, taskbar etc when booting in Normal mode; was OK in Safe Mode) seems to be resolved now. But I'm not sure if there is still malware, viruses etc that is affecting the computer. The computer isn't mine, it's a friends that I offered to help with, so I'm not sure if it was always this slow or not. I know the RAM is extremely low, so I'm not sure if it's just that or not.

Is there anything in the logs that I've posted up until now that looks like it could use further attention? Is there any reason that I should continue to try and get ComboFix to finish scanning, or to run the TDSSKiller exe?

Thanks for your help.
  • 0

#15
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Well there is an unknown MBR code so let's run TDSSKiller and then reassess after I review the log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP