Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #31  
Old February 4th, 2010, 05:29 AM
monka56's Avatar
monka56 monka56 is offline
Member
 
Join Date: Sep 2007
O/S: Windows Vista
Location: Wichita, Kansas
Posts: 44
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={BB0B8D5A-9DA8-9290-4A54-5A5DF898B8A9}&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FA A-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/27 11:01:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/19 20:47:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/27 17:59:41 | 00,000,000 | ---D | M]

[2009/02/28 03:14:00 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Mozilla\Extensions
[2010/02/03 21:59:32 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions
[2009/03/01 03:13:06 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/26 17:09:51 | 00,000,000 | ---D | M] (My Tattoons (Fast Browser Search)) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/01/25 15:00:43 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/09/26 17:09:57 | 00,005,407 | ---- | M] () -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\searchplugins\fast-browser-search.xml
[2010/01/22 20:44:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/30 14:08:13 | 00,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\V CAST Media Monitor.lnk = C:\Program Files\V CAST Media Manager\MEMonitor.exe (Smith Micro, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3 .dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Donna\Pictures\GoogleDesktopPhotosPluginW allpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Donna\Pictures\GoogleDesktopPhotosPluginW allpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 02:39:48 | 00,000,074 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9ec29134-0536-11df-b3a7-0016d48b42c5}\Shell - "" = AutoRun
O33 - MountPoints2\{9ec29134-0536-11df-b3a7-0016d48b42c5}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- [2009/05/25 23:25:52 | 02,320,432 | R--- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/02/26 22:55:04 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
Reply With Quote
  #32  
Old February 4th, 2010, 05:30 AM
monka56's Avatar
monka56 monka56 is offline
Member
 
Join Date: Sep 2007
O/S: Windows Vista
Location: Wichita, Kansas
Posts: 44
========== Files/Folders - Created Within 14 Days ==========

[2010/02/02 13:23:54 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/01/31 21:53:22 | 00,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\Malwarebytes
[2010/01/31 21:53:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/31 21:53:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/31 21:53:14 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/31 21:53:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/30 14:18:40 | 00,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\temp
[2010/01/30 14:08:59 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/30 14:05:14 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2010/01/30 13:48:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/30 13:48:24 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/30 13:48:24 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/30 13:48:05 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/30 13:47:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/30 13:46:55 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/27 18:13:22 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe
[2010/01/22 20:46:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/01/22 13:05:19 | 00,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\com.adobe.mauby.487 5E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/01 03:38:28 | 01,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll
[2009/03/01 03:38:28 | 00,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll
[2009/03/01 03:38:28 | 00,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll
[2009/03/01 03:38:28 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll
[2009/03/01 03:38:28 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll
[2009/03/01 03:38:28 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll
[2009/03/01 03:38:28 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll
[2009/03/01 03:38:28 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll
[2009/03/01 03:38:28 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll
[2009/03/01 03:38:28 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll
[2009/03/01 03:38:27 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll
[2009/03/01 03:38:27 | 00,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll

========== Files - Modified Within 14 Days ==========

[2010/02/03 22:07:27 | 02,621,440 | -HS- | M] () -- C:\Users\Donna\ntuser.dat
[2010/02/03 22:07:03 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/03 21:46:38 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/03 13:22:49 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/03 13:22:49 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/03 13:18:39 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/03 13:13:02 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/02/02 18:18:21 | 00,000,517 | ---- | M] () -- C:\Users\Donna\Documents\OTL.lnk
[2010/02/02 16:04:11 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/02 16:04:11 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/02 16:04:11 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/02 15:58:21 | 00,000,434 | ---- | M] () -- C:\Windows\tasks\RegPowerClean.job
[2010/02/02 15:57:59 | 00,000,400 | ---- | M] () -- C:\Windows\tasks\WSSHelper.job
[2010/02/02 15:57:58 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/02 15:57:50 | 26,739,91680 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/31 22:06:49 | 00,524,288 | -HS- | M] () -- C:\Users\Donna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms
[2010/01/31 22:06:49 | 00,065,536 | -HS- | M] () -- C:\Users\Donna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/31 22:06:47 | 02,417,445 | -H-- | M] () -- C:\Users\Donna\AppData\Local\IconCache.db
[2010/01/31 21:53:19 | 00,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/30 15:10:27 | 00,009,728 | ---- | M] () -- C:\Users\Donna\Documents\Ref. Letter.wps
[2010/01/30 15:10:27 | 00,000,538 | ---- | M] () -- C:\Users\Donna\AppData\Roaming\wklnhst.dat
[2010/01/30 14:08:23 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/01/30 14:08:13 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/30 13:44:20 | 00,000,874 | ---- | M] () -- C:\Users\Donna\Desktop\schrauber - Shortcut.lnk
[2010/01/27 18:13:49 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe
[2010/01/27 17:59:41 | 00,001,898 | ---- | M] () -- C:\Users\Donna\Adobe Reader 9 (1).lnk
[2010/01/25 17:06:34 | 00,051,062 | ---- | M] () -- C:\Users\Donna\Documents\misc documents.pdf

========== Files Created - No Company Name ==========

[2010/01/31 21:53:19 | 00,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/30 15:10:27 | 00,009,728 | ---- | C] () -- C:\Users\Donna\Documents\Ref. Letter.wps
[2010/01/30 13:48:28 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/30 13:48:24 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/30 13:48:24 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/30 13:48:24 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/30 13:48:24 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/30 13:44:20 | 00,000,874 | ---- | C] () -- C:\Users\Donna\Desktop\schrauber - Shortcut.lnk
[2010/01/30 11:57:38 | 00,000,517 | ---- | C] () -- C:\Users\Donna\Documents\OTL.lnk
[2010/01/27 17:59:41 | 00,001,898 | ---- | C] () -- C:\Users\Donna\Adobe Reader 9 (1).lnk
[2010/01/25 17:06:34 | 00,051,062 | ---- | C] () -- C:\Users\Donna\Documents\misc documents.pdf
[2009/10/24 22:26:30 | 00,158,224 | ---- | C] () -- C:\Windows\System32\drivers\tmcomm.sys
[2009/10/24 22:26:30 | 00,059,920 | ---- | C] () -- C:\Windows\System32\drivers\tmactmon.sys
[2009/10/24 22:26:30 | 00,050,704 | ---- | C] () -- C:\Windows\System32\drivers\tmevtmgr.sys
[2009/08/05 20:53:30 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/13 11:38:41 | 00,000,538 | ---- | C] () -- C:\Users\Donna\AppData\Roaming\wklnhst.dat
[2009/03/11 16:32:41 | 00,000,159 | ---- | C] () -- C:\ProgramData\lxdd
[2009/03/01 03:39:02 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxddrwrd.ini
[2009/03/01 03:38:28 | 00,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll
[2009/03/01 03:38:28 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll
[2009/03/01 03:02:50 | 00,068,960 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/02/27 22:50:49 | 00,000,680 | ---- | C] () -- C:\Users\Donna\AppData\Local\d3d9caps.dat
[2009/02/26 21:04:01 | 00,070,656 | ---- | C] () -- C:\Users\Donna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/22 17:43:54 | 00,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/03/28 16:16:44 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxddcoin.dll
[2007/01/23 21:40:04 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxddcaps.dll
[2007/01/09 19:13:08 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdddrs.dll
[2006/11/30 19:36:51 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2006/11/30 19:07:04 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ef9-80d7-11db-a907-0016d42ca96e}.TMContainer00000000000000000002.regt rans-ms
[2006/11/30 19:07:04 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ef9-80d7-11db-a907-0016d42ca96e}.TM.blf
[2006/11/30 19:07:03 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ee9-80d7-11db-a907-0016d42ca96e}.TMContainer00000000000000000002.regt rans-ms
[2006/11/30 19:07:03 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2006/11/30 19:07:03 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ee9-80d7-11db-a907-0016d42ca96e}.TM.blf
[2006/11/30 19:07:03 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2006/11/30 19:07:03 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2006/11/30 18:52:32 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2006/11/30 18:52:32 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2006/11/30 18:52:32 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2006/11/30 18:52:32 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2006/11/30 18:52:32 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2006/11/30 18:52:32 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2006/11/30 18:26:12 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2006/11/30 18:26:12 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2006/11/30 18:26:12 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2006/11/30 18:26:12 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006/11/24 09:48:44 | 00,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/06 13:02:10 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/06 11:03:16 | 00,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/06 11:00:56 | 00,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/31 19:37:00 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/10/06 19:08:04 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxddcnv4.dll
[2006/08/10 17:00:52 | 00,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2006/05/18 04:47:12 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxddvs.dll
[2006/03/09 12:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 16:55:42 | 00,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 23:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/01/22 13:05:19 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\com.adobe.mauby.487 5E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/28 04:04:42 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\GARMIN
[2009/04/27 03:37:13 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\GoodSync
[2009/06/15 21:27:32 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\InterVideo
[2009/03/01 03:50:31 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Lexmark Productivity Studio
[2009/03/25 21:57:05 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\licenses
[2009/03/25 21:57:02 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\PCMM2009
[2009/11/22 14:25:01 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Smith Micro
[2009/03/13 11:38:42 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Template
[2010/02/02 15:58:21 | 00,000,434 | ---- | M] () -- C:\Windows\Tasks\RegPowerClean.job
[2010/01/31 22:06:57 | 00,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/02 15:57:59 | 00,000,400 | ---- | M] () -- C:\Windows\Tasks\WSSHelper.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 01:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_51b95d75\AGP440.sys
[2008/01/19 01:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_f750e484\AGP440.sys
[2008/01/19 01:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 01:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 01:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_cc18792d\atapi.sys
[2008/01/19 01:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d29293 2a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 01:42:52 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\ias torv.inf_c9df7691\iaStorV.sys
[2008/01/19 01:42:52 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35 _6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\ias torv.inf_37cdafa4\iaStorV.sys

< MD5 for: KR10N.SYS >
[2005/09/27 17:57:38 | 00,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\drivers\KR10N.sys
[2005/09/27 17:57:38 | 00,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\DriverStore\FileRepository\kr1 0n.inf_f8c77270\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 03:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80 f5473b0ed783\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3 304f351bb3a3\netlogon.dll
[2008/01/19 01:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7 b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvr aid.inf_733654ff\nvstor.sys
[2008/01/19 01:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvr aid.inf_31c3d71d\nvstor.sys
[2008/01/19 01:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_ 6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 01:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.1 8000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 03:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.1 6386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.1 8005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >
Reply With Quote
  #33  
Old February 5th, 2010, 08:35 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Hi,


Delete ComboFix and Clean Up
Click Start > Run > type combofix /Uninstall > OK (Note the space between combofix and /Uninstall)
Please advise if this step is missed for any reason as it performs some important actions.




Please run OTL one more time and hit Cleanup. This will remove OTL and all helper tools.




Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean



Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future.


Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  1. If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.

  2. If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.

  3. If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.

  4. If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites

  5. Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.

  6. Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.

  7. When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.

  8. Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.

  9. Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.

  10. DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
Visit Microsoft's Windows Update Site Frequently

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Make Internet Explorer 7 more secure
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
    1. Change the Download signed ActiveX controls to Prompt
    2. Change the Download unsigned ActiveX controls to Disable
    3. Change the Initialize and script ActiveX controls not marked as safe to Disable
    4. Change the Installation of desktop items to Prompt
    5. Change the Launching programs and files in an IFRAME to Prompt
    6. Change the Navigate sub-frames across different domains to Prompt
    7. When all these settings have been made, click on the OK button.
    8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
  5. Next press the Apply button and then the OK to exit the Internet Properties page.


If we have helped you, please consider supporting Cyber Tech Help with a subscription.
Reply With Quote
  #34  
Old February 21st, 2010, 09:31 PM
monka56's Avatar
monka56 monka56 is offline
Member
 
Join Date: Sep 2007
O/S: Windows Vista
Location: Wichita, Kansas
Posts: 44
There has been no change in performance, I notice that the CPU usage fluctuates from 10% and goes as high as 98%! The graphic performance rating is 2.1, but everything else is 3.0 or higher. I was told that I cannot upgrade the graphic card on my laptop. You ran all sorts of cleaning and diagnostics on it, Is there ANYTHING I can do to speed up my computer? It's only 3 years old and I'm not really ready to buy another. Which brings me to another question. If I do need to get another computer I am looking at a Mac. I hear they don't have the viral/malware issues like a PC. Being illiterate in the computer area can you give me the pros and cons from your prospectus?
Reply With Quote
  #35  
Old February 22nd, 2010, 08:15 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Hi,

Please post back with a fresh OTL logfile, I will have a look.
Reply With Quote
  #36  
Old February 22nd, 2010, 11:20 PM
monka56's Avatar
monka56 monka56 is offline
Member
 
Join Date: Sep 2007
O/S: Windows Vista
Location: Wichita, Kansas
Posts: 44
pls resend link for old timer..deleted it
Reply With Quote
  #37  
Old February 24th, 2010, 06:48 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
No problem
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Reply With Quote
  #38  
Old February 25th, 2010, 01:10 AM
monka56's Avatar
monka56 monka56 is offline
Member
 
Join Date: Sep 2007
O/S: Windows Vista
Location: Wichita, Kansas
Posts: 44
*OTL logfile created on: 2/24/2010 5:08:44 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Donna\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 38.07 Gb Free Space | 25.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DONNA-PC
Current User Name: Donna
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/24 17:08:07 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Downloads\OTL.exe
PRC - [2010/01/15 21:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/10 22:51:41 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/12 20:49:21 | 004,541,752 | ---- | M] (Yahoo! Inc.) -- C:\Users\Donna\AppData\Local\Yahoo!\BrowserPlus\2. 4.21\BrowserPlusCore.exe
PRC - [2009/11/10 15:39:26 | 005,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/11/09 23:22:00 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/10/24 22:26:22 | 001,020,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/10/24 22:26:22 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/10/24 22:26:21 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/10/24 22:26:21 | 000,345,352 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/10/24 22:26:20 | 000,715,368 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/10/24 22:26:20 | 000,492,808 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
PRC - [2009/09/21 17:36:12 | 000,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 17:36:02 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/09 13:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/23 02:04:12 | 003,716,376 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
PRC - [2009/04/11 00:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 00:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/04 00:57:50 | 000,292,440 | ---- | M] () -- C:\Program Files\SiteAdvisor\4295\SAService.exe
PRC - [2009/02/23 07:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/12/12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/22 17:44:28 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/09/22 17:42:24 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/09/22 17:41:50 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/02/13 16:13:44 | 000,126,976 | ---- | M] (Capital Intellect Inc) -- C:\Program Files\Common Files\Winferno\WSS\WSS.exe
PRC - [2008/01/19 01:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 01:33:42 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/19 01:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 01:33:16 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007/06/11 21:27:24 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/25 11:41:54 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxddser v.exe
PRC - [2007/05/25 11:41:38 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
PRC - [2007/04/30 10:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2006/11/28 22:05:38 | 000,523,952 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2006/11/22 19:45:28 | 000,425,648 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2006/11/22 19:08:12 | 000,409,264 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2006/11/20 14:15:14 | 000,446,128 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2006/11/10 16:22:26 | 000,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2006/11/09 12:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/06 19:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\Toshiba\Utilities\KeNotify.exe
PRC - [2006/11/06 11:05:32 | 000,106,496 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2006/11/06 11:02:18 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2006/11/02 03:46:00 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006/11/01 00:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006/10/27 15:50:52 | 000,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/10/27 15:11:02 | 000,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2006/09/12 10:03:20 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/07/20 14:54:28 | 000,040,960 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/02/24 17:08:07 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Downloads\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/11 00:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb7 2f96088b0de0\comctl32.dll
MOD - [2008/09/22 17:44:18 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\temp\logishrd\LVPrcInj01.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/17 16:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/09 23:22:00 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223)
SRV - [2009/10/24 22:26:22 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/10/24 22:26:21 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/10/24 22:26:21 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/10/24 22:26:20 | 000,715,368 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/21 17:36:02 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/08 21:21:44 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2009/07/09 13:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/07 01:42:56 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/04 00:57:50 | 000,292,440 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\4295\SAService.exe -- (SiteAdvisor Service)
SRV - [2008/12/12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/22 17:44:28 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/09/22 17:42:24 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/02/13 16:13:44 | 000,126,976 | ---- | M] (Capital Intellect Inc) [Auto | Running] -- C:\Program Files\Common Files\Winferno\WSS\WSS.exe -- (Winferno Subscription Service)
SRV - [2008/01/19 01:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 01:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 01:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/25 11:41:54 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddse rv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 11:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2006/11/22 19:45:28 | 000,425,648 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/02 06:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/01 00:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/09/12 10:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/07/20 14:54:28 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Standard Registry (SafeList) ==========
Reply With Quote
  #39  
Old February 25th, 2010, 01:16 AM
monka56's Avatar
monka56 monka56 is offline
Member
 
Join Date: Sep 2007
O/S: Windows Vista
Location: Wichita, Kansas
Posts: 44
========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={BB0B8D5A-9DA8-9290-4A54-5A5DF898B8A9}&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FA A-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/20 20:01:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/10 14:09:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/10 14:08:57 | 000,000,000 | ---D | M]

[2009/02/28 03:14:00 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Mozilla\Extensions
[2010/02/23 18:57:57 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions
[2010/02/18 01:29:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/26 17:09:51 | 000,000,000 | ---D | M] (My Tattoons (Fast Browser Search)) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/01/25 15:00:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/09/26 17:09:57 | 000,005,407 | ---- | M] () -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\searchplugins\fast-browser-search.xml
[2010/02/10 14:09:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/30 14:08:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3 .dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Donna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Donna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 02:39:48 | 000,000,074 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9ec29134-0536-11df-b3a7-0016d48b42c5}\Shell - "" = AutoRun
O33 - MountPoints2\{9ec29134-0536-11df-b3a7-0016d48b42c5}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- [2009/05/25 23:25:52 | 002,320,432 | R--- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/02/26 22:55:04 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/02/24 17:06:00 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe
[2009/03/01 03:38:28 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll
[2009/03/01 03:38:28 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll
[2009/03/01 03:38:28 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll
[2009/03/01 03:38:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll
[2009/03/01 03:38:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll
[2009/03/01 03:38:28 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll
[2009/03/01 03:38:28 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll
[2009/03/01 03:38:28 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll
[2009/03/01 03:38:28 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll
[2009/03/01 03:38:28 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll
[2009/03/01 03:38:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll
[2009/03/01 03:38:27 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/24 17:21:42 | 003,145,728 | -HS- | M] () -- C:\Users\Donna\ntuser.dat
[2010/02/24 17:08:07 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe
[2010/02/24 16:28:06 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/24 16:28:06 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/24 16:17:08 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/02/24 16:16:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/22 16:29:13 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\RegPowerClean.job
[2010/02/22 16:28:49 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\WSSHelper.job
[2010/02/22 16:28:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/22 16:28:40 | 2673,991,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/22 16:27:30 | 000,524,288 | -HS- | M] () -- C:\Users\Donna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms
[2010/02/22 16:27:30 | 000,065,536 | -HS- | M] () -- C:\Users\Donna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/15 17:42:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010/02/11 22:25:46 | 003,726,554 | -H-- | M] () -- C:\Users\Donna\AppData\Local\IconCache.db
[2010/02/11 16:30:06 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/11 16:30:06 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/11 16:30:06 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
Reply With Quote
  #40  
Old February 25th, 2010, 01:18 AM
monka56's Avatar
monka56 monka56 is offline
Member
 
Join Date: Sep 2007
O/S: Windows Vista
Location: Wichita, Kansas
Posts: 44
========== Files Created - No Company Name ==========

[2009/08/05 20:53:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/13 11:38:41 | 000,000,538 | ---- | C] () -- C:\Users\Donna\AppData\Roaming\wklnhst.dat
[2009/03/11 16:32:41 | 000,000,159 | ---- | C] () -- C:\ProgramData\lxdd
[2009/03/01 03:39:02 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxddrwrd.ini
[2009/03/01 03:38:28 | 000,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll
[2009/03/01 03:38:28 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll
[2009/03/01 03:02:50 | 000,068,960 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/02/27 22:50:49 | 000,000,680 | ---- | C] () -- C:\Users\Donna\AppData\Local\d3d9caps.dat
[2009/02/26 21:04:01 | 000,070,656 | ---- | C] () -- C:\Users\Donna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/22 17:43:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/03/28 16:16:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxddcoin.dll
[2007/01/23 21:40:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxddcaps.dll
[2007/01/09 19:13:08 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdddrs.dll
[2006/11/30 19:36:51 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2006/11/30 19:07:04 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ef9-80d7-11db-a907-0016d42ca96e}.TMContainer00000000000000000002.regt rans-ms
[2006/11/30 19:07:04 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ef9-80d7-11db-a907-0016d42ca96e}.TM.blf
[2006/11/30 19:07:03 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ee9-80d7-11db-a907-0016d42ca96e}.TMContainer00000000000000000002.regt rans-ms
[2006/11/30 19:07:03 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2006/11/30 19:07:03 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ee9-80d7-11db-a907-0016d42ca96e}.TM.blf
[2006/11/30 19:07:03 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2006/11/30 19:07:03 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2006/11/30 18:52:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2006/11/30 18:52:32 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2006/11/30 18:52:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2006/11/30 18:52:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2006/11/30 18:52:32 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2006/11/30 18:52:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2006/11/30 18:26:12 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2006/11/30 18:26:12 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2006/11/30 18:26:12 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2006/11/30 18:26:12 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006/11/24 09:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/06 13:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/06 11:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/06 11:00:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/31 19:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/10/06 19:08:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxddcnv4.dll
[2006/08/10 17:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2006/05/18 04:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxddvs.dll
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 16:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 23:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/01/22 13:05:19 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\com.adobe.mauby.487 5E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/28 04:04:42 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\GARMIN
[2009/04/27 03:37:13 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\GoodSync
[2009/06/15 21:27:32 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\InterVideo
[2009/03/01 03:50:31 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Lexmark Productivity Studio
[2009/03/25 21:57:05 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\licenses
[2009/03/25 21:57:02 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\PCMM2009
[2010/02/06 21:09:44 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Smith Micro
[2009/03/13 11:38:42 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Template
[2010/02/22 16:29:13 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\RegPowerClean.job
[2010/02/22 16:27:36 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/22 16:28:49 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\WSSHelper.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 01:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_51b95d75\AGP440.sys
[2008/01/19 01:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_f750e484\AGP440.sys
[2008/01/19 01:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 01:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 01:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_cc18792d\atapi.sys
[2008/01/19 01:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d29293 2a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 01:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\ias torv.inf_c9df7691\iaStorV.sys
[2008/01/19 01:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35 _6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\ias torv.inf_37cdafa4\iaStorV.sys

< MD5 for: KR10N.SYS >
[2005/09/27 17:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\drivers\KR10N.sys
[2005/09/27 17:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\DriverStore\FileRepository\kr1 0n.inf_f8c77270\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 03:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80 f5473b0ed783\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3 304f351bb3a3\netlogon.dll
[2008/01/19 01:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7 b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvr aid.inf_733654ff\nvstor.sys
[2008/01/19 01:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvr aid.inf_31c3d71d\nvstor.sys
[2008/01/19 01:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_ 6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 01:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.1 8000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 03:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.1 6386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.1 8005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >
Reply With Quote
  #41  
Old February 25th, 2010, 01:20 AM
monka56's Avatar
monka56 monka56 is offline
Member
 
Join Date: Sep 2007
O/S: Windows Vista
Location: Wichita, Kansas
Posts: 44
OTL Extras logfile created on: 2/24/2010 5:08:44 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Donna\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 38.07 Gb Free Space | 25.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DONNA-PC
Current User Name: Donna
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)


========== Vista Active Open Ports Exception List ==========
Reply With Quote
  #42  
Old February 27th, 2010, 06:16 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Looks good.

How is it running?
Reply With Quote
  #43  
Old February 28th, 2010, 02:56 AM
monka56's Avatar
monka56 monka56 is offline
Member
 
Join Date: Sep 2007
O/S: Windows Vista
Location: Wichita, Kansas
Posts: 44
runs like I have dial-up service. It hasn't been going blank, but the ability to view videos is still nilch and it just has weird quirks that come and go. (will suddenly go to the bottom of the page without prompting is the newest one.) have any thoughts as to why it would take 5-10 mins of buffering to view a 2 min video?
Reply With Quote
  #44  
Old March 1st, 2010, 09:36 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
What is your internet speed usually?
Reply With Quote
  #45  
Old March 1st, 2010, 10:50 PM
monka56's Avatar
monka56 monka56 is offline
Member
 
Join Date: Sep 2007
O/S: Windows Vista
Location: Wichita, Kansas
Posts: 44
how do I find that?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
psf: my computer is doing a very similar thing - moved by schrauber psf Malware Removal 1 January 19th, 2010 11:30 PM
Vrodrigu13 C.exe - moved by schrauber Vrodrigu13 Malware Removal 32 January 11th, 2010 07:17 PM
punkydiamond - moved by schrauber punkydiamond Malware Removal 1 January 8th, 2010 06:43 PM
janardhanan.j C.exe - moved by schrauber janardhanan.j Malware Removal 6 January 5th, 2010 10:02 PM
-=BULLETPROOF=- C.EXE - moved by schrauber -=BULLETPROOF=- Malware Removal 23 January 5th, 2010 09:49 PM


All times are GMT +1. The time now is 01:11 PM.