Jump to content

JCE

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Tech Info

  • Experience
    some_experience
  • System: windows_xp_home

JCE's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. JCE
    Starbuck, I can't thank you enough for all your help with this. Computer running fine now. Donation made. Keep up the good work!
  2. JCE
    Hi Starbuck, All done. I ran MBAM again just to be sure and it found another threat so I deleted that along with the quarantined stuff. I then ran the OTL clean up and created a new restore point. I read most of the "how did I get infected" stuff and that really opened my eyes, I had no idea we were under attack from every direction! To that end I have installed Avast antivirus. But couldn't get on installing any of the firewalls recommended, so I installed Comodo which seems to be highly recommended by most sites in the know. Is Comodo ok in your opinion? Just one thing though - after I installed Avast I got a blue screen saying my computer was at risk or some such. I had to turn it off and on again, but it has been ok since. I guess I'm fully protected now, but will run MBAM and ESET once a week to be sure....is that a good idea? Lastly, may I ask you what the best/fastest browser is in your opinion please? Best regards.
  3. JCE
    Hi Starbuck, Apologies for the delay, been up to my ears in work. Glad I could help you for a change in some small way! I've now re-run ESET and removed the infections. Guess we're done now? PC is running superbly, thankyou. Now to get my laptop running smoothly........;)
  4. JCE
    Hi Starbuck, Hope you had a good weekend, I've been away but now have the ESET scan report you requested: C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application C:\WINDOWS\Motive\btbb\UninstallHelper.exe probably a variant of Win32/Adware.Agent.KNNVUII application C:\_OTL\MovedFiles\06222012_175927\C_Program Files\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application The system is running like lightning now, best it has ever been....nice to be able to make the most of my high speed broadband connection! Thanks again. Presumably I need to remove the threats that ESET found?
  5. JCE
    Oops! Here's the "FIX" report.......... All processes killed ========== OTL ========== Service WDICA stopped successfully! Service WDICA deleted successfully! File File not found not found. Error: No service named wanatw) WAN Miniport (ATW was found to stop! Service\Driver key wanatw) WAN Miniport (ATW not found. File system32\DRIVERS\wanatw4.sys File not found not found. Service PDRFRAME stopped successfully! Service PDRFRAME deleted successfully! File File not found not found. Service PDRELI stopped successfully! Service PDRELI deleted successfully! File File not found not found. Service PDFRAME stopped successfully! Service PDFRAME deleted successfully! File File not found not found. Service PDCOMP stopped successfully! Service PDCOMP deleted successfully! File File not found not found. Service PCIDump stopped successfully! Service PCIDump deleted successfully! File File not found not found. Service MRENDIS5 stopped successfully! Service MRENDIS5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found not found. Service MREMPR5 stopped successfully! Service MREMPR5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found not found. Service lbrtfdc stopped successfully! Service lbrtfdc deleted successfully! File File not found not found. Service Changer stopped successfully! Service Changer deleted successfully! File File not found not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ deleted successfully. C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll moved successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ not found. File C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully. File move failed. C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll scheduled to be moved on reboot. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eyeBeam SIP Client deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found. File oft XML Parser for Java http://file://C:\WINDOWS\Java\classes\xmldso.cab not found. Starting removal of ActiveX control Microsoft XML Parser for Java Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found. ADS C:\Documents and Settings\All Users\Application Data\TEMP:AFB5119F deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:63238B95 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:80337C03 deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Could not flush the DNS Resolver Cache: Function failed during execution. C:\Documents and Settings\John\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\John\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 32768 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Guest account User: guest2 User: John ->Temp folder emptied: 205096679 bytes ->Temporary Internet Files folder emptied: 124264965 bytes ->Java cache emptied: 2682492 bytes ->FireFox cache emptied: 84868342 bytes ->Flash cache emptied: 63541 bytes User: kim ->Temp folder emptied: 75726 bytes ->Temporary Internet Files folder emptied: 58446494 bytes ->Flash cache emptied: 2464 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 32969 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 206377 bytes User: Owner %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19618 bytes %systemroot%\System32 .tmp files removed: 256265 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 29239693 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 312299780 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 42541796 bytes Total Files Cleaned = 820.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.50.0 log created on 06222012_175927 Files\Folders moved on Reboot... C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll moved successfully. C:\Documents and Settings\John\Local Settings\Temp\REG1A.tmp moved successfully. C:\Documents and Settings\John\Local Settings\Temp\REG1B.tmp moved successfully. C:\Documents and Settings\John\Local Settings\Temp\REG29.tmp moved successfully. C:\Documents and Settings\John\Local Settings\Temp\REG2A.tmp moved successfully. File\Folder C:\Documents and Settings\John\Local Settings\Temp\~DF9A29.tmp not found! File\Folder C:\Documents and Settings\John\Local Settings\Temp\~DF9A38.tmp not found! File\Folder C:\Documents and Settings\John\Local Settings\Temp\~DF9B18.tmp not found! File\Folder C:\Documents and Settings\John\Local Settings\Temp\~DF9B23.tmp not found! File\Folder C:\Documents and Settings\John\Local Settings\Temp\~DF9BF9.tmp not found! File\Folder C:\Documents and Settings\John\Local Settings\Temp\~DF9C04.tmp not found! C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\X87Y38E1\ads[8].txt moved successfully. C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\PEGL3RN6\13704-All-files-folders-in-quot-My-Documents-quot-have-disappeared[1].-Please-help! moved successfully. C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\PEGL3RN6\ads[4].txt moved successfully. C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\9I8DR43M\EFRJTI1MjZudW0lMjUzRDElMjUyNnNpZyUyNTNEQU9ENjRfMjFLOE1FeEhUbGFrX2ExeWFTaHhjSi1tSWFMZyUyNTI2Y2xpZW50JTI1M0RjYS1wdWItNjAzNjQ3ODI1MDM2Mzg3MiUyNTI2YWR1cmwlMjUzRAXX[1].htm moved successfully. C:\Documents and Settings\John\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot... ________________________________________________________________ I dare say you will have at least £1 for all this wonderful help! Thanks.
  6. JCE
    Hi Starbuck, Ok, I've now run the OTL fix report with the code you posted and here are the results: OTL logfile created on: 22/06/2012 13:21:21 - Run 3 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\John\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.07 Mb Total Physical Memory | 532.84 Mb Available Physical Memory | 52.13% Memory free 2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.99% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.95 Gb Total Space | 104.40 Gb Free Space | 71.54% Space Free | Partition Type: NTFS Computer Name: D7B74Y1J | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\John\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\YourFileDownloader\YourFileUpdater.exe (http://yourfiledownloader.com) PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.) PRC - C:\Program Files\Lexmark 1200 Series\lxczbmon.exe (Lexmark International, Inc.) PRC - C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Lexmark 1200 Series\ConvDIB.dll () MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.) DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {3E39BC95-F5DF-4D87-8429-CC077D50EC71} IE - HKCU\..\SearchScopes\{3E39BC95-F5DF-4D87-8429-CC077D50EC71}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta= IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte.com/i/playbryte/search/redirect/?type=default-ie&user_id=bc5fd840-cfed-49ac-9a95-d064978ac4e7&query={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/28 00:06:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/15 17:54:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/15 17:53:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Flock\flock\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Flock\flock\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/31 18:27:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/12 15:57:45 | 000,000,000 | ---D | M] [2011/06/12 15:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions [2009/07/16 18:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b} [2012/06/19 11:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ygpjs4z.default\extensions [2012/06/15 17:38:33 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ygpjs4z.default\extensions\plugin@yontoo.com [2012/05/31 18:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/04/21 02:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2006/06/22 14:44:58 | 002,078,344 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2012/04/21 03:09:17 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/04/21 03:09:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/04/21 03:09:17 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012/04/21 03:09:17 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012/04/21 03:09:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2012/04/21 03:09:18 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [eyeBeam SIP Client] File not found O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found O16 - DPF: {0A89E06C-0BE4-4D92-80FD-9F1009A4F3E1} http://www.the-saleroom.com/LiveAuctions/ActiveX/SaleRoomBidder.cab (Sale Room Bidder) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-c089f59c7b1c157f.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: Microsoft XML Parser for Java http://file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A44CE98-3D02-4811-A005-DC2770058E21}: DhcpNameServer = 192.168.1.254 192.168.1.254 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/06/22 12:48:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012/06/21 11:04:52 | 000,000,000 | -HSD | C] -- C:\found.000 [2012/06/20 13:46:10 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.scr [2012/06/20 12:57:04 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\John\Desktop\unhide.exe [2012/06/19 17:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Malwarebytes [2012/06/19 17:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/19 17:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/06/19 17:31:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/06/19 17:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/19 13:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\MY DOCS [2012/06/19 11:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\testing [2012/06/19 10:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\test [2012/06/15 18:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\YourFileDownloader [2012/06/15 18:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\YourFileDownloader [2012/06/15 17:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\AVG2012 [2012/06/15 17:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG [2012/06/15 17:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2012/06/15 17:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime [2012/06/15 17:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\CSA [2012/06/15 15:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\OfficeRecovery [2012/06/15 15:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Apps [2012/06/14 16:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic [2012/06/14 15:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\New Folder (3) [2012/06/14 15:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\New Folder (2) [2012/06/14 14:40:32 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2012/06/08 15:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\hhh [2012/06/08 15:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\New Folder [2012/06/06 17:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Royal Mail [2012/05/31 18:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/05/31 18:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/22 13:18:39 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1875872634-156128194-2879020886-1006.job [2012/06/22 13:18:38 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1875872634-156128194-2879020886-1006.job [2012/06/22 12:46:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/06/22 12:46:20 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/06/22 12:46:18 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\Your File Updater.job [2012/06/22 12:46:18 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1875872634-156128194-2879020886-1011.job [2012/06/22 12:46:18 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1875872634-156128194-2879020886-1010.job [2012/06/22 12:45:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/21 18:03:28 | 000,001,572 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Kims CV.rtf [2012/06/21 18:00:36 | 000,013,270 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Kim CV.rtf [2012/06/21 18:00:01 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job [2012/06/21 17:40:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/06/21 15:31:20 | 000,029,660 | ---- | M] () -- C:\Documents and Settings\John\Application Data\wklnhst.dat [2012/06/21 15:28:46 | 000,000,968 | ---- | M] () -- C:\WINDOWS\lexstat.ini [2012/06/21 12:57:48 | 000,033,758 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\dt.dat [2012/06/21 12:51:44 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/21 10:40:12 | 100,611,477 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/06/20 13:46:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.scr [2012/06/20 12:57:05 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\John\Desktop\unhide.exe [2012/06/19 17:31:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/19 16:40:58 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn [2012/06/19 13:47:06 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\John\My Documents\test123.rtf [2012/06/19 13:12:16 | 000,000,338 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Shortcut to My Documents.lnk [2012/06/19 12:49:50 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Document.rtf [2012/06/19 10:13:27 | 000,241,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/06/15 19:29:56 | 000,473,392 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/15 19:29:56 | 000,084,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/15 19:22:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/06/15 18:28:58 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YourFile Downloader.lnk [2012/06/15 17:54:03 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2012/06/15 17:12:57 | 000,000,224 | ---- | M] () -- C:\WINDOWS\System32\9B13A86D.plf [2012/06/14 17:08:19 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2012/06/14 16:19:03 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job [2012/06/11 14:20:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1875872634-156128194-2879020886-1011.job [2012/06/07 18:07:16 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\Desktop\TR1.pdf [2012/06/07 18:07:06 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\06-07-2012 06;07;06PM.PDF [2012/06/07 18:06:33 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\Desktop\TR2.pdf [2012/06/07 18:06:15 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\06-07-2012 06;06;15PM.PDF [2012/06/07 18:04:54 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\TR2.pdf [2012/06/07 17:48:08 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;48;08PM.PDF [2012/06/07 17:47:01 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;47;00PM.PDF [2012/06/07 17:46:10 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\TR1.pdf [2012/06/07 17:45:30 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;45;30PM.PDF [2012/06/02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui [2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll [2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll [2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl [2012/06/02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll [2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll [2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll [2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe [2012/06/02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll [2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll [2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll [2012/06/02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2012/06/02 15:18:58 | 000,017,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2012/05/31 18:28:01 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/05/31 18:28:01 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/05/31 17:38:20 | 000,005,560 | ---- | M] () -- C:\Documents and Settings\John\Desktop\MAY12.rtf [2012/05/31 14:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll [2012/05/31 14:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\crypt32(2)(2).dll [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/21 18:03:28 | 000,001,572 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Kims CV.rtf [2012/06/21 18:00:36 | 000,013,270 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Kim CV.rtf [2012/06/21 12:57:48 | 000,033,758 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\dt.dat [2012/06/19 17:31:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/19 13:47:06 | 000,000,161 | ---- | C] () -- C:\Documents and Settings\John\My Documents\test123.rtf [2012/06/19 13:11:01 | 000,000,338 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Shortcut to My Documents.lnk [2012/06/19 12:49:50 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Document.rtf [2012/06/15 18:28:58 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YourFile Downloader.lnk [2012/06/15 18:28:50 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\Your File Updater.job [2012/06/15 17:54:03 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2012/06/14 17:08:19 | 000,054,156 | ---- | C] () -- C:\WINDOWS\QTFont.qfn [2012/06/14 17:08:19 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2012/06/14 16:19:02 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job [2012/06/12 14:09:01 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1875872634-156128194-2879020886-1006.job [2012/06/08 15:58:51 | 000,000,393 | ---- | C] () -- C:\Documents and Settings\John\My Documents\lp.lnk [2012/06/07 18:07:16 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\Desktop\TR1.pdf [2012/06/07 18:07:06 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\06-07-2012 06;07;06PM.PDF [2012/06/07 18:06:33 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\Desktop\TR2.pdf [2012/06/07 18:06:15 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\06-07-2012 06;06;15PM.PDF [2012/06/07 18:04:54 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\TR2.pdf [2012/06/07 17:48:08 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;48;08PM.PDF [2012/06/07 17:47:00 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;47;00PM.PDF [2012/06/07 17:46:10 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\TR1.pdf [2012/06/07 17:45:30 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;45;30PM.PDF [2012/05/31 18:28:01 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/05/31 18:28:01 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2012/05/31 18:28:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/05/30 18:49:14 | 000,005,560 | ---- | C] () -- C:\Documents and Settings\John\Desktop\MAY12.rtf [2012/03/26 14:35:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010/11/15 13:58:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010/11/15 13:58:24 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010/11/15 13:58:09 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\John\Application Data\$_hpcst$.hpc ========== Custom Scans ========== < :Otl > < DRV - (WDICA) -- File not found > < DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found > < DRV - (PDRFRAME) -- File not found > < DRV - (PDRELI) -- File not found > < DRV - (PDFRAME) -- File not found > < DRV - (PDCOMP) -- File not found > < DRV - (PCIDump) -- File not found > < DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found > < DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found > < DRV - (lbrtfdc) -- File not found > < DRV - (Changer) -- File not found > < IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) > < IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found > < O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. > < O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) > < O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) > < O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. > < O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found > < O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found > < O4 - HKLM..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u File not found > < O4 - HKCU..\Run: [eyeBeam SIP Client] File not found > < O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found > < O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found > < O16 - DPF: Microsoft XML Parser for Java http://file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) > Invalid Switch: C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) < @Alternate Data Stream - 874 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFB5119F > < @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 > < @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95 > < @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80337C03 > < > < :Files > < ipconfig /flushdns /c > Windows IP Configuration Could not flush the DNS Resolver Cache: Function failed during execution. < > < :commands > < [emptytemp] > < [purity] > < [RESETHOSTS]•Return to OTL, > ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\John\My Documents\fbchathistory.dat:�SummaryInformation @Alternate Data Stream - 874 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFB5119F @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80337C03 < End of report > ----------------------------------------------------------- I don't know if it is of any significance but my computer did not reboot automatically after the OTL report completed, I did it manually. I've also done the Java reinstall successfully. I'm going to have the best-running computer in the world at this rate! Thankyou so much once again.
  7. JCE
    Hi again Starbuck, Thankyou thankyou thankyou!!.......I ran the Scandisk utility (I would never have found that!).....and guess what? My files and folders are back in My Documents!! Therefore the rest of this reply may be irrelevant, but I am including the reports in case there is something of relevance/interest..... Yes I read that comment about Diskinternals too.....and that was exactly what seemed to have happened to me. Yes I did the "show hidden folders" procedure exactly as you say. Oops yes, it seems I didn't remove the lines that MBAM detected! I have now done that. Please note that I did update MBAM but it was a different version to the latest one you indicated. Here are the reports you requested me to submit: MBAM report: Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.21.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 John :: D7B74Y1J [administrator] Protection: Disabled 21/06/2012 13:02:36 mbam-log-2012-06-21 (13-02-36).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 339227 Time elapsed: 1 hour(s), 4 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 2 C:\Program Files\MyWaySA (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWaySA\SrchAsDe (PUP.MyWebSearch) -> Quarantined and deleted successfully. Files Detected: 3 C:\Documents and Settings\John\Desktop\freeopener.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully. C:\Documents and Settings\John\Desktop\freeopener_715.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1796\A0165977.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. (end) -------------------------------------------------------------------------- New OTL report: OTL logfile created on: 21/06/2012 14:32:06 - Run 2 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\John\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.07 Mb Total Physical Memory | 513.43 Mb Available Physical Memory | 50.23% Memory free 2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.96% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.95 Gb Total Space | 104.25 Gb Free Space | 71.43% Space Free | Partition Type: NTFS Computer Name: D7B74Y1J | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\John\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\YourFileDownloader\YourFileUpdater.exe (http://yourfiledownloader.com) PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.) PRC - C:\Program Files\Lexmark 1200 Series\lxczbmon.exe (Lexmark International, Inc.) PRC - C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Lexmark 1200 Series\ConvDIB.dll () MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.) DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {3E39BC95-F5DF-4D87-8429-CC077D50EC71} IE - HKCU\..\SearchScopes\{3E39BC95-F5DF-4D87-8429-CC077D50EC71}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta= IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte.com/i/playbryte/search/redirect/?type=default-ie&user_id=bc5fd840-cfed-49ac-9a95-d064978ac4e7&query={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/28 00:06:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/15 17:54:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/15 17:53:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Flock\flock\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Flock\flock\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/31 18:27:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/12 15:57:45 | 000,000,000 | ---D | M] [2011/06/12 15:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions [2009/07/16 18:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b} [2012/06/19 11:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ygpjs4z.default\extensions [2012/06/15 17:38:33 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ygpjs4z.default\extensions\plugin@yontoo.com [2012/05/31 18:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/04/21 02:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2006/06/22 14:44:58 | 002,078,344 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2012/04/21 03:09:17 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/04/21 03:09:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/04/21 03:09:17 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012/04/21 03:09:17 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012/04/21 03:09:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2012/04/21 03:09:18 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [eyeBeam SIP Client] File not found O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found O16 - DPF: {0A89E06C-0BE4-4D92-80FD-9F1009A4F3E1} http://www.the-saleroom.com/LiveAuctions/ActiveX/SaleRoomBidder.cab (Sale Room Bidder) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-c089f59c7b1c157f.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A44CE98-3D02-4811-A005-DC2770058E21}: DhcpNameServer = 192.168.1.254 192.168.1.254 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/06/21 11:04:52 | 000,000,000 | -HSD | C] -- C:\found.000 [2012/06/20 13:46:10 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.scr [2012/06/20 12:57:04 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\John\Desktop\unhide.exe [2012/06/19 17:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Malwarebytes [2012/06/19 17:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/19 17:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/06/19 17:31:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/06/19 17:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/19 13:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\MY DOCS [2012/06/19 11:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\testing [2012/06/19 10:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\test [2012/06/15 18:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\YourFileDownloader [2012/06/15 18:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\YourFileDownloader [2012/06/15 17:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\AVG2012 [2012/06/15 17:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG [2012/06/15 17:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2012/06/15 17:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime [2012/06/15 17:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\CSA [2012/06/15 15:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\OfficeRecovery [2012/06/15 15:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Apps [2012/06/14 16:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic [2012/06/14 15:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\New Folder (3) [2012/06/14 15:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\New Folder (2) [2012/06/14 14:40:32 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2012/06/08 15:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\hhh [2012/06/08 15:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\New Folder [2012/06/06 17:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Royal Mail [2012/05/31 18:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/05/31 18:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2012/05/22 18:00:37 | 000,000,000 | ---D | C] -- C:\ad303a4e208a87a99824891da506 [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/21 14:27:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/06/21 14:27:22 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1875872634-156128194-2879020886-1006.job [2012/06/21 14:27:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1875872634-156128194-2879020886-1006.job [2012/06/21 14:26:49 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/06/21 14:26:48 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1875872634-156128194-2879020886-1010.job [2012/06/21 14:26:47 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\Your File Updater.job [2012/06/21 14:26:47 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1875872634-156128194-2879020886-1011.job [2012/06/21 14:26:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/21 13:40:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/06/21 12:57:48 | 000,033,758 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\dt.dat [2012/06/21 12:51:44 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/21 10:40:12 | 100,611,477 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/06/20 13:46:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.scr [2012/06/20 12:57:05 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\John\Desktop\unhide.exe [2012/06/19 18:04:48 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job [2012/06/19 17:31:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/19 16:40:58 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn [2012/06/19 13:47:06 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\John\My Documents\test123.rtf [2012/06/19 13:44:24 | 000,029,530 | ---- | M] () -- C:\Documents and Settings\John\Application Data\wklnhst.dat [2012/06/19 13:12:16 | 000,000,338 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Shortcut to My Documents.lnk [2012/06/19 12:49:50 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Document.rtf [2012/06/19 10:13:27 | 000,241,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/06/15 19:29:56 | 000,473,392 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/15 19:29:56 | 000,084,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/15 19:22:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/06/15 18:28:58 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YourFile Downloader.lnk [2012/06/15 17:54:03 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2012/06/15 17:12:57 | 000,000,224 | ---- | M] () -- C:\WINDOWS\System32\9B13A86D.plf [2012/06/14 17:08:19 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2012/06/14 16:19:03 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job [2012/06/11 14:20:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1875872634-156128194-2879020886-1011.job [2012/06/07 18:07:16 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\Desktop\TR1.pdf [2012/06/07 18:07:06 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\06-07-2012 06;07;06PM.PDF [2012/06/07 18:06:33 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\Desktop\TR2.pdf [2012/06/07 18:06:15 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\06-07-2012 06;06;15PM.PDF [2012/06/07 18:04:54 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\TR2.pdf [2012/06/07 17:48:08 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;48;08PM.PDF [2012/06/07 17:47:01 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;47;00PM.PDF [2012/06/07 17:46:10 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\TR1.pdf [2012/06/07 17:45:30 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;45;30PM.PDF [2012/05/31 18:28:01 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/05/31 18:28:01 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/05/31 17:38:20 | 000,005,560 | ---- | M] () -- C:\Documents and Settings\John\Desktop\MAY12.rtf [2012/05/31 14:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll [2012/05/31 14:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\crypt32(2)(2).dll [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/21 12:57:48 | 000,033,758 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\dt.dat [2012/06/19 17:31:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/19 13:47:06 | 000,000,161 | ---- | C] () -- C:\Documents and Settings\John\My Documents\test123.rtf [2012/06/19 13:11:01 | 000,000,338 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Shortcut to My Documents.lnk [2012/06/19 12:49:50 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Document.rtf [2012/06/15 18:28:58 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YourFile Downloader.lnk [2012/06/15 18:28:50 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\Your File Updater.job [2012/06/15 17:54:03 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2012/06/14 17:08:19 | 000,054,156 | ---- | C] () -- C:\WINDOWS\QTFont.qfn [2012/06/14 17:08:19 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2012/06/14 16:19:02 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job [2012/06/12 14:09:01 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1875872634-156128194-2879020886-1006.job [2012/06/08 15:58:51 | 000,000,393 | ---- | C] () -- C:\Documents and Settings\John\My Documents\lp.lnk [2012/06/07 18:07:16 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\Desktop\TR1.pdf [2012/06/07 18:07:06 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\06-07-2012 06;07;06PM.PDF [2012/06/07 18:06:33 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\Desktop\TR2.pdf [2012/06/07 18:06:15 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\06-07-2012 06;06;15PM.PDF [2012/06/07 18:04:54 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\TR2.pdf [2012/06/07 17:48:08 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;48;08PM.PDF [2012/06/07 17:47:00 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;47;00PM.PDF [2012/06/07 17:46:10 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\TR1.pdf [2012/06/07 17:45:30 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;45;30PM.PDF [2012/05/31 18:28:01 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/05/31 18:28:01 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2012/05/31 18:28:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/05/30 18:49:14 | 000,005,560 | ---- | C] () -- C:\Documents and Settings\John\Desktop\MAY12.rtf [2012/03/26 14:35:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010/11/15 13:58:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010/11/15 13:58:24 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010/11/15 13:58:09 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\John\Application Data\$_hpcst$.hpc ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\John\My Documents\fbchathistory.dat:�SummaryInformation @Alternate Data Stream - 874 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFB5119F @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80337C03 < End of report > -------------------------------------------------------------------------------------- New Extras report: OTL Extras logfile created on: 21/06/2012 14:32:06 - Run 2 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\John\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.07 Mb Total Physical Memory | 513.43 Mb Available Physical Memory | 50.23% Memory free 2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.96% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.95 Gb Total Space | 104.25 Gb Free Space | 71.43% Space Free | Partition Type: NTFS Computer Name: D7B74Y1J | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 -- () "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire) "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.) "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal) "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\YourFileDownloader\Downloader.exe" = C:\Program Files\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader -- (http://yourfiledownloader.com) "C:\Program Files\YourFileDownloader\YourFile.exe" = C:\Program Files\YourFileDownloader\YourFile.exe:*:Enabled:YourFile Downloader -- (http://yourfiledownloader.com) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 26 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011 "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5 "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon "{7A35F91E-1D16-454F-A248-B9B782A2327C}" = Dell Support 3.2.1 "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A580547F-4FB6-433E-A595-21CAA858C556}" = Microsoft Office Live Small Business Image Uploader "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6 "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0 "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012 "{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "9397EA7527D5597E900F76DDCF42A1DEDCBDC288" = Windows Driver Package - Dekart (DEKART38) SmartCardReader (11/21/2007 1.0.5.9) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ATI Display Driver" = ATI Display Driver "AVG" = AVG 2012 "BT Home Hub" = BT Home Hub "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "Lexmark 1200 Series" = Lexmark 1200 Series "LimeWire" = LimeWire 4.16.6 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP3 CD Converter Professional" = MP3 CD Converter Professional 5.03 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PROSet" = Intel® PRO Network Connections Drivers "QuickTime" = QuickTime "RealPlayer 12.0" = RealPlayer "Recover Files_is1" = Recover Files 3.27 "Serif WebPlus 6.0" = Serif WebPlus 6.0 "StreetPlugin" = Learn2 Player (Uninstall Only) "Trusted Software Assistant_is1" = File Type Assistant "ViewpointMediaPlayer" = Viewpoint Media Player "William Hill Poker" = William Hill Poker "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "NetAssistant" = Freeze.com NetAssistant "YourFileDownloader" = YourFileDownloader ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04/06/2012 13:11:14 | Computer Name = D7B74Y1J | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 13/06/2012 10:31:11 | Computer Name = D7B74Y1J | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 15/06/2012 14:18:13 | Computer Name = D7B74Y1J | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 14674, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 15/06/2012 14:18:13 | Computer Name = D7B74Y1J | Source = LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service ASP.NET_2.0.50727 (ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section. Error - 15/06/2012 14:18:15 | Computer Name = D7B74Y1J | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 14674, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 15/06/2012 14:18:15 | Computer Name = D7B74Y1J | Source = LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The Error code is the first DWORD in Data section. Error - 15/06/2012 14:18:17 | Computer Name = D7B74Y1J | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 14674, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 19/06/2012 05:36:26 | Computer Name = D7B74Y1J | Source = Application Error | ID = 1000 Description = Faulting application ati2evxx.exe, version 6.14.10.4118, faulting module ati2evxx.exe, version 6.14.10.4118, fault address 0x00028c2b. Error - 19/06/2012 05:37:31 | Computer Name = D7B74Y1J | Source = Application Error | ID = 1004 Description = Faulting application ati2evxx.exe, version 6.14.10.4118, faulting module ati2evxx.exe, version 6.14.10.4118, fault address 0x00028c2b. Error - 19/06/2012 07:23:52 | Computer Name = D7B74Y1J | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 19/06/2012 05:14:35 | Computer Name = D7B74Y1J | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 19/06/2012 05:14:45 | Computer Name = D7B74Y1J | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 19/06/2012 05:14:57 | Computer Name = D7B74Y1J | Source = Service Control Manager | ID = 7001 Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: %%31 Error - 19/06/2012 05:14:57 | Computer Name = D7B74Y1J | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error - 19/06/2012 05:14:57 | Computer Name = D7B74Y1J | Source = Service Control Manager | ID = 7001 Description = The Fax service depends on the Print Spooler service which failed to start because of the following error: %%1068 Error - 19/06/2012 05:14:57 | Computer Name = D7B74Y1J | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 19/06/2012 05:14:57 | Computer Name = D7B74Y1J | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Error - 19/06/2012 05:15:22 | Computer Name = D7B74Y1J | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 19/06/2012 05:16:07 | Computer Name = D7B74Y1J | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 19/06/2012 11:47:23 | Computer Name = D7B74Y1J | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. < End of report > ----------------------------------------------------------------------- Thanks again Starbuck.....is there anything else I need to do?
  8. JCE
    Hi Starbuck, Many thanks for your help on this. I have now done all the scans and here is the information you requested: Unhide.txt: Unhide by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Unhide.exe can be found at this link: http://www.bleepingcomputer.com/forums/topic405109.html Program started at: 06/20/2012 01:26:42 PM Windows Version: Windows XP Please be patient while your files are made visible again. Processing the C:\ drive Finished processing the C:\ drive. 98453 files processed. The C:\DOCUME~1\John\LOCALS~1\Temp\smtmp\ folder does not exist!! Unhide cannot restore your missing shortcuts!! Please see this topic in order to learn how to restore default Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced No registry changes detected. Restarting Explorer.exe in order to apply changes. Program finished at: 06/20/2012 01:34:43 PM Execution time: 0 hours(s), 8 minute(s), and 1 seconds(s) OTL.txt: OTL logfile created on: 20/06/2012 13:48:14 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\John\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.07 Mb Total Physical Memory | 603.10 Mb Available Physical Memory | 59.01% Memory free 2.40 Gb Paging File | 2.01 Gb Available in Paging File | 83.48% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.95 Gb Total Space | 104.32 Gb Free Space | 71.48% Space Free | Partition Type: NTFS Computer Name: D7B74Y1J | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\John\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\YourFileDownloader\YourFileUpdater.exe (http://yourfiledownloader.com) PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.) PRC - C:\Program Files\Lexmark 1200 Series\lxczbmon.exe (Lexmark International, Inc.) PRC - C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Lexmark 1200 Series\ConvDIB.dll () MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.) DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {3E39BC95-F5DF-4D87-8429-CC077D50EC71} IE - HKCU\..\SearchScopes\{3E39BC95-F5DF-4D87-8429-CC077D50EC71}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta= IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte.com/i/playbryte/search/redirect/?type=default-ie&user_id=bc5fd840-cfed-49ac-9a95-d064978ac4e7&query={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/28 00:06:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/15 17:54:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/15 17:53:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Flock\flock\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Flock\flock\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/31 18:27:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/12 15:57:45 | 000,000,000 | ---D | M] [2011/06/12 15:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions [2009/07/16 18:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b} [2012/06/19 11:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ygpjs4z.default\extensions [2012/06/15 17:38:33 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ygpjs4z.default\extensions\plugin@yontoo.com [2012/05/31 18:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/04/21 02:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2006/06/22 14:44:58 | 002,078,344 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2012/04/21 03:09:17 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/04/21 03:09:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/04/21 03:09:17 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012/04/21 03:09:17 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012/04/21 03:09:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2012/04/21 03:09:18 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [eyeBeam SIP Client] File not found O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found O16 - DPF: {0A89E06C-0BE4-4D92-80FD-9F1009A4F3E1} http://www.the-saleroom.com/LiveAuctions/ActiveX/SaleRoomBidder.cab (Sale Room Bidder) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-c089f59c7b1c157f.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A44CE98-3D02-4811-A005-DC2770058E21}: DhcpNameServer = 192.168.1.254 192.168.1.254 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/06/20 13:46:10 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.scr [2012/06/20 12:57:04 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\John\Desktop\unhide.exe [2012/06/19 17:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Malwarebytes [2012/06/19 17:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/19 17:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/06/19 17:31:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/06/19 17:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/19 13:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\MY DOCS [2012/06/15 18:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\YourFileDownloader [2012/06/15 18:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\YourFileDownloader [2012/06/15 17:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\AVG2012 [2012/06/15 17:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG [2012/06/15 17:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2012/06/15 17:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime [2012/06/15 17:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\CSA [2012/06/15 15:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\OfficeRecovery [2012/06/15 15:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Apps [2012/06/14 16:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic [2012/06/14 14:40:32 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2012/05/31 18:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/05/31 18:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2012/05/22 18:00:37 | 000,000,000 | ---D | C] -- C:\ad303a4e208a87a99824891da506 [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/20 13:47:19 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1875872634-156128194-2879020886-1006.job [2012/06/20 13:47:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1875872634-156128194-2879020886-1006.job [2012/06/20 13:46:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.scr [2012/06/20 13:43:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/06/20 13:43:45 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/06/20 13:43:43 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\Your File Updater.job [2012/06/20 13:43:43 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1875872634-156128194-2879020886-1011.job [2012/06/20 13:43:43 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1875872634-156128194-2879020886-1010.job [2012/06/20 13:40:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/20 12:57:05 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\John\Desktop\unhide.exe [2012/06/20 12:40:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/06/20 12:22:50 | 100,582,230 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/06/19 18:04:48 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job [2012/06/19 17:31:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/19 16:40:58 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn [2012/06/19 13:44:24 | 000,029,530 | ---- | M] () -- C:\Documents and Settings\John\Application Data\wklnhst.dat [2012/06/19 13:12:16 | 000,000,338 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Shortcut to My Documents.lnk [2012/06/19 12:37:51 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/19 10:13:27 | 000,241,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/06/15 19:29:56 | 000,473,392 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/15 19:29:56 | 000,084,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/15 19:22:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/06/15 18:28:58 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YourFile Downloader.lnk [2012/06/15 18:11:02 | 000,034,764 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\dt.dat [2012/06/15 17:54:03 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2012/06/15 17:12:57 | 000,000,224 | ---- | M] () -- C:\WINDOWS\System32\9B13A86D.plf [2012/06/14 17:08:19 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2012/06/14 16:19:03 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job [2012/06/11 14:20:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1875872634-156128194-2879020886-1011.job [2012/06/07 18:07:16 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\Desktop\TR1.pdf [2012/06/07 18:07:06 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\06-07-2012 06;07;06PM.PDF [2012/06/07 18:06:33 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\Desktop\TR2.pdf [2012/06/07 18:06:15 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\06-07-2012 06;06;15PM.PDF [2012/06/07 17:48:08 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;48;08PM.PDF [2012/06/07 17:47:01 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;47;00PM.PDF [2012/06/07 17:45:30 | 001,146,774 | ---- | M] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;45;30PM.PDF [2012/05/31 18:28:01 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/05/31 18:28:01 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/05/31 17:38:20 | 000,005,560 | ---- | M] () -- C:\Documents and Settings\John\Desktop\MAY12.rtf [2012/05/31 14:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll [2012/05/31 14:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\crypt32(2)(2).dll [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/19 17:31:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/19 13:11:01 | 000,000,338 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Shortcut to My Documents.lnk [2012/06/15 18:28:58 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YourFile Downloader.lnk [2012/06/15 18:28:50 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\Your File Updater.job [2012/06/15 18:11:02 | 000,034,764 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\dt.dat [2012/06/15 17:54:03 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2012/06/14 17:08:19 | 000,054,156 | ---- | C] () -- C:\WINDOWS\QTFont.qfn [2012/06/14 17:08:19 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2012/06/14 16:19:02 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job [2012/06/12 14:09:01 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1875872634-156128194-2879020886-1006.job [2012/06/07 18:07:16 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\Desktop\TR1.pdf [2012/06/07 18:07:06 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\06-07-2012 06;07;06PM.PDF [2012/06/07 18:06:33 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\Desktop\TR2.pdf [2012/06/07 18:06:15 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\06-07-2012 06;06;15PM.PDF [2012/06/07 17:48:08 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;48;08PM.PDF [2012/06/07 17:47:00 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;47;00PM.PDF [2012/06/07 17:45:30 | 001,146,774 | ---- | C] () -- C:\Documents and Settings\John\My Documents\06-07-2012 05;45;30PM.PDF [2012/05/31 18:28:01 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/05/31 18:28:01 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2012/05/31 18:28:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/05/30 18:49:14 | 000,005,560 | ---- | C] () -- C:\Documents and Settings\John\Desktop\MAY12.rtf [2012/03/26 14:35:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010/11/15 13:58:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010/11/15 13:58:24 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010/11/15 13:58:09 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\John\Application Data\$_hpcst$.hpc ========== LOP Check ========== [2012/04/12 11:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2012/06/15 18:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2011/02/22 19:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2011/02/22 19:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations [2010/12/09 14:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2008/05/21 12:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay [2009/04/23 13:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2012/06/20 12:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2011/02/22 15:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2010/11/15 13:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2008/11/09 18:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2012/06/15 17:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2012/06/15 16:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2005/11/14 20:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2011/02/22 19:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\AVG [2011/02/22 19:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\AVG10 [2012/06/15 17:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\AVG2012 [2011/03/16 15:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Dekart [2011/02/22 19:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Flock [2010/10/28 16:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\GetRightToGo [2009/04/30 22:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Grisoft [2011/07/28 01:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\InfraRecorder [2005/12/06 19:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Leadertech [2010/11/15 14:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\ML [2011/06/16 16:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Nikon [2011/06/12 15:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Notepad++ [2012/06/15 15:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\OfficeRecovery [2010/11/15 13:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Samsung [2006/01/16 20:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Template [2008/07/02 13:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Viewpoint [2012/06/15 18:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\YourFileDownloader [2012/06/19 18:04:48 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job [2012/06/14 16:19:03 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job [2012/06/20 13:43:43 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\Your File Updater.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2005/11/17 12:50:38 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2005/11/14 20:40:26 | 000,004,604 | R--- | M] () -- C:\dell.sdr [2012/06/15 16:51:35 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log [2011/03/22 17:42:30 | 000,361,044 | ---- | M] () -- C:\Firefox Keylogger.rar [2011/03/25 00:58:01 | 005,367,914 | ---- | M] () -- C:\firefoxscript.rar [2007/11/07 20:04:48 | 000,000,489 | ---- | M] () -- C:\ICSYSINF.log [2005/11/17 18:33:30 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1 [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\IO.SYS [2005/11/14 20:59:12 | 000,000,897 | ---- | M] () -- C:\IPH.PH [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS [2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/11/09 17:29:17 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/06/20 13:39:56 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2005/10/31 16:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2006/01/19 05:33:38 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\LXCZPP5C.DLL < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 874 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFB5119F @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80337C03 < End of report > Extras.txt OTL Extras logfile created on: 20/06/2012 13:48:14 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\John\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.07 Mb Total Physical Memory | 603.10 Mb Available Physical Memory | 59.01% Memory free 2.40 Gb Paging File | 2.01 Gb Available in Paging File | 83.48% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.95 Gb Total Space | 104.32 Gb Free Space | 71.48% Space Free | Partition Type: NTFS Computer Name: D7B74Y1J | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 -- () "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire) "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.) "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal) "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\YourFileDownloader\Downloader.exe" = C:\Program Files\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader -- (http://yourfiledownloader.com) "C:\Program Files\YourFileDownloader\YourFile.exe" = C:\Program Files\YourFileDownloader\YourFile.exe:*:Enabled:YourFile Downloader -- (http://yourfiledownloader.com) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 26 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011 "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5 "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon "{7A35F91E-1D16-454F-A248-B9B782A2327C}" = Dell Support 3.2.1 "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A580547F-4FB6-433E-A595-21CAA858C556}" = Microsoft Office Live Small Business Image Uploader "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6 "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0 "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012 "{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "9397EA7527D5597E900F76DDCF42A1DEDCBDC288" = Windows Driver Package - Dekart (DEKART38) SmartCardReader (11/21/2007 1.0.5.9) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ATI Display Driver" = ATI Display Driver "AVG" = AVG 2012 "BT Home Hub" = BT Home Hub "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "Lexmark 1200 Series" = Lexmark 1200 Series "LimeWire" = LimeWire 4.16.6 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP3 CD Converter Professional" = MP3 CD Converter Professional 5.03 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PROSet" = Intel® PRO Network Connections Drivers "QuickTime" = QuickTime "RealPlayer 12.0" = RealPlayer "Recover Files_is1" = Recover Files 3.27 "Serif WebPlus 6.0" = Serif WebPlus 6.0 "StreetPlugin" = Learn2 Player (Uninstall Only) "Trusted Software Assistant_is1" = File Type Assistant "ViewpointMediaPlayer" = Viewpoint Media Player "William Hill Poker" = William Hill Poker "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "NetAssistant" = Freeze.com NetAssistant "YourFileDownloader" = YourFileDownloader ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04/06/2012 13:11:14 | Computer Name = D7B74Y1J | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 13/06/2012 10:31:11 | Computer Name = D7B74Y1J | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 15/06/2012 14:18:13 | Computer Name = D7B74Y1J | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 14674, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 15/06/2012 14:18:13 | Computer Name = D7B74Y1J | Source = LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service ASP.NET_2.0.50727 (ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section. Error - 15/06/2012 14:18:15 | Computer Name = D7B74Y1J | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 14674, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 15/06/2012 14:18:15 | Computer Name = D7B74Y1J | Source = LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The Error code is the first DWORD in Data section. Error - 15/06/2012 14:18:17 | Computer Name = D7B74Y1J | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 14674, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 19/06/2012 05:36:26 | Computer Name = D7B74Y1J | Source = Application Error | ID = 1000 Description = Faulting application ati2evxx.exe, version 6.14.10.4118, faulting module ati2evxx.exe, version 6.14.10.4118, fault address 0x00028c2b. Error - 19/06/2012 05:37:31 | Computer Name = D7B74Y1J | Source = Application Error | ID = 1004 Description = Faulting application ati2evxx.exe, version 6.14.10.4118, faulting module ati2evxx.exe, version 6.14.10.4118, fault address 0x00028c2b. Error - 19/06/2012 07:23:52 | Computer Name = D7B74Y1J | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 19/06/2012 05:14:35 | Computer Name = D7B74Y1J | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 19/06/2012 05:14:45 | Computer Name = D7B74Y1J | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 19/06/2012 05:14:57 | Computer Name = D7B74Y1J | Source = Service Control Manager | ID = 7001 Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: %%31 Error - 19/06/2012 05:14:57 | Computer Name = D7B74Y1J | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error - 19/06/2012 05:14:57 | Computer Name = D7B74Y1J | Source = Service Control Manager | ID = 7001 Description = The Fax service depends on the Print Spooler service which failed to start because of the following error: %%1068 Error - 19/06/2012 05:14:57 | Computer Name = D7B74Y1J | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 19/06/2012 05:14:57 | Computer Name = D7B74Y1J | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Error - 19/06/2012 05:15:22 | Computer Name = D7B74Y1J | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 19/06/2012 05:16:07 | Computer Name = D7B74Y1J | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 19/06/2012 11:47:23 | Computer Name = D7B74Y1J | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. < End of report > ------------------------------------------------------------------------------------------------- Please also note that whilst running the scans, both Unhide and OTL threw up a balloon saying "Corrupt file - The file or directory C:\$Mft is corrupt and unreadable. Please run the Chkdsk utility". I don't know if this is of any significance? Oh, and there is still no sign of my missing files and folders in My Documents! Thanks again for your help on this.
  9. JCE
    Ok, thanks very much.
  10. JCE
    Hi Ken....and thanks for your help. I have done what you advised and Malwarebytes produced the following log: Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 John :: D7B74Y1J [administrator] Protection: Enabled 19/06/2012 17:33:46 mbam-log-2012-06-19 (18-04-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 244035 Time elapsed: 20 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343CE214-9998-4B21-A151-FFE970167297} (Rogue.Installer) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DECEAAA2-370A-49BB-9362-68C3A58DDC62} (Adware.180Solutions) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 2 C:\Program Files\MyWaySA (PUP.MyWebSearch) -> No action taken. C:\Program Files\MyWaySA\SrchAsDe (PUP.MyWebSearch) -> No action taken. Files Detected: 2 C:\Documents and Settings\John\Desktop\freeopener.exe (PUP.BundleOffers.IIQ) -> No action taken. C:\Documents and Settings\John\Desktop\freeopener_715.exe (PUP.BundleOffers.IIQ) -> No action taken. (end) Looks to be a few nasty things in there! Please note, I have also now uninstalled the strange "Diskinternals Uneraser" but the problem with "My Documents" still persists. I'm very grateful for any advice. Thanks again.
  11. JCE
    Hello all. I wonder if anyone could help me please.......all the files/folders in "My Documents" have disappeared (PDF's are still there). Also, anything new that I save to "My Documents" is not appearing there either. I've done the "show hidden folders" thing, system restore etc.. Also downloaded numerous "recover deleted files" programmes and they haven't found them. Nor does "search" find them. Now, I seem to have a programme called "Diskinternals Uneraser" installed on my computer though not sure where that came from! It shows on the menu when I right click on "My Documents". Thought I'd run that and see what happened. It found all the stuff that used to be in "My Documents", but of course, when I went to "recover" the stuff it takes me to a payment page. I presume that "Diskinternals Uneraser" is some sort of scam that has found its way onto my computer? Anyway, all the files and folders are obviously still on my computer somewhere, but where I know not. I have found a few in "My recent documents" but there are still many missing. Could anybody shed any light on this please?
×
×
  • Create New...