|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#31
|
||||
|
||||
========== Standard Registry (SafeList) ==========
========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search" FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr" FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910 FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={BB0B8D5A-9DA8-9290-4A54-5A5DF898B8A9}&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FA A-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/27 11:01:09 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/19 20:47:06 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/27 17:59:41 | 00,000,000 | ---D | M] [2009/02/28 03:14:00 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Mozilla\Extensions [2010/02/03 21:59:32 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions [2009/03/01 03:13:06 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/09/26 17:09:51 | 00,000,000 | ---D | M] (My Tattoons (Fast Browser Search)) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} [2010/01/25 15:00:43 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009/09/26 17:09:57 | 00,005,407 | ---- | M] () -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\searchplugins\fast-browser-search.xml [2010/01/22 20:44:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2010/01/30 14:08:13 | 00,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe () O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe () O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe () O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\V CAST Media Monitor.lnk = C:\Program Files\V CAST Media Manager\MEMonitor.exe (Smith Micro, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3 .dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Donna\Pictures\GoogleDesktopPhotosPluginW allpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Donna\Pictures\GoogleDesktopPhotosPluginW allpaper.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008/08/21 02:39:48 | 00,000,074 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{9ec29134-0536-11df-b3a7-0016d48b42c5}\Shell - "" = AutoRun O33 - MountPoints2\{9ec29134-0536-11df-b3a7-0016d48b42c5}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- [2009/05/25 23:25:52 | 02,320,432 | R--- | M] (Macrovision Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2009/02/26 22:55:04 | 00,000,000 | ---D | M] NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found OTL cannot create restorepoints on Vista OSs! |
#32
|
||||
|
||||
========== Files/Folders - Created Within 14 Days ==========
[2010/02/02 13:23:54 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2010/01/31 21:53:22 | 00,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\Malwarebytes [2010/01/31 21:53:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/01/31 21:53:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/01/31 21:53:14 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/01/31 21:53:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/01/30 14:18:40 | 00,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\temp [2010/01/30 14:08:59 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010/01/30 14:05:14 | 00,000,000 | ---D | C] -- C:\Windows\temp [2010/01/30 13:48:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010/01/30 13:48:24 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010/01/30 13:48:24 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010/01/30 13:48:05 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/01/30 13:47:18 | 00,000,000 | ---D | C] -- C:\Qoobox [2010/01/30 13:46:55 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010/01/27 18:13:22 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe [2010/01/22 20:46:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/01/22 13:05:19 | 00,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\com.adobe.mauby.487 5E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009/03/01 03:38:28 | 01,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll [2009/03/01 03:38:28 | 00,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll [2009/03/01 03:38:28 | 00,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll [2009/03/01 03:38:28 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll [2009/03/01 03:38:28 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll [2009/03/01 03:38:28 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll [2009/03/01 03:38:28 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll [2009/03/01 03:38:28 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll [2009/03/01 03:38:28 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll [2009/03/01 03:38:28 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll [2009/03/01 03:38:27 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll [2009/03/01 03:38:27 | 00,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll ========== Files - Modified Within 14 Days ========== [2010/02/03 22:07:27 | 02,621,440 | -HS- | M] () -- C:\Users\Donna\ntuser.dat [2010/02/03 22:07:03 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/02/03 21:46:38 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/02/03 13:22:49 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/02/03 13:22:49 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/02/03 13:18:39 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/02/03 13:13:02 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/02/02 18:18:21 | 00,000,517 | ---- | M] () -- C:\Users\Donna\Documents\OTL.lnk [2010/02/02 16:04:11 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/02/02 16:04:11 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/02/02 16:04:11 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/02/02 15:58:21 | 00,000,434 | ---- | M] () -- C:\Windows\tasks\RegPowerClean.job [2010/02/02 15:57:59 | 00,000,400 | ---- | M] () -- C:\Windows\tasks\WSSHelper.job [2010/02/02 15:57:58 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/02/02 15:57:50 | 26,739,91680 | -HS- | M] () -- C:\hiberfil.sys [2010/01/31 22:06:49 | 00,524,288 | -HS- | M] () -- C:\Users\Donna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms [2010/01/31 22:06:49 | 00,065,536 | -HS- | M] () -- C:\Users\Donna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/01/31 22:06:47 | 02,417,445 | -H-- | M] () -- C:\Users\Donna\AppData\Local\IconCache.db [2010/01/31 21:53:19 | 00,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/30 15:10:27 | 00,009,728 | ---- | M] () -- C:\Users\Donna\Documents\Ref. Letter.wps [2010/01/30 15:10:27 | 00,000,538 | ---- | M] () -- C:\Users\Donna\AppData\Roaming\wklnhst.dat [2010/01/30 14:08:23 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/01/30 14:08:13 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/01/30 13:44:20 | 00,000,874 | ---- | M] () -- C:\Users\Donna\Desktop\schrauber - Shortcut.lnk [2010/01/27 18:13:49 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe [2010/01/27 17:59:41 | 00,001,898 | ---- | M] () -- C:\Users\Donna\Adobe Reader 9 (1).lnk [2010/01/25 17:06:34 | 00,051,062 | ---- | M] () -- C:\Users\Donna\Documents\misc documents.pdf ========== Files Created - No Company Name ========== [2010/01/31 21:53:19 | 00,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/30 15:10:27 | 00,009,728 | ---- | C] () -- C:\Users\Donna\Documents\Ref. Letter.wps [2010/01/30 13:48:28 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/01/30 13:48:24 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe [2010/01/30 13:48:24 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/01/30 13:48:24 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/01/30 13:48:24 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/01/30 13:44:20 | 00,000,874 | ---- | C] () -- C:\Users\Donna\Desktop\schrauber - Shortcut.lnk [2010/01/30 11:57:38 | 00,000,517 | ---- | C] () -- C:\Users\Donna\Documents\OTL.lnk [2010/01/27 17:59:41 | 00,001,898 | ---- | C] () -- C:\Users\Donna\Adobe Reader 9 (1).lnk [2010/01/25 17:06:34 | 00,051,062 | ---- | C] () -- C:\Users\Donna\Documents\misc documents.pdf [2009/10/24 22:26:30 | 00,158,224 | ---- | C] () -- C:\Windows\System32\drivers\tmcomm.sys [2009/10/24 22:26:30 | 00,059,920 | ---- | C] () -- C:\Windows\System32\drivers\tmactmon.sys [2009/10/24 22:26:30 | 00,050,704 | ---- | C] () -- C:\Windows\System32\drivers\tmevtmgr.sys [2009/08/05 20:53:30 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/03/13 11:38:41 | 00,000,538 | ---- | C] () -- C:\Users\Donna\AppData\Roaming\wklnhst.dat [2009/03/11 16:32:41 | 00,000,159 | ---- | C] () -- C:\ProgramData\lxdd [2009/03/01 03:39:02 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxddrwrd.ini [2009/03/01 03:38:28 | 00,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll [2009/03/01 03:38:28 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll [2009/03/01 03:02:50 | 00,068,960 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009/02/27 22:50:49 | 00,000,680 | ---- | C] () -- C:\Users\Donna\AppData\Local\d3d9caps.dat [2009/02/26 21:04:01 | 00,070,656 | ---- | C] () -- C:\Users\Donna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/22 17:43:54 | 00,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2007/03/28 16:16:44 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxddcoin.dll [2007/01/23 21:40:04 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxddcaps.dll [2007/01/09 19:13:08 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdddrs.dll [2006/11/30 19:36:51 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2006/11/30 19:07:04 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ef9-80d7-11db-a907-0016d42ca96e}.TMContainer00000000000000000002.regt rans-ms [2006/11/30 19:07:04 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ef9-80d7-11db-a907-0016d42ca96e}.TM.blf [2006/11/30 19:07:03 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ee9-80d7-11db-a907-0016d42ca96e}.TMContainer00000000000000000002.regt rans-ms [2006/11/30 19:07:03 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat [2006/11/30 19:07:03 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ee9-80d7-11db-a907-0016d42ca96e}.TM.blf [2006/11/30 19:07:03 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1 [2006/11/30 19:07:03 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2 [2006/11/30 18:52:32 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2006/11/30 18:52:32 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2006/11/30 18:52:32 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2006/11/30 18:52:32 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2006/11/30 18:52:32 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2006/11/30 18:52:32 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2006/11/30 18:26:12 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2006/11/30 18:26:12 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2006/11/30 18:26:12 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2006/11/30 18:26:12 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2006/11/24 09:48:44 | 00,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2006/11/06 13:02:10 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll [2006/11/06 11:03:16 | 00,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll [2006/11/06 11:00:56 | 00,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll [2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 04:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/10/31 19:37:00 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006/10/06 19:08:04 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxddcnv4.dll [2006/08/10 17:00:52 | 00,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll [2006/05/18 04:47:12 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxddvs.dll [2006/03/09 12:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005/11/23 16:55:42 | 00,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005/07/22 23:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll ========== LOP Check ========== [2010/01/22 13:05:19 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\com.adobe.mauby.487 5E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009/02/28 04:04:42 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\GARMIN [2009/04/27 03:37:13 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\GoodSync [2009/06/15 21:27:32 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\InterVideo [2009/03/01 03:50:31 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Lexmark Productivity Studio [2009/03/25 21:57:05 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\licenses [2009/03/25 21:57:02 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\PCMM2009 [2009/11/22 14:25:01 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Smith Micro [2009/03/13 11:38:42 | 00,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Template [2010/02/02 15:58:21 | 00,000,434 | ---- | M] () -- C:\Windows\Tasks\RegPowerClean.job [2010/01/31 22:06:57 | 00,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/02/02 15:57:59 | 00,000,400 | ---- | M] () -- C:\Windows\Tasks\WSSHelper.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/19 01:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_51b95d75\AGP440.sys [2008/01/19 01:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_f750e484\AGP440.sys [2008/01/19 01:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/19 01:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys [2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_b12d8e84\atapi.sys [2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/19 01:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_cc18792d\atapi.sys [2008/01/19 01:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 03:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d29293 2a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008/01/19 01:42:52 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\ias torv.inf_c9df7691\iaStorV.sys [2008/01/19 01:42:52 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35 _6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\ias torv.inf_37cdafa4\iaStorV.sys < MD5 for: KR10N.SYS > [2005/09/27 17:57:38 | 00,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\drivers\KR10N.sys [2005/09/27 17:57:38 | 00,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\DriverStore\FileRepository\kr1 0n.inf_f8c77270\KR10N.sys < MD5 for: NETLOGON.DLL > [2006/11/02 03:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80 f5473b0ed783\netlogon.dll [2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3 304f351bb3a3\netlogon.dll [2008/01/19 01:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7 b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvr aid.inf_733654ff\nvstor.sys [2008/01/19 01:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvr aid.inf_31c3d71d\nvstor.sys [2008/01/19 01:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_ 6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/19 01:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.1 8000_none_380de25bd91b6f12\scecli.dll [2006/11/02 03:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.1 6386_none_35d7205fdc305e3e\scecli.dll [2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.1 8005_none_39f95b67d63d3a5e\scecli.dll < %systemroot%\*. /mp /s > < End of report > |
#33
|
||||
|
||||
Hi,
Delete ComboFix and Clean Up Click Start > Run > type combofix /Uninstall > OK (Note the space between combofix and /Uninstall) Please advise if this step is missed for any reason as it performs some important actions. Please run OTL one more time and hit Cleanup. This will remove OTL and all helper tools. Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future. Practice Safe Internet One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Make Internet Explorer 7 more secure
If we have helped you, please consider supporting Cyber Tech Help with a subscription. |
#34
|
||||
|
||||
There has been no change in performance, I notice that the CPU usage fluctuates from 10% and goes as high as 98%! The graphic performance rating is 2.1, but everything else is 3.0 or higher. I was told that I cannot upgrade the graphic card on my laptop. You ran all sorts of cleaning and diagnostics on it, Is there ANYTHING I can do to speed up my computer? It's only 3 years old and I'm not really ready to buy another. Which brings me to another question. If I do need to get another computer I am looking at a Mac. I hear they don't have the viral/malware issues like a PC. Being illiterate in the computer area can you give me the pros and cons from your prospectus?
|
#35
|
||||
|
||||
Hi,
Please post back with a fresh OTL logfile, I will have a look. |
#36
|
||||
|
||||
pls resend link for old timer..deleted it
|
#37
|
||||
|
||||
No problem
|
#38
|
||||
|
||||
*OTL logfile created on: 2/24/2010 5:08:44 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Donna\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147.58 Gb Total Space | 38.07 Gb Free Space | 25.79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DONNA-PC Current User Name: Donna Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/02/24 17:08:07 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Downloads\OTL.exe PRC - [2010/01/15 21:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/12/10 22:51:41 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2009/11/12 20:49:21 | 004,541,752 | ---- | M] (Yahoo! Inc.) -- C:\Users\Donna\AppData\Local\Yahoo!\BrowserPlus\2. 4.21\BrowserPlusCore.exe PRC - [2009/11/10 15:39:26 | 005,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe PRC - [2009/11/09 23:22:00 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2009/10/24 22:26:22 | 001,020,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe PRC - [2009/10/24 22:26:22 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe PRC - [2009/10/24 22:26:21 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe PRC - [2009/10/24 22:26:21 | 000,345,352 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe PRC - [2009/10/24 22:26:20 | 000,715,368 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe PRC - [2009/10/24 22:26:20 | 000,492,808 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe PRC - [2009/09/21 17:36:12 | 000,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/09/21 17:36:02 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/07/09 13:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/05/23 02:04:12 | 003,716,376 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe PRC - [2009/04/11 00:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009/04/11 00:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/04 00:57:50 | 000,292,440 | ---- | M] () -- C:\Program Files\SiteAdvisor\4295\SAService.exe PRC - [2009/02/23 07:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe PRC - [2008/12/12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/09/22 17:44:28 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008/09/22 17:42:24 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe PRC - [2008/09/22 17:41:50 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe PRC - [2008/02/13 16:13:44 | 000,126,976 | ---- | M] (Capital Intellect Inc) -- C:\Program Files\Common Files\Winferno\WSS\WSS.exe PRC - [2008/01/19 01:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008/01/19 01:33:42 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2008/01/19 01:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008/01/19 01:33:16 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe PRC - [2007/06/11 21:27:24 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe PRC - [2007/05/25 11:41:54 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxddser v.exe PRC - [2007/05/25 11:41:38 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe PRC - [2007/04/30 10:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe PRC - [2006/11/28 22:05:38 | 000,523,952 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe PRC - [2006/11/22 19:45:28 | 000,425,648 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe PRC - [2006/11/22 19:08:12 | 000,409,264 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe PRC - [2006/11/20 14:15:14 | 000,446,128 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe PRC - [2006/11/10 16:22:26 | 000,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2006/11/09 12:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006/11/06 19:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\Toshiba\Utilities\KeNotify.exe PRC - [2006/11/06 11:05:32 | 000,106,496 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe PRC - [2006/11/06 11:02:18 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe PRC - [2006/11/02 03:46:00 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2006/11/01 00:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2006/10/27 15:50:52 | 000,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2006/10/27 15:11:02 | 000,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe PRC - [2006/09/12 10:03:20 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006/07/20 14:54:28 | 000,040,960 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe ========== Modules (SafeList) ========== MOD - [2010/02/24 17:08:07 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Downloads\OTL.exe MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll MOD - [2009/04/11 00:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb7 2f96088b0de0\comctl32.dll MOD - [2008/09/22 17:44:18 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\temp\logishrd\LVPrcInj01.dll ========== Win32 Services (SafeList) ========== SRV - [2009/12/17 16:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2009/11/09 23:22:00 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223) SRV - [2009/10/24 22:26:22 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy) SRV - [2009/10/24 22:26:21 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw) SRV - [2009/10/24 22:26:21 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2009/10/24 22:26:20 | 000,715,368 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/09/21 17:36:02 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/09/08 21:21:44 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2009/07/09 13:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/04/07 01:42:56 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/03/04 00:57:50 | 000,292,440 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\4295\SAService.exe -- (SiteAdvisor Service) SRV - [2008/12/12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/09/22 17:44:28 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008/09/22 17:42:24 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2008/02/13 16:13:44 | 000,126,976 | ---- | M] (Capital Intellect Inc) [Auto | Running] -- C:\Program Files\Common Files\Winferno\WSS\WSS.exe -- (Winferno Subscription Service) SRV - [2008/01/19 01:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/19 01:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008/01/19 01:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007/05/25 11:41:54 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddse rv.exe -- (lxddCATSCustConnectService) SRV - [2007/05/25 11:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device) SRV - [2006/11/22 19:45:28 | 000,425,648 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2006/11/02 06:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/11/01 00:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006/09/12 10:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006/07/20 14:54:28 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr) SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) ========== Standard Registry (SafeList) ========== |
#39
|
||||
|
||||
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search" FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315 FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={BB0B8D5A-9DA8-9290-4A54-5A5DF898B8A9}&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FA A-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/20 20:01:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/10 14:09:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/10 14:08:57 | 000,000,000 | ---D | M] [2009/02/28 03:14:00 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Mozilla\Extensions [2010/02/23 18:57:57 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions [2010/02/18 01:29:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/09/26 17:09:51 | 000,000,000 | ---D | M] (My Tattoons (Fast Browser Search)) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} [2010/01/25 15:00:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009/09/26 17:09:57 | 000,005,407 | ---- | M] () -- C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Pro files\9qgvkg5s.default\searchplugins\fast-browser-search.xml [2010/02/10 14:09:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2010/01/30 14:08:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe () O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe () O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe () O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3 .dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Donna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Donna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008/08/21 02:39:48 | 000,000,074 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{9ec29134-0536-11df-b3a7-0016d48b42c5}\Shell - "" = AutoRun O33 - MountPoints2\{9ec29134-0536-11df-b3a7-0016d48b42c5}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- [2009/05/25 23:25:52 | 002,320,432 | R--- | M] (Macrovision Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2009/02/26 22:55:04 | 000,000,000 | ---D | M] NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices OTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 14 Days ========== [2010/02/24 17:06:00 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe [2009/03/01 03:38:28 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll [2009/03/01 03:38:28 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll [2009/03/01 03:38:28 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll [2009/03/01 03:38:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll [2009/03/01 03:38:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll [2009/03/01 03:38:28 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll [2009/03/01 03:38:28 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll [2009/03/01 03:38:28 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll [2009/03/01 03:38:28 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll [2009/03/01 03:38:28 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll [2009/03/01 03:38:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll [2009/03/01 03:38:27 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2010/02/24 17:21:42 | 003,145,728 | -HS- | M] () -- C:\Users\Donna\ntuser.dat [2010/02/24 17:08:07 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe [2010/02/24 16:28:06 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/02/24 16:28:06 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/02/24 16:17:08 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/02/24 16:16:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/02/22 16:29:13 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\RegPowerClean.job [2010/02/22 16:28:49 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\WSSHelper.job [2010/02/22 16:28:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/02/22 16:28:40 | 2673,991,680 | -HS- | M] () -- C:\hiberfil.sys [2010/02/22 16:27:30 | 000,524,288 | -HS- | M] () -- C:\Users\Donna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms [2010/02/22 16:27:30 | 000,065,536 | -HS- | M] () -- C:\Users\Donna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/02/15 17:42:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2010/02/11 22:25:46 | 003,726,554 | -H-- | M] () -- C:\Users\Donna\AppData\Local\IconCache.db [2010/02/11 16:30:06 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/02/11 16:30:06 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/02/11 16:30:06 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] |
#40
|
||||
|
||||
========== Files Created - No Company Name ==========
[2009/08/05 20:53:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/03/13 11:38:41 | 000,000,538 | ---- | C] () -- C:\Users\Donna\AppData\Roaming\wklnhst.dat [2009/03/11 16:32:41 | 000,000,159 | ---- | C] () -- C:\ProgramData\lxdd [2009/03/01 03:39:02 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxddrwrd.ini [2009/03/01 03:38:28 | 000,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll [2009/03/01 03:38:28 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll [2009/03/01 03:02:50 | 000,068,960 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009/02/27 22:50:49 | 000,000,680 | ---- | C] () -- C:\Users\Donna\AppData\Local\d3d9caps.dat [2009/02/26 21:04:01 | 000,070,656 | ---- | C] () -- C:\Users\Donna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/22 17:43:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2007/03/28 16:16:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxddcoin.dll [2007/01/23 21:40:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxddcaps.dll [2007/01/09 19:13:08 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdddrs.dll [2006/11/30 19:36:51 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2006/11/30 19:07:04 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ef9-80d7-11db-a907-0016d42ca96e}.TMContainer00000000000000000002.regt rans-ms [2006/11/30 19:07:04 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ef9-80d7-11db-a907-0016d42ca96e}.TM.blf [2006/11/30 19:07:03 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ee9-80d7-11db-a907-0016d42ca96e}.TMContainer00000000000000000002.regt rans-ms [2006/11/30 19:07:03 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat [2006/11/30 19:07:03 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{5dd96ee9-80d7-11db-a907-0016d42ca96e}.TM.blf [2006/11/30 19:07:03 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1 [2006/11/30 19:07:03 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2 [2006/11/30 18:52:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2006/11/30 18:52:32 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2006/11/30 18:52:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2006/11/30 18:52:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2006/11/30 18:52:32 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2006/11/30 18:52:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2006/11/30 18:26:12 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2006/11/30 18:26:12 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2006/11/30 18:26:12 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2006/11/30 18:26:12 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2006/11/24 09:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2006/11/06 13:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll [2006/11/06 11:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll [2006/11/06 11:00:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll [2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/10/31 19:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006/10/06 19:08:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxddcnv4.dll [2006/08/10 17:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll [2006/05/18 04:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxddvs.dll [2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005/11/23 16:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005/07/22 23:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll ========== LOP Check ========== [2010/01/22 13:05:19 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\com.adobe.mauby.487 5E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009/02/28 04:04:42 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\GARMIN [2009/04/27 03:37:13 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\GoodSync [2009/06/15 21:27:32 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\InterVideo [2009/03/01 03:50:31 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Lexmark Productivity Studio [2009/03/25 21:57:05 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\licenses [2009/03/25 21:57:02 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\PCMM2009 [2010/02/06 21:09:44 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Smith Micro [2009/03/13 11:38:42 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Template [2010/02/22 16:29:13 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\RegPowerClean.job [2010/02/22 16:27:36 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/02/22 16:28:49 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\WSSHelper.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/19 01:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_51b95d75\AGP440.sys [2008/01/19 01:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_f750e484\AGP440.sys [2008/01/19 01:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/19 01:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys [2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_b12d8e84\atapi.sys [2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/19 01:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_cc18792d\atapi.sys [2008/01/19 01:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d29293 2a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008/01/19 01:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\ias torv.inf_c9df7691\iaStorV.sys [2008/01/19 01:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35 _6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\ias torv.inf_37cdafa4\iaStorV.sys < MD5 for: KR10N.SYS > [2005/09/27 17:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\drivers\KR10N.sys [2005/09/27 17:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\DriverStore\FileRepository\kr1 0n.inf_f8c77270\KR10N.sys < MD5 for: NETLOGON.DLL > [2006/11/02 03:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80 f5473b0ed783\netlogon.dll [2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3 304f351bb3a3\netlogon.dll [2008/01/19 01:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7 b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvr aid.inf_733654ff\nvstor.sys [2008/01/19 01:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvr aid.inf_31c3d71d\nvstor.sys [2008/01/19 01:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_ 6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/19 01:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.1 8000_none_380de25bd91b6f12\scecli.dll [2006/11/02 03:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.1 6386_none_35d7205fdc305e3e\scecli.dll [2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.1 8005_none_39f95b67d63d3a5e\scecli.dll < %systemroot%\*. /mp /s > < End of report > |
#41
|
||||
|
||||
OTL Extras logfile created on: 2/24/2010 5:08:44 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Donna\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147.58 Gb Total Space | 38.07 Gb Free Space | 25.79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DONNA-PC Current User Name: Donna Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List] "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation) "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation) ========== Vista Active Open Ports Exception List ========== |
#42
|
||||
|
||||
Looks good.
How is it running? |
#43
|
||||
|
||||
runs like I have dial-up service. It hasn't been going blank, but the ability to view videos is still nilch and it just has weird quirks that come and go. (will suddenly go to the bottom of the page without prompting is the newest one.) have any thoughts as to why it would take 5-10 mins of buffering to view a 2 min video?
|
#44
|
||||
|
||||
What is your internet speed usually?
|
#45
|
||||
|
||||
how do I find that?
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
psf: my computer is doing a very similar thing - moved by schrauber | psf | Malware Removal | 1 | January 19th, 2010 11:30 PM |
Vrodrigu13 C.exe - moved by schrauber | Vrodrigu13 | Malware Removal | 32 | January 11th, 2010 07:17 PM |
punkydiamond - moved by schrauber | punkydiamond | Malware Removal | 1 | January 8th, 2010 06:43 PM |
janardhanan.j C.exe - moved by schrauber | janardhanan.j | Malware Removal | 6 | January 5th, 2010 10:02 PM |
-=BULLETPROOF=- C.EXE - moved by schrauber | -=BULLETPROOF=- | Malware Removal | 23 | January 5th, 2010 09:49 PM |
All times are GMT +1. The time now is 01:11 PM.