[mraskin]

here is OTL log after the Quick Scan:

 

OTL logfile created on: 5/29/2014 7:55:24 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Michael.TOSHIBA\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.85% Memory free
3.85 Gb Paging File | 3.27 Gb Available in Paging File | 84.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.97 Gb Total Space | 60.19 Gb Free Space | 64.73% Space Free | Partition Type: NTFS
 
Computer Name: TOSHIBA | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/20 15:09:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael.TOSHIBA\Desktop\OTL.exe
PRC - [2014/03/27 12:58:56 | 000,060,416 | ---- | M] () -- C:\Program Files\Bench\Wd\wd.exe
PRC - [2014/03/27 12:58:56 | 000,049,664 | ---- | M] () -- C:\Program Files\Bench\BService\bservice.exe
PRC - [2013/10/23 16:01:10 | 000,300,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013/10/23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 15:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/18 13:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2009/02/09 06:01:52 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/28 20:08:34 | 000,675,840 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2005/04/20 15:56:58 | 000,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\TCtrlIOHook.exe
PRC - [2005/04/18 11:33:42 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/04/15 16:51:48 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/04/05 16:25:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2004/12/30 00:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/12/28 16:02:46 | 000,270,336 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2004/12/28 16:02:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2004/11/30 13:06:26 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
PRC - [2004/09/07 14:03:20 | 001,077,301 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2004/08/27 16:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/27 16:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/04/09 19:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/09 19:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/09 18:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/09 18:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/12/12 05:45:00 | 000,541,184 | R--- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE
PRC - [2001/03/15 05:18:18 | 000,049,254 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
PRC - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/27 12:58:56 | 000,060,416 | ---- | M] () -- C:\Program Files\Bench\Wd\wd.exe
MOD - [2014/03/27 12:58:56 | 000,050,688 | ---- | M] () -- C:\Program Files\Bench\BService\bhelper.dll
MOD - [2014/03/27 12:58:56 | 000,049,664 | ---- | M] () -- C:\Program Files\Bench\BService\bservice.exe
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2005/04/25 11:51:32 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\TPeculiarity.dll
MOD - [2005/04/20 15:59:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005/04/01 15:39:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\EKECioCtl.dll
MOD - [2005/04/01 15:39:14 | 000,024,576 | ---- | M] () -- C:\Program Files\TOSHIBA\TouchPad\TPECioctl.dll
MOD - [2005/04/01 15:37:28 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\EBLib.DLL
MOD - [2002/12/12 05:44:48 | 001,576,448 | R--- | M] () -- C:\Program Files\WinFax\DCCDA32I.DLL
MOD - [2001/03/15 05:18:08 | 000,065,536 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
MOD - [2000/09/28 23:58:40 | 000,228,864 | ---- | M] () -- C:\Program Files\WinFax\WFXVW32I.DLL
MOD - [2000/09/28 23:58:38 | 000,012,800 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WFXPNT40.DLL
MOD - [2000/09/28 23:58:34 | 000,142,336 | ---- | M] () -- C:\Program Files\WinFax\SENGINE.DLL
MOD - [2000/09/28 23:58:32 | 000,392,192 | ---- | M] () -- C:\Program Files\WinFax\DCCTBP32.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\ScanTack\bin\utilScanTack.exe -- (Util ScanTack)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/21 07:33:30 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 18:22:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/09/05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Stopped] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Stop_Pending] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\system32\Crypserv.exe -- (CrypKey License)
SRV - [2009/02/09 06:01:52 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/27 16:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2003/03/09 22:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys -- (StickyMesger)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/04/24 12:23:44 | 000,055,224 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}t.sys -- ({9acd1534-e8f8-40cb-b5ac-4996fe01175b}t)
DRV - [2013/01/22 12:59:30 | 000,028,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WLRAWMp50x86.sys -- (WLRAWMp50x86)
DRV - [2013/01/22 12:59:30 | 000,027,032 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WLRAWSp50x86.sys -- (WLRAWSp50x86)
DRV - [2010/03/18 16:11:11 | 000,023,360 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetWorkX)
DRV - [2009/02/09 04:54:24 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2008/01/09 07:19:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2005/04/28 01:26:48 | 000,037,248 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2005/04/26 19:53:06 | 000,074,112 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2005/04/18 19:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/04/15 13:46:04 | 000,029,056 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/04/12 00:11:43 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/03/22 08:00:58 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/09 09:14:34 | 000,008,704 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/03/03 20:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/02/25 01:33:00 | 000,102,320 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/12 19:04:18 | 000,057,984 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2004/07/31 07:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SerTVOutCtlr)
DRV - [2004/07/30 15:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 15:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/05/08 05:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2002/01/24 15:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)
DRV - [2001/09/18 12:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..browser.startup.homepage: "http://start.mysearc...cr=588007132="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2014/05/22 20:08:42 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/04/04 23:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael.TOSHIBA\Application Data\Mozilla\Extensions
[2014/05/29 19:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael.TOSHIBA\Application Data\Mozilla\Firefox\Profiles\dp9xcvwz.default\extensions
[2013/12/21 18:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/21 18:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/21 18:22:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/04 15:30:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014/05/04 15:31:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHAEL.TOSHIBA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP9XCVWZ.DEFAULT\EXTENSIONS\A0046B9B-FDB9-497F-A4B1-2A108AD6007A@5CDF80B7-0420-4BB7-B3C0-E188E6F4FB8A.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHAEL.TOSHIBA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP9XCVWZ.DEFAULT\EXTENSIONS\A9719E64-232B-4695-AE9C-A89CD7F2AA84@CA1279DF-BC0D-44A8-97EF-19301C922B68.COM
[2013/04/18 21:10:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
O1 HOSTS File: ([2014/05/29 19:44:49 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BService] C:\Program Files\Bench\BService\bservice.exe ()
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Wd] C:\Program Files\Bench\Wd\wd.exe ()
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1365139771873 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1366086642671 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29FB9B13-C47B-4FD1-8410-EE0A0F25916A}: DhcpNameServer = 192.168.1.254 75.153.176.9
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael.TOSHIBA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael.TOSHIBA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/12 15:34:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/23 01:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael.TOSHIBA\Local Settings\Application Data\BenchUpdater
[2014/05/23 01:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bench
[2014/05/23 01:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2014/05/23 01:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael.TOSHIBA\AppData
[2014/05/23 01:43:31 | 000,000,000 | ---D | C] -- C:\temp
[2014/05/23 01:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael.TOSHIBA\Local Settings\Application Data\IsolatedStorage
[2014/05/22 20:19:08 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/05/21 06:48:23 | 000,055,224 | ---- | C] (StdLib) -- C:\WINDOWS\System32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}t.sys
[2014/05/04 14:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael.TOSHIBA\Local Settings\Application Data\SearchProtect
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2 C:\Documents and Settings\Michael.TOSHIBA\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Michael.TOSHIBA\Local Settings\Application Data\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/29 19:57:12 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/05/29 19:49:17 | 000,021,876 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2014/05/29 19:47:29 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/29 19:47:28 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/05/29 19:46:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/29 19:46:54 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/29 19:44:49 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/05/29 19:37:54 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/29 19:32:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/22 20:16:30 | 001,326,389 | ---- | M] () -- C:\Documents and Settings\Michael.TOSHIBA\Desktop\AdwCleaner.exe
[2014/05/22 20:09:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/05/22 19:36:00 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Michael.TOSHIBA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/22 14:40:07 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/05/22 09:16:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/05/19 15:01:09 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\Michael.TOSHIBA\Application Data\WB.CFG
[2014/05/11 12:53:58 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/29 23:54:39 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2 C:\Documents and Settings\Michael.TOSHIBA\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Michael.TOSHIBA\Local Settings\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/22 20:16:11 | 001,326,389 | ---- | C] () -- C:\Documents and Settings\Michael.TOSHIBA\Desktop\AdwCleaner.exe
[2014/05/19 15:01:09 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Michael.TOSHIBA\Application Data\WB.CFG
[2014/05/13 10:51:30 | 000,214,238 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-18-0.dat
[2014/05/12 22:01:04 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2014/05/06 11:53:32 | 000,214,238 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/04/19 16:30:49 | 000,123,592 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/02/03 11:09:18 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2014/02/03 11:09:18 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2013/08/12 01:16:46 | 000,000,070 | ---- | C] () -- C:\WINDOWS\ERROR.ini
[2013/08/12 01:08:24 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2013/04/14 17:31:13 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Michael.TOSHIBA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/09 09:01:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2013/04/09 02:26:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/06 16:25:19 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2013/04/06 16:24:29 | 000,000,048 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2013/04/06 16:24:27 | 000,023,360 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2013/04/06 16:24:27 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2013/04/06 04:46:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2013/04/06 04:41:03 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2013/04/06 04:41:03 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2013/04/06 04:40:57 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2013/04/06 04:29:06 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2013/04/06 04:29:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2013/04/06 03:53:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/04/04 21:16:56 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2013/04/04 21:16:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2013/04/04 21:16:56 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2013/04/04 21:16:56 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2013/04/04 21:16:22 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
 
========== ZeroAccess Check ==========
 
[2005/05/13 04:54:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/04/19 13:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2014/05/04 15:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/04/20 00:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael.TOSHIBA\Application Data\ContentExplorer
[2005/05/13 04:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael.TOSHIBA\Application Data\InterTrust
[2013/04/06 04:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael.TOSHIBA\Application Data\InterVideo
[2014/04/19 13:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael.TOSHIBA\Application Data\Research In Motion
[2005/05/13 04:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael.TOSHIBA\Application Data\toshiba
[2013/12/08 00:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael.TOSHIBA\Application Data\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

< End of report >

[Advertisements]

here is the AdwCleaner log:

 

# AdwCleaner v3.211 - Report created 29/05/2014 at 20:11:37
# Updated 26/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Michael - TOSHIBA
# Running from : C:\Documents and Settings\Michael.TOSHIBA\Desktop\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Util ScanTack

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Bench

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BService]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Wd]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\ScanTack
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\Bench
Key Deleted : HKLM\Software\LevelQualityWatcher
Key Deleted : HKLM\Software\ScanTack
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanTack

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v26.0 (en-US)

-\\ Google Chrome v35.0.1916.114

*************************

AdwCleaner[R0].txt - [14212 octets] - [21/04/2014 12:46:07]
AdwCleaner[R1].txt - [9358 octets] - [22/05/2014 20:16:50]
AdwCleaner[R2].txt - [2749 octets] - [29/05/2014 20:08:26]
AdwCleaner[S0].txt - [14191 octets] - [21/04/2014 12:54:10]
AdwCleaner[S1].txt - [8161 octets] - [22/05/2014 20:18:16]
AdwCleaner[S2].txt - [2726 octets] - [29/05/2014 20:11:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2786 octets] ##########

[mraskin]

here is the AdwCleaner log:

 

# AdwCleaner v3.211 - Report created 29/05/2014 at 20:11:37
# Updated 26/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Michael - TOSHIBA
# Running from : C:\Documents and Settings\Michael.TOSHIBA\Desktop\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Util ScanTack

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Bench

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BService]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Wd]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\ScanTack
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\Bench
Key Deleted : HKLM\Software\LevelQualityWatcher
Key Deleted : HKLM\Software\ScanTack
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanTack

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v26.0 (en-US)

-\\ Google Chrome v35.0.1916.114

*************************

AdwCleaner[R0].txt - [14212 octets] - [21/04/2014 12:46:07]
AdwCleaner[R1].txt - [9358 octets] - [22/05/2014 20:16:50]
AdwCleaner[R2].txt - [2749 octets] - [29/05/2014 20:08:26]
AdwCleaner[S0].txt - [14191 octets] - [21/04/2014 12:54:10]
AdwCleaner[S1].txt - [8161 octets] - [22/05/2014 20:18:16]
AdwCleaner[S2].txt - [2726 octets] - [29/05/2014 20:11:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2786 octets] ##########

[mraskin]

the laptop started to work a bit better, but still has delays for example when I scroll the page of the Internet Explorer

[Essexboy]

OK lets look a bit deeper

 

Download AVPTool from Here to your desktop
 
Run the programme you have just downloaded to your desktop ( it will be randomly named )
 
First we will run a virus scan
Select the cog to access scan areas

On the first tab select all elements down to OS C and then select start scan 

 Once it has finished select reports and post the detected threats
.

Now an analysis scan
Select the Manual Disinfection tab 
Press the Gather System Information button 
 

Once it has completed then click Step 2 Report sending

Click avptool.sysinfo.zip
And you will be taken to the zip file that needs to be attached

[mraskin]

when I ran the first time the AVPTool it found 12 threats and scan stopped with suggestion to delete the threats . And so I did in order to continue the scan.

Then the scan stopped at 97% with no further progress. I restarted the laptop. The AVPTool  started by itself , then a popup message came up telling that Files Needed: The file '30342075.sys' on 30342075 Installation Disk is needed. Type the path where the file is located, and then click OK.

After canceling this popup message AVPTool has started. I ran a new scan which didn't find any new threats.

Now I'm trying to copy the report , but for some reason Im not able to copy it.

[Essexboy]

To locate the report :

Once it has completed then click Step 2 Report sending


Click avptool.sysinfo.zip
And you will be taken to the zip file that needs to be attached

[mraskin]

I meant that after the initial scanning I was not able to select reports and post the detected threats
 

[mraskin]

 avptool_sysinfo.zip   22.27KB   165 downloads

 

 avptool_sysinfo.zip   26.87KB   172 downloads

Edited by mraskin, 31 May 2014 - 03:32 PM.

[mraskin]

I just noticed that the files that I attached are the old ones from 2012.

And for some reason I can't attach the latest .zip file

Edited by mraskin, 31 May 2014 - 03:53 PM.

[Essexboy]

On completion can you let me know what problems remain

• Re-run AVPTool 
• Select the Manual Disinfection tab and press Script execution
   
• Where it states  Insert text  script in the following box copy the below script and press Run script
  Copy from Begin until End
   
  

  
  begin
  SearchRootkit(true, true);
  SetAVZGuardStatus(True);
  DeleteFile('C:\Documents and Settings\Michael\Local Settings\Application Data\iBryte\Implementations\playbryte\Assemblies\1\BrowserObjects.dll');
  BC_DeleteFile('C:\Documents and Settings\Michael\Local Settings\Application Data\iBryte\Implementations\playbryte\Assemblies\1\BrowserObjects.dll');
  DeleteFile('C:\Documents and Settings\Michael\Local Settings\Application Data\iBryte\Implementations\playbryte\assemblies\1\Inline.dll');
  BC_DeleteFile('C:\Documents and Settings\Michael\Local Settings\Application Data\iBryte\Implementations\playbryte\assemblies\1\Inline.dll');
  DeleteFile('c:\documents and settings\michael\local settings\application data\ibryte\implementations\playbryte\assemblies\1\pops.dll');
  BC_DeleteFile('c:\documents and settings\michael\local settings\application data\ibryte\implementations\playbryte\assemblies\1\pops.dll');
  DeleteFile('c:\documents and settings\michael\local settings\application data\ibryte\implementations\playbryte\assemblies\1\sliderad.dll');
  BC_DeleteFile('c:\documents and settings\michael\local settings\application data\ibryte\implementations\playbryte\assemblies\1\sliderad.dll');
  DeleteFile('c:\program files\ibryte\playbryte\asyncclient11.dll');
  BC_DeleteFile('c:\program files\ibryte\playbryte\asyncclient11.dll');
  DeleteFile('c:\program files\ibryte\playbryte\proto11.dll');
  BC_DeleteFile('c:\program files\ibryte\playbryte\proto11.dll');
  BC_ImportDeletedList;
  BC_ImportAll;
  ExecuteSysClean;
  BC_Activate;
  RebootWindows(true);
  end.
  
  

• Your system will reboot on completion, if it does not please do so yourself  
• On completion please run another analysis scan and attach the zip file  

[mraskin]

I did as per your instruction. The laptop rebooted by itself. AVPTool started by itself. It started extracting all kinds of drivers. And at some point the AVPTool shuts itself. I've tried several times manualy open AVPTool, same thing happens it startes extracting all kinds of drivers and at some point shuts itself.

I've rebooted one more time and the popup note showed up on the screen telling: "Windows cannot find '6973247.exe'. Make sure you typed name corectly, and then try again. To search for a file, click Start button, and then click Search"

I hit OK button and then started the AVPTool which finally opened up.

Edited by mraskin, 31 May 2014 - 08:52 PM.

[mraskin]

I ran the analysis again. All went OK.

But it is very weired I still can't attach the latest zip file   

 

 avptool_sysinfo.zip   26.87KB   172 downloads

 avptool_sysinfo.zip   22.27KB   165 downloads

Edited by mraskin, 31 May 2014 - 09:01 PM.

[Essexboy]

How is the computer behaving now, any problems

[mraskin]

It is still having delays in most of the actions. Something there still impedes the performans.

[Essexboy]

Could I have a fresh OTL scan please selecting all users