My toshiba netbook NB305 doesn't seem to be working. I start the computer and it loads the toshiba start-up with the option to go to the bio's screen. the computer then loads to a black screen with blinking white cursor. I cannot operate in safe mode at all. i have no cd/dvd drive so no recovery disc. What should i do?
Toshiba nb305 only loads to black screen with blinking white cursor [S
Started by
CoNtRoLlEr57706
, May 16 2012 07:51 PM
#1
Posted 16 May 2012 - 07:51 PM
My toshiba netbook NB305 doesn't seem to be working. I start the computer and it loads the toshiba start-up with the option to go to the bio's screen. the computer then loads to a black screen with blinking white cursor. I cannot operate in safe mode at all. i have no cd/dvd drive so no recovery disc. What should i do?
#2
Posted 17 May 2012 - 02:13 PM
Hi, CoNtRoLlEr57706! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.
If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.
Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
Turn on the computer
When you see the BIOS selection key start tapping F8.
You will enter the Advanced Boot Options Screen below:
Use the cursor to highlight Last Known Good Configuration (advanced)
Then press Enter
Let me know if it boots into Windows.
If it does not boot tell me what symptoms if any you were having before it would not boot. (i.e. slowing, website redirects, not starting sometimes, error codes, etc.)
Do you have another computer we can download files onto?
Do you have a USB flash drive we can use to transfer files?
If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.
Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
- Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
- Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
- If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
- These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
- Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
- Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
- You must reply within four days failure to reply will result in the topic being closed!
- Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
- Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.
Turn on the computer
When you see the BIOS selection key start tapping F8.
You will enter the Advanced Boot Options Screen below:
Use the cursor to highlight Last Known Good Configuration (advanced)
Then press Enter
Let me know if it boots into Windows.
If it does not boot tell me what symptoms if any you were having before it would not boot. (i.e. slowing, website redirects, not starting sometimes, error codes, etc.)
Do you have another computer we can download files onto?
Do you have a USB flash drive we can use to transfer files?
#3
Posted 17 May 2012 - 03:40 PM
Hello CompCav,
I am not able to get to the safe mode feature (f8) at all it will only take me to the bios screen.
I do have two hard drives that i can transfer doc/pics/mp3s over to.
I am not able to get to the safe mode feature (f8) at all it will only take me to the bios screen.
I do have two hard drives that i can transfer doc/pics/mp3s over to.
#4
Posted 17 May 2012 - 03:47 PM
OK we will focus now on getting your information off of the disks.
Please go here to get a Puppy Linux to get the material you want off of your hard drive then we will try to work on it. Follow the link in step one to make a pen drive bootable.
Use this to boot up your drive and connect your hard drives by USB to copy over your files. When this is done I have two questions:
Do you want to try to recover the existing install of windows?
Do you want to just do a Factory Reset?
In either case I need the full model information that will tell me the setup you have.
If you have any questions along the way please let me know.
Regards,
CompCav
Please go here to get a Puppy Linux to get the material you want off of your hard drive then we will try to work on it. Follow the link in step one to make a pen drive bootable.
Use this to boot up your drive and connect your hard drives by USB to copy over your files. When this is done I have two questions:
Do you want to try to recover the existing install of windows?
Do you want to just do a Factory Reset?
In either case I need the full model information that will tell me the setup you have.
If you have any questions along the way please let me know.
Regards,
CompCav
#5
Posted 18 May 2012 - 08:18 PM
if possible i would like to save current windows mainly b/c i don't have another copy of windows at this time and i would like to avoid buying another one.
However if it is not possible to save it then so be it the end goal ultimately is to get the computer functional.
I am currently doing the puppy liunx download to the cd i will let you know of any problems that arise.
i apparently made a mistake i have an nb205
here is the model info on the bottom
Toshiba
NB205-N312/BL SYSTEM UNIT
PART NO. PLL20U-00Q01D<ES5.0>
SERIAL NO. X9730068K
However if it is not possible to save it then so be it the end goal ultimately is to get the computer functional.
I am currently doing the puppy liunx download to the cd i will let you know of any problems that arise.
i apparently made a mistake i have an nb205
here is the model info on the bottom
Toshiba
NB205-N312/BL SYSTEM UNIT
PART NO. PLL20U-00Q01D<ES5.0>
SERIAL NO. X9730068K
#6
Posted 18 May 2012 - 08:35 PM
We will need one or two USB flash drives, do you have them or at least 1?
What version of windows do you have?
Before it would not boot what symptoms or issues were you having with the computer?
Regards,
CompCav
What version of windows do you have?
Before it would not boot what symptoms or issues were you having with the computer?
Regards,
CompCav
#7
Posted 18 May 2012 - 09:53 PM
what size drive? or does it matter? i have a few flashes (1gig), (250MB), a tb that i'm using to copy the music/pics from the netbook right now, and two 250 gigs.
to illustrate my noob'ness i haven't the slightest idea what version of windows i was running is there a way that i can check?
as for issues before the crash.
the month pre-crash i wasn't having any issues just got a new antivirus (web root secure anywhere).everything was working great then BAM! black screen of doom.
before that month i had a problem where the computer would only boot in safe mode the windows security kept popping up to say that my anti-virus and fire-wall were no longer working and to buy a new one via a link inside the pop-up and then a "free" mal-ware/virus scan would begin. I of course did not clink on the link and tried to get to my antivirus (spyware terminator with av clam) when i tried to open this program the windows security would pop-up and tell me the program i was attempting the open was infected and immediately shut-it down. Shortly after this any program i would try and run would do this until finally everything crashed.
files are currently downloading from puppy linux =)
thanks in advance!
to illustrate my noob'ness i haven't the slightest idea what version of windows i was running is there a way that i can check?
as for issues before the crash.
the month pre-crash i wasn't having any issues just got a new antivirus (web root secure anywhere).everything was working great then BAM! black screen of doom.
before that month i had a problem where the computer would only boot in safe mode the windows security kept popping up to say that my anti-virus and fire-wall were no longer working and to buy a new one via a link inside the pop-up and then a "free" mal-ware/virus scan would begin. I of course did not clink on the link and tried to get to my antivirus (spyware terminator with av clam) when i tried to open this program the windows security would pop-up and tell me the program i was attempting the open was infected and immediately shut-it down. Shortly after this any program i would try and run would do this until finally everything crashed.
files are currently downloading from puppy linux =)
thanks in advance!
#8
Posted 19 May 2012 - 04:52 AM
There should be a label on the underside that is Microsoft that will tell you.to illustrate my noob'ness i haven't the slightest idea what version of windows i was running is there a way that i can check?
#9
Posted 21 May 2012 - 01:41 PM
sorry for the delayed reply the sticker was no longer there tried to find the box and it looks like windows XP.
success in downloading all personal files on the computer.
success in downloading all personal files on the computer.
#10
Posted 21 May 2012 - 01:58 PM
OK lets go in outside of windows. We will need to create a CD and additionally use a USB drive
Please print these instruction out so that you know what you are doing
Please print these instruction out so that you know what you are doing
- Download OTLPENet.exe to your desktop
- Download Farbar Recovery Scan Tool and save it to a flash drive.
- Ensure that you have a blank CD in the drive
- Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
- Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here - As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
- Your system should now display a Reatogo desktop
Note : as you are running from CD it is not exactly speedy - Insert the USB with FRST
- Locate the flash drive with FRST and double click
- The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
#11
Posted 22 May 2012 - 07:04 PM
Compcav here is the files
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012
Ran by SYSTEM at 22-05-2012 19:54:53
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet003
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui [471128 2009-06-10] (Atheros Communications, Inc.)
HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [424496 2009-07-27] (Chicony)
HKLM\...\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [81920 2009-05-08] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon [x]
HKLM\...\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe [141848 2009-02-17] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [166424 2009-02-17] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe [137752 2009-02-17] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [869744 2009-07-01] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [TDispVol] TDispVol.exe [x]
HKLM\...\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP [28672 2004-05-01] (TOSHIBA CO.,LTD.)
HKLM\...\Run: [ZoomingHook] ZoomingHook.exe [x]
HKLM\...\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant [110592 2009-02-25] ()
HKLM\...\Run: [TPSMain] TPSMain.exe [x]
HKLM\...\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run [136816 2007-01-25] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2216960 2011-11-17] (Crawler.com)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [20480 2007-04-30] ()
HKLM\...\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [892928 2011-11-23] (Sony Corporation)
HKLM\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [660568 2012-04-04] (Webroot)
HKU\Default User\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Faircloth\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Policies\system: [DisableCMD] 0
HKU\Faircloth\...\Policies\system: [NoDispAppearancePage] 0
HKU\Faircloth\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Faircloth\...\Policies\system: [NoDispSettingsPage] 0
HKU\kodak\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\kodak\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\kodak\...\Policies\system: [DisableCMD] 0
HKU\kodak\...\Policies\system: [NoDispAppearancePage] 0
HKU\kodak\...\Policies\system: [NoDispBackgroundPage] 0
HKU\kodak\...\Policies\system: [NoDispSettingsPage] 0
HKU\LocalService\...\Policies\system: [DisableCMD] 0
HKU\LocalService\...\Policies\system: [NoDispAppearancePage] 0
HKU\LocalService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\LocalService\...\Policies\system: [NoDispSettingsPage] 0
HKU\NetworkService\...\Policies\system: [DisableCMD] 0
HKU\NetworkService\...\Policies\system: [NoDispAppearancePage] 0
HKU\NetworkService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\NetworkService\...\Policies\system: [NoDispSettingsPage] 0
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
================================ Services (Whitelisted) ==================
2 ACS; C:\WINDOWS\system32\acs.exe [499796 2009-06-10] (Atheros)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 gupdate1ca6fc050bdcb20; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-11-27] (Google Inc.)
2 KodakDigitalDisplayService; "C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe" [98304 2008-08-08] (Orb Networks, Inc.)
2 lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [99248 2007-05-25] (Lexmark International, Inc.)
2 lxdd_device; C:\WINDOWS\system32\lxddcoms.exe -service [537520 2007-05-25] ( )
2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
2 SNMP; C:\Windows\System32\snmp.exe [33280 2008-04-14] (Microsoft Corporation)
3 Sony SCSI Helper Service; "C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2011-09-23] (Sony Corporation)
2 sp_rssrv; "C:\Program Files\Spyware Terminator\sp_rsser.exe" [496128 2011-11-17] (Crawler.com)
2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [523320 2008-08-22] (TOSHIBA Corporation)
2 TODDSrv; C:\WINDOWS\system32\TODDSrv.exe [129632 2007-11-21] (TOSHIBA Corporation)
2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [144752 2009-06-20] (TOSHIBA CORPORATION)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [660568 2012-04-04] (Webroot)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]
========================== Drivers (Whitelisted) =============
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2010-02-15] (Meetinghouse Data Communications)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [166448 2008-02-07] (Alps Electric Co., Ltd.)
3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1574112 2009-06-22] (Atheros Communications, Inc.)
0 awprDvyd; C:\Windows\System32\drivers\awprDvyd.sys [109584 2012-04-14] (Webroot)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 cecnuvc; C:\Windows\System32\Drivers\cec_uvc.sys [48176 2009-04-10] (Chicony Electronics Co., Ltd.)
2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2007-10-09] (Realtek)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [5870080 2009-07-29] (Realtek Semiconductor Corp.)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [287232 2007-12-28] (Realtek Semiconductor Corporation )
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [120064 2009-01-22] (Realtek Semiconductor Corporation )
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
1 sp_rsdrv2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [142592 2010-03-11] ()
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [16128 2007-02-22] (TOSHIBA Corporation.)
2 tdudf; C:\Windows\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
0 Thpdrv; C:\Windows\System32\DRIVERS\thpdrv.sys [28536 2008-08-21] (TOSHIBA Corporation)
0 Thpevm; C:\Windows\System32\DRIVERS\Thpevm.SYS [6528 2007-09-04] (TOSHIBA Corporation)
3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [46984 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [143720 2009-07-06] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36992 2009-06-11] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [69352 2009-06-23] (TOSHIBA Corporation)
3 tosrfec; C:\Windows\System32\DRIVERS\tosrfec.sys [15216 2009-07-14] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [74368 2009-05-20] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [21608 2009-06-18] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [59888 2009-06-19] (TOSHIBA Corporation)
3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [48888 2009-06-19] (TOSHIBA CORPORATION)
1 TPwSav; \??\C:\WINDOWS\system32\drivers\TPwSav.sys [17192 2008-07-24] (TOSHIBA )
2 trudf; C:\Windows\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23512 2009-03-12] (TOSHIBA Corporation)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Co., Ltd.)
0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [109584 2012-04-14] (Webroot)
3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [58208 2009-03-17] (Atheros Communications, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
3 cpuz132; \??\C:\DOCUME~1\FAIRCL~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
1 Sfloppy; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
4 ViaIde; [x]
3 WDICA; [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
============ 3 Months Modified Files and Folders ===============
2012-05-22 19:54 - 2012-05-22 19:54 - 0000000 ____D C:\FRST
2012-04-14 20:13 - 2010-10-10 11:41 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\BitTorrent
2012-04-14 20:10 - 2012-04-14 18:10 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
2012-04-14 20:09 - 2012-04-14 20:09 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\awprDvyd.sys
2012-04-14 19:53 - 2012-02-18 21:43 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2012-04-14 19:47 - 2010-03-11 21:55 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\Spyware Terminator
2012-04-14 19:46 - 2012-02-18 21:44 - 0146104 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-04-14 19:46 - 2012-02-18 21:44 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-04-14 19:46 - 2010-03-11 21:55 - 0000000 ____D C:\Program Files\Spyware Terminator
2012-04-14 19:32 - 2009-11-28 01:32 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-14 16:53 - 2010-10-05 05:14 - 0000430 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{01A95FD4-E392-4044-B6F9-191CC3FFBD47}.job
2012-04-12 21:56 - 2009-11-24 21:51 - 0000000 ___RD C:\Documents and Settings\Faircloth\My Documents\My Pictures
2012-04-10 00:54 - 2010-01-03 03:52 - 0000000 ____D C:\Documents and Settings\All Users\Documents\My Slide Shows
2012-04-06 18:26 - 2011-01-06 13:38 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Productivity_1.12
2012-04-04 13:22 - 2012-02-18 21:43 - 0000000 ____D C:\Program Files\Webroot
2012-03-31 15:32 - 2009-11-28 01:32 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-26 12:29 - 2010-02-15 23:14 - 0000387 ____A C:\Windows\RTacDbg.txt
2012-03-26 12:28 - 2010-01-03 03:52 - 0000062 __ASH C:\Documents and Settings\kodak\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-11-24 21:51 - 0000062 __ASH C:\Documents and Settings\Faircloth\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-09-08 09:58 - 0001158 ____A C:\Windows\System32\wpa.dbl
2012-03-26 12:28 - 2009-09-08 09:26 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-26 12:28 - 2009-09-08 02:20 - 0000049 ____A C:\Windows\wiaservc.log
2012-03-26 12:28 - 2009-09-08 02:19 - 0000159 ____A C:\Windows\wiadebug.log
2012-03-26 12:27 - 2009-10-25 01:46 - 1063702528 __ASH C:\hiberfil.sys
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-03-26 12:26 - 2009-11-24 21:51 - 0000178 ___SH C:\Documents and Settings\Faircloth\ntuser.ini
2012-03-26 12:26 - 2009-09-08 09:26 - 0032620 ____A C:\Windows\SchedLgU.Txt
2012-03-26 12:26 - 2009-09-08 09:22 - 1901359 ____A C:\Windows\WindowsUpdate.log
2012-03-23 23:27 - 2009-11-24 22:14 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Google
2012-03-23 23:24 - 2012-03-23 23:24 - 0000000 ____D C:\Documents and Settings\kodak\Local Settings\Application Data\Google
2012-03-19 05:02 - 2009-09-08 09:22 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-03-19 04:58 - 2009-09-08 02:17 - 0211626 ____A C:\Windows\setupact.log
2012-03-15 23:36 - 2009-11-27 23:41 - 0002698 ___AC C:\Documents and Settings\Faircloth\Application Data\wklnhst.dat
2012-03-14 17:27 - 2009-09-08 02:18 - 0512034 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-03-14 17:12 - 2009-10-25 02:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
========================= Known DLLs (Whitelisted) ============
C:\Windows\System32\olecli32.dll is missing
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2012-02-29 22:15 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP128
RP: -> 2011-12-15 14:38 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP127
RP: -> 2011-12-14 10:12 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP126
RP: -> 2011-11-23 11:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP125
RP: -> 2011-11-17 01:02 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP124
RP: -> 2011-11-12 11:31 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP123
RP: -> 2011-11-10 13:04 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP122
RP: -> 2011-11-08 14:27 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP121
RP: -> 2011-10-13 10:54 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP120
RP: -> 2011-10-01 14:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP119
RP: -> 2011-09-28 06:50 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP118
RP: -> 2011-09-26 17:26 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP117
RP: -> 2011-09-15 20:52 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP116
RP: -> 2011-09-12 09:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP115
RP: -> 2011-09-10 15:37 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP114
RP: -> 2011-09-08 12:16 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP113
RP: -> 2011-09-06 20:30 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP112
RP: -> 2011-09-03 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP111
RP: -> 2011-09-02 15:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP110
RP: -> 2011-08-25 10:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP109
RP: -> 2011-08-17 10:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP108
RP: -> 2011-08-11 10:51 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP107
RP: -> 2011-07-25 23:17 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP106
RP: -> 2011-07-24 12:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP105
RP: -> 2011-07-14 15:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP104
RP: -> 2011-07-12 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP103
========================= Memory info ======================
Percentage of memory in use: 19%
Total physical RAM: 1014.36 MB
Available physical RAM: 815.5 MB
Total Pagefile: 901.92 MB
Available Pagefile: 832 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB
======================= Partitions =========================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (TI105133P0A ) (Fixed) (Total:139.66 GB) (Free:24.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive e: (IOMEGAMINI) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
5 Drive y: (HDDRECOVERY) (Fixed) (Total:9.38 GB) (Free:4.56 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 140 GB 32 KB
Partition 2 Primary 9 GB 140 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105133P0A NTFS Partition 140 GB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y HDDRECOVERY FAT32 Partition 9 GB Healthy
======================================================================================================
======================= End Of Log ==========================
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012
Ran by SYSTEM at 22-05-2012 19:54:53
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet003
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui [471128 2009-06-10] (Atheros Communications, Inc.)
HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [424496 2009-07-27] (Chicony)
HKLM\...\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [81920 2009-05-08] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon [x]
HKLM\...\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe [141848 2009-02-17] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [166424 2009-02-17] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe [137752 2009-02-17] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [869744 2009-07-01] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [TDispVol] TDispVol.exe [x]
HKLM\...\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP [28672 2004-05-01] (TOSHIBA CO.,LTD.)
HKLM\...\Run: [ZoomingHook] ZoomingHook.exe [x]
HKLM\...\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant [110592 2009-02-25] ()
HKLM\...\Run: [TPSMain] TPSMain.exe [x]
HKLM\...\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run [136816 2007-01-25] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2216960 2011-11-17] (Crawler.com)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [20480 2007-04-30] ()
HKLM\...\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [892928 2011-11-23] (Sony Corporation)
HKLM\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [660568 2012-04-04] (Webroot)
HKU\Default User\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Faircloth\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Policies\system: [DisableCMD] 0
HKU\Faircloth\...\Policies\system: [NoDispAppearancePage] 0
HKU\Faircloth\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Faircloth\...\Policies\system: [NoDispSettingsPage] 0
HKU\kodak\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\kodak\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\kodak\...\Policies\system: [DisableCMD] 0
HKU\kodak\...\Policies\system: [NoDispAppearancePage] 0
HKU\kodak\...\Policies\system: [NoDispBackgroundPage] 0
HKU\kodak\...\Policies\system: [NoDispSettingsPage] 0
HKU\LocalService\...\Policies\system: [DisableCMD] 0
HKU\LocalService\...\Policies\system: [NoDispAppearancePage] 0
HKU\LocalService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\LocalService\...\Policies\system: [NoDispSettingsPage] 0
HKU\NetworkService\...\Policies\system: [DisableCMD] 0
HKU\NetworkService\...\Policies\system: [NoDispAppearancePage] 0
HKU\NetworkService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\NetworkService\...\Policies\system: [NoDispSettingsPage] 0
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
================================ Services (Whitelisted) ==================
2 ACS; C:\WINDOWS\system32\acs.exe [499796 2009-06-10] (Atheros)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 gupdate1ca6fc050bdcb20; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-11-27] (Google Inc.)
2 KodakDigitalDisplayService; "C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe" [98304 2008-08-08] (Orb Networks, Inc.)
2 lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [99248 2007-05-25] (Lexmark International, Inc.)
2 lxdd_device; C:\WINDOWS\system32\lxddcoms.exe -service [537520 2007-05-25] ( )
2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
2 SNMP; C:\Windows\System32\snmp.exe [33280 2008-04-14] (Microsoft Corporation)
3 Sony SCSI Helper Service; "C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2011-09-23] (Sony Corporation)
2 sp_rssrv; "C:\Program Files\Spyware Terminator\sp_rsser.exe" [496128 2011-11-17] (Crawler.com)
2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [523320 2008-08-22] (TOSHIBA Corporation)
2 TODDSrv; C:\WINDOWS\system32\TODDSrv.exe [129632 2007-11-21] (TOSHIBA Corporation)
2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [144752 2009-06-20] (TOSHIBA CORPORATION)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [660568 2012-04-04] (Webroot)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]
========================== Drivers (Whitelisted) =============
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2010-02-15] (Meetinghouse Data Communications)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [166448 2008-02-07] (Alps Electric Co., Ltd.)
3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1574112 2009-06-22] (Atheros Communications, Inc.)
0 awprDvyd; C:\Windows\System32\drivers\awprDvyd.sys [109584 2012-04-14] (Webroot)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 cecnuvc; C:\Windows\System32\Drivers\cec_uvc.sys [48176 2009-04-10] (Chicony Electronics Co., Ltd.)
2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2007-10-09] (Realtek)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [5870080 2009-07-29] (Realtek Semiconductor Corp.)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [287232 2007-12-28] (Realtek Semiconductor Corporation )
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [120064 2009-01-22] (Realtek Semiconductor Corporation )
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
1 sp_rsdrv2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [142592 2010-03-11] ()
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [16128 2007-02-22] (TOSHIBA Corporation.)
2 tdudf; C:\Windows\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
0 Thpdrv; C:\Windows\System32\DRIVERS\thpdrv.sys [28536 2008-08-21] (TOSHIBA Corporation)
0 Thpevm; C:\Windows\System32\DRIVERS\Thpevm.SYS [6528 2007-09-04] (TOSHIBA Corporation)
3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [46984 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [143720 2009-07-06] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36992 2009-06-11] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [69352 2009-06-23] (TOSHIBA Corporation)
3 tosrfec; C:\Windows\System32\DRIVERS\tosrfec.sys [15216 2009-07-14] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [74368 2009-05-20] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [21608 2009-06-18] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [59888 2009-06-19] (TOSHIBA Corporation)
3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [48888 2009-06-19] (TOSHIBA CORPORATION)
1 TPwSav; \??\C:\WINDOWS\system32\drivers\TPwSav.sys [17192 2008-07-24] (TOSHIBA )
2 trudf; C:\Windows\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23512 2009-03-12] (TOSHIBA Corporation)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Co., Ltd.)
0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [109584 2012-04-14] (Webroot)
3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [58208 2009-03-17] (Atheros Communications, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
3 cpuz132; \??\C:\DOCUME~1\FAIRCL~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
1 Sfloppy; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
4 ViaIde; [x]
3 WDICA; [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
============ 3 Months Modified Files and Folders ===============
2012-05-22 19:54 - 2012-05-22 19:54 - 0000000 ____D C:\FRST
2012-04-14 20:13 - 2010-10-10 11:41 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\BitTorrent
2012-04-14 20:10 - 2012-04-14 18:10 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
2012-04-14 20:09 - 2012-04-14 20:09 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\awprDvyd.sys
2012-04-14 19:53 - 2012-02-18 21:43 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2012-04-14 19:47 - 2010-03-11 21:55 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\Spyware Terminator
2012-04-14 19:46 - 2012-02-18 21:44 - 0146104 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-04-14 19:46 - 2012-02-18 21:44 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-04-14 19:46 - 2010-03-11 21:55 - 0000000 ____D C:\Program Files\Spyware Terminator
2012-04-14 19:32 - 2009-11-28 01:32 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-14 16:53 - 2010-10-05 05:14 - 0000430 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{01A95FD4-E392-4044-B6F9-191CC3FFBD47}.job
2012-04-12 21:56 - 2009-11-24 21:51 - 0000000 ___RD C:\Documents and Settings\Faircloth\My Documents\My Pictures
2012-04-10 00:54 - 2010-01-03 03:52 - 0000000 ____D C:\Documents and Settings\All Users\Documents\My Slide Shows
2012-04-06 18:26 - 2011-01-06 13:38 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Productivity_1.12
2012-04-04 13:22 - 2012-02-18 21:43 - 0000000 ____D C:\Program Files\Webroot
2012-03-31 15:32 - 2009-11-28 01:32 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-26 12:29 - 2010-02-15 23:14 - 0000387 ____A C:\Windows\RTacDbg.txt
2012-03-26 12:28 - 2010-01-03 03:52 - 0000062 __ASH C:\Documents and Settings\kodak\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-11-24 21:51 - 0000062 __ASH C:\Documents and Settings\Faircloth\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-09-08 09:58 - 0001158 ____A C:\Windows\System32\wpa.dbl
2012-03-26 12:28 - 2009-09-08 09:26 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-26 12:28 - 2009-09-08 02:20 - 0000049 ____A C:\Windows\wiaservc.log
2012-03-26 12:28 - 2009-09-08 02:19 - 0000159 ____A C:\Windows\wiadebug.log
2012-03-26 12:27 - 2009-10-25 01:46 - 1063702528 __ASH C:\hiberfil.sys
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-03-26 12:26 - 2009-11-24 21:51 - 0000178 ___SH C:\Documents and Settings\Faircloth\ntuser.ini
2012-03-26 12:26 - 2009-09-08 09:26 - 0032620 ____A C:\Windows\SchedLgU.Txt
2012-03-26 12:26 - 2009-09-08 09:22 - 1901359 ____A C:\Windows\WindowsUpdate.log
2012-03-23 23:27 - 2009-11-24 22:14 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Google
2012-03-23 23:24 - 2012-03-23 23:24 - 0000000 ____D C:\Documents and Settings\kodak\Local Settings\Application Data\Google
2012-03-19 05:02 - 2009-09-08 09:22 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-03-19 04:58 - 2009-09-08 02:17 - 0211626 ____A C:\Windows\setupact.log
2012-03-15 23:36 - 2009-11-27 23:41 - 0002698 ___AC C:\Documents and Settings\Faircloth\Application Data\wklnhst.dat
2012-03-14 17:27 - 2009-09-08 02:18 - 0512034 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-03-14 17:12 - 2009-10-25 02:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
========================= Known DLLs (Whitelisted) ============
C:\Windows\System32\olecli32.dll is missing
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2012-02-29 22:15 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP128
RP: -> 2011-12-15 14:38 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP127
RP: -> 2011-12-14 10:12 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP126
RP: -> 2011-11-23 11:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP125
RP: -> 2011-11-17 01:02 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP124
RP: -> 2011-11-12 11:31 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP123
RP: -> 2011-11-10 13:04 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP122
RP: -> 2011-11-08 14:27 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP121
RP: -> 2011-10-13 10:54 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP120
RP: -> 2011-10-01 14:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP119
RP: -> 2011-09-28 06:50 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP118
RP: -> 2011-09-26 17:26 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP117
RP: -> 2011-09-15 20:52 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP116
RP: -> 2011-09-12 09:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP115
RP: -> 2011-09-10 15:37 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP114
RP: -> 2011-09-08 12:16 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP113
RP: -> 2011-09-06 20:30 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP112
RP: -> 2011-09-03 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP111
RP: -> 2011-09-02 15:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP110
RP: -> 2011-08-25 10:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP109
RP: -> 2011-08-17 10:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP108
RP: -> 2011-08-11 10:51 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP107
RP: -> 2011-07-25 23:17 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP106
RP: -> 2011-07-24 12:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP105
RP: -> 2011-07-14 15:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP104
RP: -> 2011-07-12 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP103
========================= Memory info ======================
Percentage of memory in use: 19%
Total physical RAM: 1014.36 MB
Available physical RAM: 815.5 MB
Total Pagefile: 901.92 MB
Available Pagefile: 832 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB
======================= Partitions =========================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (TI105133P0A ) (Fixed) (Total:139.66 GB) (Free:24.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive e: (IOMEGAMINI) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
5 Drive y: (HDDRECOVERY) (Fixed) (Total:9.38 GB) (Free:4.56 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 140 GB 32 KB
Partition 2 Primary 9 GB 140 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105133P0A NTFS Partition 140 GB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y HDDRECOVERY FAT32 Partition 9 GB Healthy
======================================================================================================
======================= End Of Log ==========================
#12
Posted 22 May 2012 - 07:24 PM
We need to search for a file:
olecli32.dll
- Restart your computer like you did before to start FRST and get to this screen:
- Type the following into the search box:
olecli32.dll
- Press the Search button.
- Once it completes, a message will pop up indicating that the search is completed.
- It will make a log (Search.txt) on the flash drive. Please copy and paste it to your reply.
#13
Posted 22 May 2012 - 08:23 PM
here is what was saved. was it supposed to take the place of the last file on the drive?
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012
Ran by SYSTEM at 22-05-2012 21:17:27
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet003
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui [471128 2009-06-10] (Atheros Communications, Inc.)
HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [424496 2009-07-27] (Chicony)
HKLM\...\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [81920 2009-05-08] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon [x]
HKLM\...\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe [141848 2009-02-17] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [166424 2009-02-17] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe [137752 2009-02-17] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [869744 2009-07-01] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [TDispVol] TDispVol.exe [x]
HKLM\...\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP [28672 2004-05-01] (TOSHIBA CO.,LTD.)
HKLM\...\Run: [ZoomingHook] ZoomingHook.exe [x]
HKLM\...\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant [110592 2009-02-25] ()
HKLM\...\Run: [TPSMain] TPSMain.exe [x]
HKLM\...\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run [136816 2007-01-25] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2216960 2011-11-17] (Crawler.com)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [20480 2007-04-30] ()
HKLM\...\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [892928 2011-11-23] (Sony Corporation)
HKLM\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [660568 2012-04-04] (Webroot)
HKU\Default User\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Faircloth\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Policies\system: [DisableCMD] 0
HKU\Faircloth\...\Policies\system: [NoDispAppearancePage] 0
HKU\Faircloth\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Faircloth\...\Policies\system: [NoDispSettingsPage] 0
HKU\kodak\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\kodak\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\kodak\...\Policies\system: [DisableCMD] 0
HKU\kodak\...\Policies\system: [NoDispAppearancePage] 0
HKU\kodak\...\Policies\system: [NoDispBackgroundPage] 0
HKU\kodak\...\Policies\system: [NoDispSettingsPage] 0
HKU\LocalService\...\Policies\system: [DisableCMD] 0
HKU\LocalService\...\Policies\system: [NoDispAppearancePage] 0
HKU\LocalService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\LocalService\...\Policies\system: [NoDispSettingsPage] 0
HKU\NetworkService\...\Policies\system: [DisableCMD] 0
HKU\NetworkService\...\Policies\system: [NoDispAppearancePage] 0
HKU\NetworkService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\NetworkService\...\Policies\system: [NoDispSettingsPage] 0
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
================================ Services (Whitelisted) ==================
2 ACS; C:\WINDOWS\system32\acs.exe [499796 2009-06-10] (Atheros)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 gupdate1ca6fc050bdcb20; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-11-27] (Google Inc.)
2 KodakDigitalDisplayService; "C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe" [98304 2008-08-08] (Orb Networks, Inc.)
2 lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [99248 2007-05-25] (Lexmark International, Inc.)
2 lxdd_device; C:\WINDOWS\system32\lxddcoms.exe -service [537520 2007-05-25] ( )
2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
2 SNMP; C:\Windows\System32\snmp.exe [33280 2008-04-14] (Microsoft Corporation)
3 Sony SCSI Helper Service; "C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2011-09-23] (Sony Corporation)
2 sp_rssrv; "C:\Program Files\Spyware Terminator\sp_rsser.exe" [496128 2011-11-17] (Crawler.com)
2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [523320 2008-08-22] (TOSHIBA Corporation)
2 TODDSrv; C:\WINDOWS\system32\TODDSrv.exe [129632 2007-11-21] (TOSHIBA Corporation)
2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [144752 2009-06-20] (TOSHIBA CORPORATION)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [660568 2012-04-04] (Webroot)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]
========================== Drivers (Whitelisted) =============
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2010-02-15] (Meetinghouse Data Communications)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [166448 2008-02-07] (Alps Electric Co., Ltd.)
3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1574112 2009-06-22] (Atheros Communications, Inc.)
0 awprDvyd; C:\Windows\System32\drivers\awprDvyd.sys [109584 2012-04-14] (Webroot)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 cecnuvc; C:\Windows\System32\Drivers\cec_uvc.sys [48176 2009-04-10] (Chicony Electronics Co., Ltd.)
2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2007-10-09] (Realtek)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [5870080 2009-07-29] (Realtek Semiconductor Corp.)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [287232 2007-12-28] (Realtek Semiconductor Corporation )
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [120064 2009-01-22] (Realtek Semiconductor Corporation )
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
1 sp_rsdrv2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [142592 2010-03-11] ()
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [16128 2007-02-22] (TOSHIBA Corporation.)
2 tdudf; C:\Windows\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
0 Thpdrv; C:\Windows\System32\DRIVERS\thpdrv.sys [28536 2008-08-21] (TOSHIBA Corporation)
0 Thpevm; C:\Windows\System32\DRIVERS\Thpevm.SYS [6528 2007-09-04] (TOSHIBA Corporation)
3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [46984 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [143720 2009-07-06] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36992 2009-06-11] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [69352 2009-06-23] (TOSHIBA Corporation)
3 tosrfec; C:\Windows\System32\DRIVERS\tosrfec.sys [15216 2009-07-14] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [74368 2009-05-20] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [21608 2009-06-18] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [59888 2009-06-19] (TOSHIBA Corporation)
3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [48888 2009-06-19] (TOSHIBA CORPORATION)
1 TPwSav; \??\C:\WINDOWS\system32\drivers\TPwSav.sys [17192 2008-07-24] (TOSHIBA )
2 trudf; C:\Windows\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23512 2009-03-12] (TOSHIBA Corporation)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Co., Ltd.)
0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [109584 2012-04-14] (Webroot)
3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [58208 2009-03-17] (Atheros Communications, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
3 cpuz132; \??\C:\DOCUME~1\FAIRCL~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
1 Sfloppy; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
4 ViaIde; [x]
3 WDICA; [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
============ 3 Months Modified Files and Folders ===============
2012-05-22 21:15 - 2012-05-22 19:54 - 0000000 ____D C:\FRST
2012-04-14 20:13 - 2010-10-10 11:41 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\BitTorrent
2012-04-14 20:10 - 2012-04-14 18:10 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
2012-04-14 20:09 - 2012-04-14 20:09 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\awprDvyd.sys
2012-04-14 19:53 - 2012-02-18 21:43 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2012-04-14 19:47 - 2010-03-11 21:55 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\Spyware Terminator
2012-04-14 19:46 - 2012-02-18 21:44 - 0146104 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-04-14 19:46 - 2012-02-18 21:44 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-04-14 19:46 - 2010-03-11 21:55 - 0000000 ____D C:\Program Files\Spyware Terminator
2012-04-14 19:32 - 2009-11-28 01:32 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-14 16:53 - 2010-10-05 05:14 - 0000430 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{01A95FD4-E392-4044-B6F9-191CC3FFBD47}.job
2012-04-12 21:56 - 2009-11-24 21:51 - 0000000 ___RD C:\Documents and Settings\Faircloth\My Documents\My Pictures
2012-04-10 00:55 - 2010-01-03 03:52 - 0000000 ____D C:\Documents and Settings\All Users\Documents\My Slide Shows
2012-04-06 18:26 - 2011-01-06 13:38 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Productivity_1.12
2012-04-04 13:22 - 2012-02-18 21:43 - 0000000 ____D C:\Program Files\Webroot
2012-03-31 15:32 - 2009-11-28 01:32 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-26 12:29 - 2010-02-15 23:14 - 0000387 ____A C:\Windows\RTacDbg.txt
2012-03-26 12:28 - 2010-01-03 03:52 - 0000062 __ASH C:\Documents and Settings\kodak\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-11-24 21:51 - 0000062 __ASH C:\Documents and Settings\Faircloth\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-09-08 09:58 - 0001158 ____A C:\Windows\System32\wpa.dbl
2012-03-26 12:28 - 2009-09-08 09:26 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-26 12:28 - 2009-09-08 02:20 - 0000049 ____A C:\Windows\wiaservc.log
2012-03-26 12:28 - 2009-09-08 02:19 - 0000159 ____A C:\Windows\wiadebug.log
2012-03-26 12:27 - 2009-10-25 01:46 - 1063702528 __ASH C:\hiberfil.sys
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-03-26 12:26 - 2009-11-24 21:51 - 0000178 ___SH C:\Documents and Settings\Faircloth\ntuser.ini
2012-03-26 12:26 - 2009-09-08 09:26 - 0032620 ____A C:\Windows\SchedLgU.Txt
2012-03-26 12:26 - 2009-09-08 09:22 - 1901359 ____A C:\Windows\WindowsUpdate.log
2012-03-23 23:27 - 2009-11-24 22:14 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Google
2012-03-23 23:24 - 2012-03-23 23:24 - 0000000 ____D C:\Documents and Settings\kodak\Local Settings\Application Data\Google
2012-03-19 05:02 - 2009-09-08 09:22 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-03-19 04:58 - 2009-09-08 02:17 - 0211626 ____A C:\Windows\setupact.log
2012-03-15 23:36 - 2009-11-27 23:41 - 0002698 ___AC C:\Documents and Settings\Faircloth\Application Data\wklnhst.dat
2012-03-14 17:27 - 2009-09-08 02:18 - 0512034 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-03-14 17:12 - 2009-10-25 02:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
========================= Known DLLs (Whitelisted) ============
C:\Windows\System32\olecli32.dll is missing
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2012-02-29 22:15 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP128
RP: -> 2011-12-15 14:38 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP127
RP: -> 2011-12-14 10:12 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP126
RP: -> 2011-11-23 11:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP125
RP: -> 2011-11-17 01:02 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP124
RP: -> 2011-11-12 11:31 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP123
RP: -> 2011-11-10 13:04 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP122
RP: -> 2011-11-08 14:27 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP121
RP: -> 2011-10-13 10:54 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP120
RP: -> 2011-10-01 14:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP119
RP: -> 2011-09-28 06:50 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP118
RP: -> 2011-09-26 17:26 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP117
RP: -> 2011-09-15 20:52 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP116
RP: -> 2011-09-12 09:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP115
RP: -> 2011-09-10 15:37 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP114
RP: -> 2011-09-08 12:16 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP113
RP: -> 2011-09-06 20:30 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP112
RP: -> 2011-09-03 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP111
RP: -> 2011-09-02 15:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP110
RP: -> 2011-08-25 10:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP109
RP: -> 2011-08-17 10:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP108
RP: -> 2011-08-11 10:51 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP107
RP: -> 2011-07-25 23:17 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP106
RP: -> 2011-07-24 12:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP105
RP: -> 2011-07-14 15:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP104
RP: -> 2011-07-12 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP103
========================= Memory info ======================
Percentage of memory in use: 20%
Total physical RAM: 1014.36 MB
Available physical RAM: 806.99 MB
Total Pagefile: 901.92 MB
Available Pagefile: 827.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.54 MB
======================= Partitions =========================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (TI105133P0A ) (Fixed) (Total:139.66 GB) (Free:24.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive e: (IOMEGAMINI) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
5 Drive y: (HDDRECOVERY) (Fixed) (Total:9.38 GB) (Free:4.56 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 140 GB 32 KB
Partition 2 Primary 9 GB 140 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105133P0A NTFS Partition 140 GB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y HDDRECOVERY FAT32 Partition 9 GB Healthy
======================================================================================================
======================= End Of Log ==========================
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012
Ran by SYSTEM at 22-05-2012 21:17:27
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet003
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui [471128 2009-06-10] (Atheros Communications, Inc.)
HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [424496 2009-07-27] (Chicony)
HKLM\...\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [81920 2009-05-08] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon [x]
HKLM\...\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe [141848 2009-02-17] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [166424 2009-02-17] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe [137752 2009-02-17] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [869744 2009-07-01] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [TDispVol] TDispVol.exe [x]
HKLM\...\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP [28672 2004-05-01] (TOSHIBA CO.,LTD.)
HKLM\...\Run: [ZoomingHook] ZoomingHook.exe [x]
HKLM\...\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant [110592 2009-02-25] ()
HKLM\...\Run: [TPSMain] TPSMain.exe [x]
HKLM\...\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run [136816 2007-01-25] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2216960 2011-11-17] (Crawler.com)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [20480 2007-04-30] ()
HKLM\...\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [892928 2011-11-23] (Sony Corporation)
HKLM\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [660568 2012-04-04] (Webroot)
HKU\Default User\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Faircloth\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Policies\system: [DisableCMD] 0
HKU\Faircloth\...\Policies\system: [NoDispAppearancePage] 0
HKU\Faircloth\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Faircloth\...\Policies\system: [NoDispSettingsPage] 0
HKU\kodak\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\kodak\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\kodak\...\Policies\system: [DisableCMD] 0
HKU\kodak\...\Policies\system: [NoDispAppearancePage] 0
HKU\kodak\...\Policies\system: [NoDispBackgroundPage] 0
HKU\kodak\...\Policies\system: [NoDispSettingsPage] 0
HKU\LocalService\...\Policies\system: [DisableCMD] 0
HKU\LocalService\...\Policies\system: [NoDispAppearancePage] 0
HKU\LocalService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\LocalService\...\Policies\system: [NoDispSettingsPage] 0
HKU\NetworkService\...\Policies\system: [DisableCMD] 0
HKU\NetworkService\...\Policies\system: [NoDispAppearancePage] 0
HKU\NetworkService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\NetworkService\...\Policies\system: [NoDispSettingsPage] 0
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
================================ Services (Whitelisted) ==================
2 ACS; C:\WINDOWS\system32\acs.exe [499796 2009-06-10] (Atheros)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 gupdate1ca6fc050bdcb20; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-11-27] (Google Inc.)
2 KodakDigitalDisplayService; "C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe" [98304 2008-08-08] (Orb Networks, Inc.)
2 lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [99248 2007-05-25] (Lexmark International, Inc.)
2 lxdd_device; C:\WINDOWS\system32\lxddcoms.exe -service [537520 2007-05-25] ( )
2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
2 SNMP; C:\Windows\System32\snmp.exe [33280 2008-04-14] (Microsoft Corporation)
3 Sony SCSI Helper Service; "C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2011-09-23] (Sony Corporation)
2 sp_rssrv; "C:\Program Files\Spyware Terminator\sp_rsser.exe" [496128 2011-11-17] (Crawler.com)
2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [523320 2008-08-22] (TOSHIBA Corporation)
2 TODDSrv; C:\WINDOWS\system32\TODDSrv.exe [129632 2007-11-21] (TOSHIBA Corporation)
2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [144752 2009-06-20] (TOSHIBA CORPORATION)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [660568 2012-04-04] (Webroot)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]
========================== Drivers (Whitelisted) =============
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2010-02-15] (Meetinghouse Data Communications)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [166448 2008-02-07] (Alps Electric Co., Ltd.)
3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1574112 2009-06-22] (Atheros Communications, Inc.)
0 awprDvyd; C:\Windows\System32\drivers\awprDvyd.sys [109584 2012-04-14] (Webroot)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 cecnuvc; C:\Windows\System32\Drivers\cec_uvc.sys [48176 2009-04-10] (Chicony Electronics Co., Ltd.)
2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2007-10-09] (Realtek)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [5870080 2009-07-29] (Realtek Semiconductor Corp.)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [287232 2007-12-28] (Realtek Semiconductor Corporation )
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [120064 2009-01-22] (Realtek Semiconductor Corporation )
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
1 sp_rsdrv2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [142592 2010-03-11] ()
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [16128 2007-02-22] (TOSHIBA Corporation.)
2 tdudf; C:\Windows\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
0 Thpdrv; C:\Windows\System32\DRIVERS\thpdrv.sys [28536 2008-08-21] (TOSHIBA Corporation)
0 Thpevm; C:\Windows\System32\DRIVERS\Thpevm.SYS [6528 2007-09-04] (TOSHIBA Corporation)
3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [46984 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [143720 2009-07-06] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36992 2009-06-11] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [69352 2009-06-23] (TOSHIBA Corporation)
3 tosrfec; C:\Windows\System32\DRIVERS\tosrfec.sys [15216 2009-07-14] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [74368 2009-05-20] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [21608 2009-06-18] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [59888 2009-06-19] (TOSHIBA Corporation)
3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [48888 2009-06-19] (TOSHIBA CORPORATION)
1 TPwSav; \??\C:\WINDOWS\system32\drivers\TPwSav.sys [17192 2008-07-24] (TOSHIBA )
2 trudf; C:\Windows\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23512 2009-03-12] (TOSHIBA Corporation)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Co., Ltd.)
0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [109584 2012-04-14] (Webroot)
3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [58208 2009-03-17] (Atheros Communications, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
3 cpuz132; \??\C:\DOCUME~1\FAIRCL~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
1 Sfloppy; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
4 ViaIde; [x]
3 WDICA; [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
============ 3 Months Modified Files and Folders ===============
2012-05-22 21:15 - 2012-05-22 19:54 - 0000000 ____D C:\FRST
2012-04-14 20:13 - 2010-10-10 11:41 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\BitTorrent
2012-04-14 20:10 - 2012-04-14 18:10 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
2012-04-14 20:09 - 2012-04-14 20:09 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\awprDvyd.sys
2012-04-14 19:53 - 2012-02-18 21:43 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2012-04-14 19:47 - 2010-03-11 21:55 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\Spyware Terminator
2012-04-14 19:46 - 2012-02-18 21:44 - 0146104 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-04-14 19:46 - 2012-02-18 21:44 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-04-14 19:46 - 2010-03-11 21:55 - 0000000 ____D C:\Program Files\Spyware Terminator
2012-04-14 19:32 - 2009-11-28 01:32 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-14 16:53 - 2010-10-05 05:14 - 0000430 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{01A95FD4-E392-4044-B6F9-191CC3FFBD47}.job
2012-04-12 21:56 - 2009-11-24 21:51 - 0000000 ___RD C:\Documents and Settings\Faircloth\My Documents\My Pictures
2012-04-10 00:55 - 2010-01-03 03:52 - 0000000 ____D C:\Documents and Settings\All Users\Documents\My Slide Shows
2012-04-06 18:26 - 2011-01-06 13:38 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Productivity_1.12
2012-04-04 13:22 - 2012-02-18 21:43 - 0000000 ____D C:\Program Files\Webroot
2012-03-31 15:32 - 2009-11-28 01:32 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-26 12:29 - 2010-02-15 23:14 - 0000387 ____A C:\Windows\RTacDbg.txt
2012-03-26 12:28 - 2010-01-03 03:52 - 0000062 __ASH C:\Documents and Settings\kodak\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-11-24 21:51 - 0000062 __ASH C:\Documents and Settings\Faircloth\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-09-08 09:58 - 0001158 ____A C:\Windows\System32\wpa.dbl
2012-03-26 12:28 - 2009-09-08 09:26 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-26 12:28 - 2009-09-08 02:20 - 0000049 ____A C:\Windows\wiaservc.log
2012-03-26 12:28 - 2009-09-08 02:19 - 0000159 ____A C:\Windows\wiadebug.log
2012-03-26 12:27 - 2009-10-25 01:46 - 1063702528 __ASH C:\hiberfil.sys
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-03-26 12:26 - 2009-11-24 21:51 - 0000178 ___SH C:\Documents and Settings\Faircloth\ntuser.ini
2012-03-26 12:26 - 2009-09-08 09:26 - 0032620 ____A C:\Windows\SchedLgU.Txt
2012-03-26 12:26 - 2009-09-08 09:22 - 1901359 ____A C:\Windows\WindowsUpdate.log
2012-03-23 23:27 - 2009-11-24 22:14 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Google
2012-03-23 23:24 - 2012-03-23 23:24 - 0000000 ____D C:\Documents and Settings\kodak\Local Settings\Application Data\Google
2012-03-19 05:02 - 2009-09-08 09:22 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-03-19 04:58 - 2009-09-08 02:17 - 0211626 ____A C:\Windows\setupact.log
2012-03-15 23:36 - 2009-11-27 23:41 - 0002698 ___AC C:\Documents and Settings\Faircloth\Application Data\wklnhst.dat
2012-03-14 17:27 - 2009-09-08 02:18 - 0512034 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-03-14 17:12 - 2009-10-25 02:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
========================= Known DLLs (Whitelisted) ============
C:\Windows\System32\olecli32.dll is missing
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2012-02-29 22:15 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP128
RP: -> 2011-12-15 14:38 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP127
RP: -> 2011-12-14 10:12 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP126
RP: -> 2011-11-23 11:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP125
RP: -> 2011-11-17 01:02 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP124
RP: -> 2011-11-12 11:31 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP123
RP: -> 2011-11-10 13:04 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP122
RP: -> 2011-11-08 14:27 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP121
RP: -> 2011-10-13 10:54 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP120
RP: -> 2011-10-01 14:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP119
RP: -> 2011-09-28 06:50 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP118
RP: -> 2011-09-26 17:26 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP117
RP: -> 2011-09-15 20:52 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP116
RP: -> 2011-09-12 09:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP115
RP: -> 2011-09-10 15:37 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP114
RP: -> 2011-09-08 12:16 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP113
RP: -> 2011-09-06 20:30 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP112
RP: -> 2011-09-03 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP111
RP: -> 2011-09-02 15:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP110
RP: -> 2011-08-25 10:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP109
RP: -> 2011-08-17 10:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP108
RP: -> 2011-08-11 10:51 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP107
RP: -> 2011-07-25 23:17 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP106
RP: -> 2011-07-24 12:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP105
RP: -> 2011-07-14 15:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP104
RP: -> 2011-07-12 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP103
========================= Memory info ======================
Percentage of memory in use: 20%
Total physical RAM: 1014.36 MB
Available physical RAM: 806.99 MB
Total Pagefile: 901.92 MB
Available Pagefile: 827.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.54 MB
======================= Partitions =========================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (TI105133P0A ) (Fixed) (Total:139.66 GB) (Free:24.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive e: (IOMEGAMINI) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
5 Drive y: (HDDRECOVERY) (Fixed) (Total:9.38 GB) (Free:4.56 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 140 GB 32 KB
Partition 2 Primary 9 GB 140 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105133P0A NTFS Partition 140 GB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y HDDRECOVERY FAT32 Partition 9 GB Healthy
======================================================================================================
======================= End Of Log ==========================
#14
Posted 22 May 2012 - 08:25 PM
is it supposed to look like the same file?
#15
Posted 22 May 2012 - 08:32 PM
i re-did it one more time just in case.
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012
Ran by SYSTEM at 22-05-2012 21:27:57
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet003
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui [471128 2009-06-10] (Atheros Communications, Inc.)
HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [424496 2009-07-27] (Chicony)
HKLM\...\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [81920 2009-05-08] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon [x]
HKLM\...\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe [141848 2009-02-17] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [166424 2009-02-17] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe [137752 2009-02-17] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [869744 2009-07-01] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [TDispVol] TDispVol.exe [x]
HKLM\...\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP [28672 2004-05-01] (TOSHIBA CO.,LTD.)
HKLM\...\Run: [ZoomingHook] ZoomingHook.exe [x]
HKLM\...\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant [110592 2009-02-25] ()
HKLM\...\Run: [TPSMain] TPSMain.exe [x]
HKLM\...\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run [136816 2007-01-25] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2216960 2011-11-17] (Crawler.com)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [20480 2007-04-30] ()
HKLM\...\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [892928 2011-11-23] (Sony Corporation)
HKLM\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [660568 2012-04-04] (Webroot)
HKU\Default User\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Faircloth\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Policies\system: [DisableCMD] 0
HKU\Faircloth\...\Policies\system: [NoDispAppearancePage] 0
HKU\Faircloth\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Faircloth\...\Policies\system: [NoDispSettingsPage] 0
HKU\kodak\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\kodak\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\kodak\...\Policies\system: [DisableCMD] 0
HKU\kodak\...\Policies\system: [NoDispAppearancePage] 0
HKU\kodak\...\Policies\system: [NoDispBackgroundPage] 0
HKU\kodak\...\Policies\system: [NoDispSettingsPage] 0
HKU\LocalService\...\Policies\system: [DisableCMD] 0
HKU\LocalService\...\Policies\system: [NoDispAppearancePage] 0
HKU\LocalService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\LocalService\...\Policies\system: [NoDispSettingsPage] 0
HKU\NetworkService\...\Policies\system: [DisableCMD] 0
HKU\NetworkService\...\Policies\system: [NoDispAppearancePage] 0
HKU\NetworkService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\NetworkService\...\Policies\system: [NoDispSettingsPage] 0
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
================================ Services (Whitelisted) ==================
2 ACS; C:\WINDOWS\system32\acs.exe [499796 2009-06-10] (Atheros)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 gupdate1ca6fc050bdcb20; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-11-27] (Google Inc.)
2 KodakDigitalDisplayService; "C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe" [98304 2008-08-08] (Orb Networks, Inc.)
2 lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [99248 2007-05-25] (Lexmark International, Inc.)
2 lxdd_device; C:\WINDOWS\system32\lxddcoms.exe -service [537520 2007-05-25] ( )
2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
2 SNMP; C:\Windows\System32\snmp.exe [33280 2008-04-14] (Microsoft Corporation)
3 Sony SCSI Helper Service; "C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2011-09-23] (Sony Corporation)
2 sp_rssrv; "C:\Program Files\Spyware Terminator\sp_rsser.exe" [496128 2011-11-17] (Crawler.com)
2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [523320 2008-08-22] (TOSHIBA Corporation)
2 TODDSrv; C:\WINDOWS\system32\TODDSrv.exe [129632 2007-11-21] (TOSHIBA Corporation)
2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [144752 2009-06-20] (TOSHIBA CORPORATION)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [660568 2012-04-04] (Webroot)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]
========================== Drivers (Whitelisted) =============
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2010-02-15] (Meetinghouse Data Communications)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [166448 2008-02-07] (Alps Electric Co., Ltd.)
3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1574112 2009-06-22] (Atheros Communications, Inc.)
0 awprDvyd; C:\Windows\System32\drivers\awprDvyd.sys [109584 2012-04-14] (Webroot)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 cecnuvc; C:\Windows\System32\Drivers\cec_uvc.sys [48176 2009-04-10] (Chicony Electronics Co., Ltd.)
2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2007-10-09] (Realtek)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [5870080 2009-07-29] (Realtek Semiconductor Corp.)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [287232 2007-12-28] (Realtek Semiconductor Corporation )
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [120064 2009-01-22] (Realtek Semiconductor Corporation )
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
1 sp_rsdrv2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [142592 2010-03-11] ()
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [16128 2007-02-22] (TOSHIBA Corporation.)
2 tdudf; C:\Windows\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
0 Thpdrv; C:\Windows\System32\DRIVERS\thpdrv.sys [28536 2008-08-21] (TOSHIBA Corporation)
0 Thpevm; C:\Windows\System32\DRIVERS\Thpevm.SYS [6528 2007-09-04] (TOSHIBA Corporation)
3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [46984 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [143720 2009-07-06] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36992 2009-06-11] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [69352 2009-06-23] (TOSHIBA Corporation)
3 tosrfec; C:\Windows\System32\DRIVERS\tosrfec.sys [15216 2009-07-14] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [74368 2009-05-20] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [21608 2009-06-18] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [59888 2009-06-19] (TOSHIBA Corporation)
3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [48888 2009-06-19] (TOSHIBA CORPORATION)
1 TPwSav; \??\C:\WINDOWS\system32\drivers\TPwSav.sys [17192 2008-07-24] (TOSHIBA )
2 trudf; C:\Windows\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23512 2009-03-12] (TOSHIBA Corporation)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Co., Ltd.)
0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [109584 2012-04-14] (Webroot)
3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [58208 2009-03-17] (Atheros Communications, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
3 cpuz132; \??\C:\DOCUME~1\FAIRCL~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
1 Sfloppy; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
4 ViaIde; [x]
3 WDICA; [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
============ 3 Months Modified Files and Folders ===============
2012-05-22 21:19 - 2012-05-22 19:54 - 0000000 ____D C:\FRST
2012-04-14 20:13 - 2010-10-10 11:41 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\BitTorrent
2012-04-14 20:10 - 2012-04-14 18:10 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
2012-04-14 20:09 - 2012-04-14 20:09 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\awprDvyd.sys
2012-04-14 19:53 - 2012-02-18 21:43 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2012-04-14 19:47 - 2010-03-11 21:55 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\Spyware Terminator
2012-04-14 19:46 - 2012-02-18 21:44 - 0146104 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-04-14 19:46 - 2012-02-18 21:44 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-04-14 19:46 - 2010-03-11 21:55 - 0000000 ____D C:\Program Files\Spyware Terminator
2012-04-14 19:32 - 2009-11-28 01:32 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-14 16:53 - 2010-10-05 05:14 - 0000430 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{01A95FD4-E392-4044-B6F9-191CC3FFBD47}.job
2012-04-12 21:56 - 2009-11-24 21:51 - 0000000 ___RD C:\Documents and Settings\Faircloth\My Documents\My Pictures
2012-04-10 00:55 - 2010-01-03 03:52 - 0000000 ____D C:\Documents and Settings\All Users\Documents\My Slide Shows
2012-04-06 18:26 - 2011-01-06 13:38 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Productivity_1.12
2012-04-04 13:22 - 2012-02-18 21:43 - 0000000 ____D C:\Program Files\Webroot
2012-03-31 15:32 - 2009-11-28 01:32 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-26 12:29 - 2010-02-15 23:14 - 0000387 ____A C:\Windows\RTacDbg.txt
2012-03-26 12:28 - 2010-01-03 03:52 - 0000062 __ASH C:\Documents and Settings\kodak\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-11-24 21:51 - 0000062 __ASH C:\Documents and Settings\Faircloth\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-09-08 09:58 - 0001158 ____A C:\Windows\System32\wpa.dbl
2012-03-26 12:28 - 2009-09-08 09:26 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-26 12:28 - 2009-09-08 02:20 - 0000049 ____A C:\Windows\wiaservc.log
2012-03-26 12:28 - 2009-09-08 02:19 - 0000159 ____A C:\Windows\wiadebug.log
2012-03-26 12:27 - 2009-10-25 01:46 - 1063702528 __ASH C:\hiberfil.sys
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-03-26 12:26 - 2009-11-24 21:51 - 0000178 ___SH C:\Documents and Settings\Faircloth\ntuser.ini
2012-03-26 12:26 - 2009-09-08 09:26 - 0032620 ____A C:\Windows\SchedLgU.Txt
2012-03-26 12:26 - 2009-09-08 09:22 - 1901359 ____A C:\Windows\WindowsUpdate.log
2012-03-23 23:27 - 2009-11-24 22:14 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Google
2012-03-23 23:24 - 2012-03-23 23:24 - 0000000 ____D C:\Documents and Settings\kodak\Local Settings\Application Data\Google
2012-03-19 05:02 - 2009-09-08 09:22 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-03-19 04:58 - 2009-09-08 02:17 - 0211626 ____A C:\Windows\setupact.log
2012-03-15 23:36 - 2009-11-27 23:41 - 0002698 ___AC C:\Documents and Settings\Faircloth\Application Data\wklnhst.dat
2012-03-14 17:27 - 2009-09-08 02:18 - 0512034 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-03-14 17:12 - 2009-10-25 02:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
========================= Known DLLs (Whitelisted) ============
C:\Windows\System32\olecli32.dll is missing
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2012-02-29 22:15 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP128
RP: -> 2011-12-15 14:38 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP127
RP: -> 2011-12-14 10:12 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP126
RP: -> 2011-11-23 11:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP125
RP: -> 2011-11-17 01:02 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP124
RP: -> 2011-11-12 11:31 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP123
RP: -> 2011-11-10 13:04 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP122
RP: -> 2011-11-08 14:27 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP121
RP: -> 2011-10-13 10:54 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP120
RP: -> 2011-10-01 14:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP119
RP: -> 2011-09-28 06:50 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP118
RP: -> 2011-09-26 17:26 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP117
RP: -> 2011-09-15 20:52 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP116
RP: -> 2011-09-12 09:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP115
RP: -> 2011-09-10 15:37 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP114
RP: -> 2011-09-08 12:16 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP113
RP: -> 2011-09-06 20:30 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP112
RP: -> 2011-09-03 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP111
RP: -> 2011-09-02 15:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP110
RP: -> 2011-08-25 10:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP109
RP: -> 2011-08-17 10:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP108
RP: -> 2011-08-11 10:51 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP107
RP: -> 2011-07-25 23:17 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP106
RP: -> 2011-07-24 12:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP105
RP: -> 2011-07-14 15:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP104
RP: -> 2011-07-12 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP103
========================= Memory info ======================
Percentage of memory in use: 20%
Total physical RAM: 1014.36 MB
Available physical RAM: 806.96 MB
Total Pagefile: 901.92 MB
Available Pagefile: 827.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.54 MB
======================= Partitions =========================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (TI105133P0A ) (Fixed) (Total:139.66 GB) (Free:24.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive e: (IOMEGAMINI) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
5 Drive y: (HDDRECOVERY) (Fixed) (Total:9.38 GB) (Free:4.56 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 140 GB 32 KB
Partition 2 Primary 9 GB 140 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105133P0A NTFS Partition 140 GB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y HDDRECOVERY FAT32 Partition 9 GB Healthy
======================================================================================================
======================= End Of Log ==========================
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012
Ran by SYSTEM at 22-05-2012 21:27:57
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet003
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui [471128 2009-06-10] (Atheros Communications, Inc.)
HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [424496 2009-07-27] (Chicony)
HKLM\...\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [81920 2009-05-08] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon [x]
HKLM\...\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe [141848 2009-02-17] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [166424 2009-02-17] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe [137752 2009-02-17] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [869744 2009-07-01] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [TDispVol] TDispVol.exe [x]
HKLM\...\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP [28672 2004-05-01] (TOSHIBA CO.,LTD.)
HKLM\...\Run: [ZoomingHook] ZoomingHook.exe [x]
HKLM\...\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant [110592 2009-02-25] ()
HKLM\...\Run: [TPSMain] TPSMain.exe [x]
HKLM\...\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run [136816 2007-01-25] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2216960 2011-11-17] (Crawler.com)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [20480 2007-04-30] ()
HKLM\...\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [892928 2011-11-23] (Sony Corporation)
HKLM\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [660568 2012-04-04] (Webroot)
HKU\Default User\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Faircloth\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Faircloth\...\Policies\system: [DisableCMD] 0
HKU\Faircloth\...\Policies\system: [NoDispAppearancePage] 0
HKU\Faircloth\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Faircloth\...\Policies\system: [NoDispSettingsPage] 0
HKU\kodak\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\kodak\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\kodak\...\Policies\system: [DisableCMD] 0
HKU\kodak\...\Policies\system: [NoDispAppearancePage] 0
HKU\kodak\...\Policies\system: [NoDispBackgroundPage] 0
HKU\kodak\...\Policies\system: [NoDispSettingsPage] 0
HKU\LocalService\...\Policies\system: [DisableCMD] 0
HKU\LocalService\...\Policies\system: [NoDispAppearancePage] 0
HKU\LocalService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\LocalService\...\Policies\system: [NoDispSettingsPage] 0
HKU\NetworkService\...\Policies\system: [DisableCMD] 0
HKU\NetworkService\...\Policies\system: [NoDispAppearancePage] 0
HKU\NetworkService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\NetworkService\...\Policies\system: [NoDispSettingsPage] 0
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
================================ Services (Whitelisted) ==================
2 ACS; C:\WINDOWS\system32\acs.exe [499796 2009-06-10] (Atheros)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 gupdate1ca6fc050bdcb20; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-11-27] (Google Inc.)
2 KodakDigitalDisplayService; "C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe" [98304 2008-08-08] (Orb Networks, Inc.)
2 lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [99248 2007-05-25] (Lexmark International, Inc.)
2 lxdd_device; C:\WINDOWS\system32\lxddcoms.exe -service [537520 2007-05-25] ( )
2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
2 SNMP; C:\Windows\System32\snmp.exe [33280 2008-04-14] (Microsoft Corporation)
3 Sony SCSI Helper Service; "C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2011-09-23] (Sony Corporation)
2 sp_rssrv; "C:\Program Files\Spyware Terminator\sp_rsser.exe" [496128 2011-11-17] (Crawler.com)
2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [523320 2008-08-22] (TOSHIBA Corporation)
2 TODDSrv; C:\WINDOWS\system32\TODDSrv.exe [129632 2007-11-21] (TOSHIBA Corporation)
2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [144752 2009-06-20] (TOSHIBA CORPORATION)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [660568 2012-04-04] (Webroot)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]
========================== Drivers (Whitelisted) =============
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2010-02-15] (Meetinghouse Data Communications)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [166448 2008-02-07] (Alps Electric Co., Ltd.)
3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1574112 2009-06-22] (Atheros Communications, Inc.)
0 awprDvyd; C:\Windows\System32\drivers\awprDvyd.sys [109584 2012-04-14] (Webroot)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 cecnuvc; C:\Windows\System32\Drivers\cec_uvc.sys [48176 2009-04-10] (Chicony Electronics Co., Ltd.)
2 EAPPkt; C:\Windows\System32\DRIVERS\EAPPkt.sys [38144 2007-10-09] (Realtek)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [5870080 2009-07-29] (Realtek Semiconductor Corp.)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [287232 2007-12-28] (Realtek Semiconductor Corporation )
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [120064 2009-01-22] (Realtek Semiconductor Corporation )
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
1 sp_rsdrv2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [142592 2010-03-11] ()
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [16128 2007-02-22] (TOSHIBA Corporation.)
2 tdudf; C:\Windows\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
0 Thpdrv; C:\Windows\System32\DRIVERS\thpdrv.sys [28536 2008-08-21] (TOSHIBA Corporation)
0 Thpevm; C:\Windows\System32\DRIVERS\Thpevm.SYS [6528 2007-09-04] (TOSHIBA Corporation)
3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [46984 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [143720 2009-07-06] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36992 2009-06-11] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [69352 2009-06-23] (TOSHIBA Corporation)
3 tosrfec; C:\Windows\System32\DRIVERS\tosrfec.sys [15216 2009-07-14] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [74368 2009-05-20] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [21608 2009-06-18] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [59888 2009-06-19] (TOSHIBA Corporation)
3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [48888 2009-06-19] (TOSHIBA CORPORATION)
1 TPwSav; \??\C:\WINDOWS\system32\drivers\TPwSav.sys [17192 2008-07-24] (TOSHIBA )
2 trudf; C:\Windows\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23512 2009-03-12] (TOSHIBA Corporation)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Co., Ltd.)
0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [109584 2012-04-14] (Webroot)
3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [58208 2009-03-17] (Atheros Communications, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
3 cpuz132; \??\C:\DOCUME~1\FAIRCL~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
1 Sfloppy; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
4 ViaIde; [x]
3 WDICA; [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
============ 3 Months Modified Files and Folders ===============
2012-05-22 21:19 - 2012-05-22 19:54 - 0000000 ____D C:\FRST
2012-04-14 20:13 - 2010-10-10 11:41 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\BitTorrent
2012-04-14 20:10 - 2012-04-14 18:10 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
2012-04-14 20:09 - 2012-04-14 20:09 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\awprDvyd.sys
2012-04-14 19:53 - 2012-02-18 21:43 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2012-04-14 19:47 - 2010-03-11 21:55 - 0000000 ____D C:\Documents and Settings\Faircloth\Application Data\Spyware Terminator
2012-04-14 19:46 - 2012-02-18 21:44 - 0146104 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-04-14 19:46 - 2012-02-18 21:44 - 0109584 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-04-14 19:46 - 2010-03-11 21:55 - 0000000 ____D C:\Program Files\Spyware Terminator
2012-04-14 19:32 - 2009-11-28 01:32 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-14 16:53 - 2010-10-05 05:14 - 0000430 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{01A95FD4-E392-4044-B6F9-191CC3FFBD47}.job
2012-04-12 21:56 - 2009-11-24 21:51 - 0000000 ___RD C:\Documents and Settings\Faircloth\My Documents\My Pictures
2012-04-10 00:55 - 2010-01-03 03:52 - 0000000 ____D C:\Documents and Settings\All Users\Documents\My Slide Shows
2012-04-06 18:26 - 2011-01-06 13:38 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Productivity_1.12
2012-04-04 13:22 - 2012-02-18 21:43 - 0000000 ____D C:\Program Files\Webroot
2012-03-31 15:32 - 2009-11-28 01:32 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-26 12:29 - 2010-02-15 23:14 - 0000387 ____A C:\Windows\RTacDbg.txt
2012-03-26 12:28 - 2010-01-03 03:52 - 0000062 __ASH C:\Documents and Settings\kodak\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-11-24 21:51 - 0000062 __ASH C:\Documents and Settings\Faircloth\Local Settings\desktop.ini
2012-03-26 12:28 - 2009-09-08 09:58 - 0001158 ____A C:\Windows\System32\wpa.dbl
2012-03-26 12:28 - 2009-09-08 09:26 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-26 12:28 - 2009-09-08 02:20 - 0000049 ____A C:\Windows\wiaservc.log
2012-03-26 12:28 - 2009-09-08 02:19 - 0000159 ____A C:\Windows\wiadebug.log
2012-03-26 12:27 - 2009-10-25 01:46 - 1063702528 __ASH C:\hiberfil.sys
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-03-26 12:27 - 2009-09-08 09:26 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-03-26 12:26 - 2009-11-24 21:51 - 0000178 ___SH C:\Documents and Settings\Faircloth\ntuser.ini
2012-03-26 12:26 - 2009-09-08 09:26 - 0032620 ____A C:\Windows\SchedLgU.Txt
2012-03-26 12:26 - 2009-09-08 09:22 - 1901359 ____A C:\Windows\WindowsUpdate.log
2012-03-23 23:27 - 2009-11-24 22:14 - 0000000 ____D C:\Documents and Settings\Faircloth\Local Settings\Application Data\Google
2012-03-23 23:24 - 2012-03-23 23:24 - 0000000 ____D C:\Documents and Settings\kodak\Local Settings\Application Data\Google
2012-03-19 05:02 - 2009-09-08 09:22 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-03-19 04:58 - 2009-09-08 02:17 - 0211626 ____A C:\Windows\setupact.log
2012-03-15 23:36 - 2009-11-27 23:41 - 0002698 ___AC C:\Documents and Settings\Faircloth\Application Data\wklnhst.dat
2012-03-14 17:27 - 2009-09-08 02:18 - 0512034 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-03-14 17:12 - 2009-10-25 02:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
========================= Known DLLs (Whitelisted) ============
C:\Windows\System32\olecli32.dll is missing
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2012-02-29 22:15 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP128
RP: -> 2011-12-15 14:38 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP127
RP: -> 2011-12-14 10:12 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP126
RP: -> 2011-11-23 11:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP125
RP: -> 2011-11-17 01:02 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP124
RP: -> 2011-11-12 11:31 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP123
RP: -> 2011-11-10 13:04 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP122
RP: -> 2011-11-08 14:27 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP121
RP: -> 2011-10-13 10:54 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP120
RP: -> 2011-10-01 14:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP119
RP: -> 2011-09-28 06:50 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP118
RP: -> 2011-09-26 17:26 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP117
RP: -> 2011-09-15 20:52 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP116
RP: -> 2011-09-12 09:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP115
RP: -> 2011-09-10 15:37 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP114
RP: -> 2011-09-08 12:16 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP113
RP: -> 2011-09-06 20:30 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP112
RP: -> 2011-09-03 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP111
RP: -> 2011-09-02 15:45 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP110
RP: -> 2011-08-25 10:47 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP109
RP: -> 2011-08-17 10:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP108
RP: -> 2011-08-11 10:51 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP107
RP: -> 2011-07-25 23:17 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP106
RP: -> 2011-07-24 12:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP105
RP: -> 2011-07-14 15:01 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP104
RP: -> 2011-07-12 21:25 - 020480 _restore{C7D732D9-4C10-4400-A0B4-2BD6FDA16F33}\RP103
========================= Memory info ======================
Percentage of memory in use: 20%
Total physical RAM: 1014.36 MB
Available physical RAM: 806.96 MB
Total Pagefile: 901.92 MB
Available Pagefile: 827.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.54 MB
======================= Partitions =========================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (TI105133P0A ) (Fixed) (Total:139.66 GB) (Free:24.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive e: (IOMEGAMINI) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
5 Drive y: (HDDRECOVERY) (Fixed) (Total:9.38 GB) (Free:4.56 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 140 GB 32 KB
Partition 2 Primary 9 GB 140 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105133P0A NTFS Partition 140 GB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y HDDRECOVERY FAT32 Partition 9 GB Healthy
======================================================================================================
======================= End Of Log ==========================
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users