OTL logfile created on: 28/12/2011 19:14:42 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Alicja\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1014.36 Mb Total Physical Memory | 624.89 Mb Available Physical Memory | 61.61% Memory free 2.38 Gb Paging File | 2.07 Gb Available in Paging File | 86.85% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.79 Gb Total Space | 74.76 Gb Free Space | 66.88% Space Free | Partition Type: NTFS Drive E: | 239.98 Mb Total Space | 66.28 Mb Free Space | 27.62% Space Free | Partition Type: FAT32 Computer Name: YOUR-88457C3610 | User Name: Alicja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/12/28 19:32:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alicja\Desktop\OTL(3).exe PRC - [2011/12/28 18:36:23 | 000,017,408 | ---- | M] () -- C:\WINDOWS\system32\rpcnetp.exe PRC - [2010/12/31 20:06:35 | 003,395,600 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010/12/31 20:06:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010/06/07 10:09:46 | 002,561,320 | ---- | M] (RayV) -- C:\Program Files\RayV\RayV\RayV.exe PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/08/26 17:01:05 | 000,042,288 | ---- | M] () -- C:\Program Files\Offline Course Player\OlpSynch.exe PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/02/06 10:34:38 | 000,271,672 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe PRC - [2008/02/06 10:34:32 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe PRC - [2008/02/01 15:40:14 | 000,077,824 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\Toshiba\Controls\VolumeIndicator.exe PRC - [2008/01/22 10:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe PRC - [2008/01/18 13:17:38 | 000,558,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe PRC - [2008/01/04 15:10:52 | 001,773,568 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe PRC - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe PRC - [2007/10/25 16:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe PRC - [2007/09/28 15:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007/05/11 09:06:50 | 000,143,360 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe PRC - [2007/04/26 10:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe PRC - [2007/02/12 15:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe PRC - [2006/09/08 14:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\hidfind.exe PRC - [2006/05/19 11:13:00 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe PRC - [2006/03/16 12:58:00 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe PRC - [2005/04/11 10:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2005/01/17 15:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/12/28 18:36:59 | 000,017,408 | ---- | M] () -- C:\WINDOWS\system32\rpcnetp.dll MOD - [2011/12/28 18:36:23 | 000,017,408 | ---- | M] () -- C:\WINDOWS\system32\rpcnetp.exe MOD - [2011/12/28 08:52:53 | 001,657,344 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11122800\algo.dll MOD - [2011/12/19 23:49:56 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11122800\aswRep.dll MOD - [2010/12/31 20:06:30 | 000,142,872 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswDld.dll MOD - [2010/06/07 10:09:44 | 000,294,912 | ---- | M] () -- C:\Program Files\RayV\RayV\libsctp.dll MOD - [2010/06/07 10:09:42 | 001,418,752 | ---- | M] () -- C:\Program Files\RayV\RayV\avcodec-52.dll MOD - [2010/06/07 10:09:42 | 000,074,752 | ---- | M] () -- C:\Program Files\RayV\RayV\avutil-50.dll MOD - [2010/02/05 18:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2009/08/26 17:01:05 | 000,042,288 | ---- | M] () -- C:\Program Files\Offline Course Player\OlpSynch.exe MOD - [2008/04/14 00:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2008/01/22 10:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe MOD - [2008/01/15 08:02:17 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll MOD - [2007/12/18 12:47:16 | 000,122,880 | ---- | M] () -- C:\WINDOWS\system32\TPeculiarity.dll MOD - [2007/12/14 15:01:30 | 000,151,552 | ---- | M] () -- C:\WINDOWS\system32\tsbwls.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011/12/28 18:36:59 | 000,017,408 | ---- | M] () [Unknown | Running] -- C:\WINDOWS\System32\rpcnetp.dll -- (rpcnetp) SRV - [2010/12/31 20:06:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008/01/18 13:17:38 | 000,558,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv) SRV - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv) SRV - [2007/09/28 15:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007/02/12 15:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash) SRV - [2005/01/17 15:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010/12/31 20:00:18 | 000,293,968 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010/12/31 19:59:23 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010/12/31 19:59:11 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010/12/31 19:56:49 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010/12/31 19:56:29 | 000,029,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010/12/31 19:56:27 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2008/03/04 08:12:06 | 000,048,600 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR) DRV - [2008/02/01 12:18:56 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (CnxtHdAudAddService) DRV - [2008/01/11 21:58:10 | 000,021,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv) DRV - [2007/12/28 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2007/12/26 09:20:18 | 000,288,000 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2007/12/17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2007/11/06 14:25:36 | 000,101,888 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007/11/01 15:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007/11/01 15:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007/11/01 15:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007/09/04 09:14:06 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm) DRV - [2007/07/16 17:23:20 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007/05/29 09:01:50 | 000,006,912 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\QIOMem.sys -- (QIOMem) DRV - [2007/03/26 11:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf) DRV - [2007/02/19 11:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf) DRV - [2006/10/23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006/10/18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006/01/12 15:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr) DRV - [2005/06/10 20:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup) DRV - [2005/05/05 13:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr) DRV - [2003/01/29 13:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=adj&s={searchTerms}&f=4 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-684183078-1241985659-201672470-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-684183078-1241985659-201672470-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=adj" FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js..extensions.enabledItems: widestream6@spointer.com:4.0.1938.5 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..keyword.URL: "http://start.facemoods.com/results.php?f=5&a=adj&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\widestream6@spointer.com: C:\Program Files\Widestream6\spointer\extensions\widestream6@spointer.com [2011/05/16 19:56:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 20:08:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/07 20:08:03 | 000,000,000 | ---D | M] [2011/01/15 23:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alicja\Application Data\Mozilla\Extensions [2011/12/12 22:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alicja\Application Data\Mozilla\Firefox\Profiles\uchaiirl.default\extensions [2011/08/11 21:40:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alicja\Application Data\Mozilla\Firefox\Profiles\uchaiirl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/05/16 19:56:14 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Alicja\Application Data\Mozilla\Firefox\Profiles\uchaiirl.default\extensions\ffxtlbr@Facemoods.com [2011/12/12 22:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/10/15 12:41:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/05/16 19:56:46 | 000,000,000 | ---D | M] (Interest Recognizer for Widestream6) -- C:\PROGRAM FILES\WIDESTREAM6\SPOINTER\EXTENSIONS\WIDESTREAM6@SPOINTER.COM [2011/10/07 20:07:56 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2011/10/07 20:07:56 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/10/07 20:07:56 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2010/03/31 11:19:50 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchAdj.xml [2011/10/07 20:07:56 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2008/01/15 07:38:54 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Interest recogniser for Widestream6 (powered by Spointer)) - {1a6dc111-b030-4c3e-be65-299284128b91} - C:\Program Files\Widestream6\spointer\extensions\widestream6_air_ie.dll (Widestream6) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe () O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [OLPSYNCH] C:\Program Files\Offline Course Player\OlpSynch.exe () O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Controls Utility] C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe (TOSHIBA Inc.) O4 - HKLM..\Run: [Toshiba Hotkey Utility] c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKU\S-1-5-21-684183078-1241985659-201672470-1005..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe File not found O4 - HKU\S-1-5-21-684183078-1241985659-201672470-1005..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV) O4 - HKU\S-1-5-21-684183078-1241985659-201672470-1005..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - Startup: C:\Documents and Settings\Alicja\Start Menu\Programs\Startup\PersonalBrain.lnk = File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-684183078-1241985659-201672470-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35D879F2-04F1-4CD6-AEB7-07A15278756F}: DhcpNameServer = 192.168.20.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\TOSHIBA1280x0800.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\TOSHIBA1280x0800.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/02 15:44:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{bdef93e4-421d-11dd-8834-001644b33810}\Shell - "" = AutoRun O33 - MountPoints2\{bdef93e4-421d-11dd-8834-001644b33810}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bdef93e4-421d-11dd-8834-001644b33810}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{bdef93e8-421d-11dd-8834-001644b33810}\Shell - "" = AutoRun O33 - MountPoints2\{bdef93e8-421d-11dd-8834-001644b33810}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bdef93e8-421d-11dd-8834-001644b33810}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c04d3cec-0f25-11de-8967-001644b33810}\Shell - "" = AutoRun O33 - MountPoints2\{c04d3cec-0f25-11de-8967-001644b33810}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c04d3cec-0f25-11de-8967-001644b33810}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{f06de478-8520-11de-8a20-001644b33810}\Shell - "" = AutoRun O33 - MountPoints2\{f06de478-8520-11de-8a20-001644b33810}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f06de478-8520-11de-8a20-001644b33810}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{f06de47c-8520-11de-8a20-001644b33810}\Shell - "" = AutoRun O33 - MountPoints2\{f06de47c-8520-11de-8a20-001644b33810}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f06de47c-8520-11de-8a20-001644b33810}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/12/28 19:13:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alicja\Desktop\OTL(3).exe [2011/12/12 20:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alicja\Desktop\competency qs [2011/12/11 00:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alicja\Desktop\new jobs [2011/12/10 23:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alicja\Desktop\New Folder [2011/11/29 07:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alicja\Desktop\cv 28.11 [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Alicja\Desktop\*.tmp files -> C:\Documents and Settings\Alicja\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/12/28 19:32:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alicja\Desktop\OTL(3).exe [2011/12/28 18:48:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/12/28 18:37:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/28 18:37:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/12/28 18:36:59 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll [2011/12/28 18:36:28 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys [2011/12/28 18:36:23 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe [2011/12/26 15:33:37 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\agremove.exe [2011/12/14 20:40:23 | 000,326,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/12/14 07:57:25 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/12/13 20:25:45 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\Alicja\Application Data\Microsoft\Internet Explorer\Quick Launch\2003606.jpg.url [2011/12/10 17:03:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/12/07 20:02:06 | 000,130,990 | ---- | M] () -- C:\Documents and Settings\Alicja\Desktop\BeautyChannel111121.pdf [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Alicja\Desktop\*.tmp files -> C:\Documents and Settings\Alicja\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/12/27 22:41:55 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll [2011/12/27 22:41:19 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe [2011/12/13 20:25:45 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\Alicja\Application Data\Microsoft\Internet Explorer\Quick Launch\2003606.jpg.url [2011/12/07 20:02:06 | 000,130,990 | ---- | C] () -- C:\Documents and Settings\Alicja\Desktop\BeautyChannel111121.pdf [2011/11/26 17:38:20 | 000,361,472 | ---- | C] () -- C:\Documents and Settings\Alicja\Local Settings\Application Data\hopswa.exe [2011/08/12 19:10:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/01/15 23:43:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/07/25 20:20:02 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Alicja\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/06/28 18:01:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2008/06/04 15:46:19 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll [2008/06/04 15:46:18 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll [2008/06/04 15:46:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll [2008/06/04 15:46:17 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll [2008/04/02 17:05:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/04/02 16:59:13 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini [2008/04/02 16:41:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008/04/02 16:41:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008/04/02 16:41:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008/04/02 16:41:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008/04/02 16:41:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008/04/02 16:41:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/04/02 16:40:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/04/02 16:40:06 | 000,326,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/04/02 16:37:29 | 000,012,524 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini [2008/04/02 16:37:29 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini [2008/04/02 16:28:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2008/04/02 16:26:45 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2008/04/02 16:26:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2008/04/02 16:26:45 | 000,009,484 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2008/04/02 16:26:45 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2008/04/02 15:59:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll [2008/04/02 15:57:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2008/04/02 15:57:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe [2008/04/02 15:57:01 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008/04/02 15:42:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/04/02 14:36:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008/04/02 14:36:05 | 000,441,700 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008/04/02 14:36:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/04/02 14:36:05 | 000,071,852 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008/04/02 14:36:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/04/02 14:36:05 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008/04/02 14:36:05 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/04/02 14:36:04 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2008/04/02 14:36:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/04/02 14:36:03 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/04/02 14:35:59 | 000,588,800 | ---- | C] () -- C:\WINDOWS\System32\autochk.exe [2008/04/02 14:35:59 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/04/02 14:35:59 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2007/12/21 15:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2007/12/18 12:47:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll [2007/12/14 15:01:30 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll [2005/07/22 20:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [color=#E56717]========== LOP Check ==========[/color] [2008/06/04 23:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TMP [2008/06/04 23:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba [2010/03/15 17:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alicja\Application Data\Blue Onion Software [2010/03/26 21:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alicja\Application Data\EssentialPIM [2011/05/17 18:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alicja\Application Data\facemoods.com [2008/06/18 18:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alicja\Application Data\InterVideo [2011/12/17 15:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alicja\Application Data\ipla [2010/01/09 23:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alicja\Application Data\PersonalBrain [2011/11/28 20:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alicja\Application Data\RayV [2011/04/02 19:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alicja\Application Data\RDRM [2008/06/04 23:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alicja\Application Data\TMP [2008/06/04 23:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alicja\Application Data\toshiba [2011/05/16 19:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alicja\Application Data\widestream [2011/01/09 17:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2011/06/04 14:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ipla [2011/06/04 14:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RDRM [2008/06/04 23:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TMP [2008/06/04 23:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba [2008/06/04 15:46:14 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 88 bytes -> C:\WINDOWS\WindowsUpdate.log:SummaryInformation < End of report >