Yockie Posted December 10, 2012 Posted December 10, 2012 Hello, Here are the three reports for my daughter's PC, the MBAM said she has eight problems that need to be quarantined and as this seemed quite a large number, she asked me to post the logs in here and if someone can say if the threats seem severe, or she can go on working with her PC as it is - that will be great. Report 1: OTL logfile created on: 10/12/2012 09:15:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1015.36 Mb Total Physical Memory | 301.94 Mb Available Physical Memory | 29.74% Memory free 2.38 Gb Paging File | 1.72 Gb Available in Paging File | 72.14% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.25 Gb Total Space | 20.92 Gb Free Space | 56.16% Space Free | Partition Type: NTFS Computer Name: USER-9F4EEDCD71 | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.) PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll () MOD - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll () MOD - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll () MOD - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\avutil-51.dll () MOD - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll () MOD - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\avformat-54.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll () ========== Services (SafeList) ========== SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe File not found SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (GSService) -- C:\WINDOWS\system32\GSService.exe () SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (UIUSys) -- system32\drivers\UIUSys.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (MpKsl9fc67b59) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB44A5FA-83FA-4C03-9CA0-210A1FD1FDFD}\MpKsl9fc67b59.sys (Microsoft Corporation) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (DVDRIVER) -- C:\WINDOWS\system32\drivers\dvdriver.sys (Eagletron Inc.) DRV - (mcaudrv_simple) -- C:\WINDOWS\system32\drivers\mcaudrv.sys (ManyCam LLC) DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\mcvidrv.sys (ManyCam LLC) DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.) DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.) DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.) DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.) DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (LgBttPort) -- C:\WINDOWS\system32\drivers\lgbtport.sys (LG Electronics Inc.) DRV - (LGVMODEM) -- C:\WINDOWS\system32\drivers\lgvmodem.sys (LG Electronics Inc.) DRV - (lgbusenum) -- C:\WINDOWS\system32\drivers\lgbtbus.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments) DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.) DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=186f7b1b-bde5-469b-a987-defed86f2f88&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=186f7b1b-bde5-469b-a987-defed86f2f88&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=186f7b1b-bde5-469b-a987-defed86f2f88&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=186f7b1b-bde5-469b-a987-defed86f2f88&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=186f7b1b-bde5-469b-a987-defed86f2f88&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {CD722DB4-2F19-4A6D-9DA7-B24CFB558347} IE - HKCU\..\SearchScopes\{CD722DB4-2F19-4A6D-9DA7-B24CFB558347}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\User\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\User\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - homepage: http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=186f7b1b-bde5-469b-a987-defed86f2f88&affid=111585&searchtype=hp&babsrc=lnkry CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=186f7b1b-bde5-469b-a987-defed86f2f88&affid=111585&searchtype=hp&babsrc=lnkry CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\User\Application Data\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\User\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: ChromeTheme.net = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihhcnlkciomldimadgimaoakoabelfmj\1_0\ CHR - Extension: Skype Click to Call = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\ CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2003/06/20 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Coupon Companion) - {11111111-1111-1111-1111-110011441193} - C:\Program Files\Coupon Companion\Coupon Companion.dll (215 Apps) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll File not found O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll File not found O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll File not found O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BL) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON SX218 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56F62E6E-AD64-4317-810F-4A8B2210F841}: DhcpNameServer = 192.168.1.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71A12AC7-DB10-495B-A8E2-93DB584B3D2B}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/01/18 10:50:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{7d0aabb0-cff3-11e0-ab52-0012f05a9998}\Shell - "" = AutoRun O33 - MountPoints2\{7d0aabb0-cff3-11e0-ab52-0012f05a9998}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7d0aabb0-cff3-11e0-ab52-0012f05a9998}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe O33 - MountPoints2\{7e825bd7-ac98-11e0-aaf4-0012f05a9998}\Shell - "" = AutoRun O33 - MountPoints2\{7e825bd7-ac98-11e0-aaf4-0012f05a9998}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7e825bd7-ac98-11e0-aaf4-0012f05a9998}\Shell\AutoRun\command - "" = E:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/12/10 09:13:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe [2012/12/09 19:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes [2012/12/09 19:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/09 19:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/12/09 19:15:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/12/09 19:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/12/09 15:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Iteral_Group_Ltd [2012/12/09 11:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Skype [2012/12/09 11:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2012/12/09 11:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/12/09 11:28:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012/12/09 11:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/10 09:31:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{46CF5938-AECF-4F65-9729-FD6E2FC48E17}.job [2012/12/10 09:21:04 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-796845957-1417001333-1003UA.job [2012/12/10 09:13:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe [2012/12/10 09:07:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/12/10 08:37:51 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/12/10 08:37:35 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012/12/10 08:29:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/12/10 08:27:47 | 000,000,265 | ---- | M] () -- C:\WINDOWS\lgfwup.ini [2012/12/10 08:27:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/12/09 21:44:04 | 000,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/12/09 19:15:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/09 15:23:04 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/12/09 15:22:21 | 000,473,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/12/09 15:22:21 | 000,076,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/12/09 11:28:23 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/12/09 11:21:18 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-796845957-1417001333-1003Core.job [2012/11/30 20:26:25 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\User\Desktop\google chrome.lnk [2012/11/30 20:26:25 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/11/25 22:18:39 | 000,037,321 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Stage Standard US format.pdf [2012/11/25 22:18:13 | 000,029,852 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Stage Acceptable UK format.pdf [2012/11/14 20:23:18 | 000,195,742 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Hewett School OFSTED Report.PDF [2012/11/13 20:53:41 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/11/13 20:53:40 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/09 19:15:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/09 11:28:23 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/11/25 22:18:39 | 000,037,321 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Stage Standard US format.pdf [2012/11/25 22:18:13 | 000,029,852 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Stage Acceptable UK format.pdf [2012/11/14 20:23:17 | 000,195,742 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Hewett School OFSTED Report.PDF [2012/10/30 00:16:10 | 000,521,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/10/07 09:28:28 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll [2012/10/07 09:28:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll [2012/10/07 09:28:27 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll [2012/10/07 09:28:27 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll [2012/10/07 09:28:27 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll [2012/10/07 09:28:27 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll [2012/10/07 09:28:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll [2012/10/07 09:28:27 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll [2012/10/07 09:28:27 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll [2012/10/07 09:28:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll [2012/10/07 09:28:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll [2012/10/07 09:28:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll [2012/10/07 09:28:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll [2012/10/07 09:28:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll [2012/10/07 09:28:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll [2012/10/07 09:28:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll [2012/10/07 09:28:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll [2012/10/07 09:28:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll [2012/10/07 09:28:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll [2012/10/07 09:28:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll [2012/07/27 17:35:38 | 000,003,690 | ---- | C] () -- C:\Documents and Settings\User\.jmf-resource [2012/02/15 08:43:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/08 22:16:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\My Documents_1120108_221604.dmp [2011/12/22 13:13:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Progs_.ini [2011/12/03 17:12:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\1way.ini [2011/11/12 17:31:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2011/10/01 20:36:41 | 000,450,048 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe [2011/09/28 08:48:51 | 000,069,435 | ---- | C] () -- C:\Documents and Settings\User\My Documents_1110828_084851.dmp [2011/09/10 12:35:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\My Documents_1110810_123553.dmp [2011/09/09 21:54:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\My Documents_1110809_215442.dmp [2011/09/01 22:19:19 | 000,000,550 | ---- | C] () -- C:\WINDOWS\VideoDownloader.INI [2011/08/22 09:12:50 | 000,009,728 | ---- | C] () -- C:\Program Files\LiveZilla Prerequisites.msi [2011/06/24 12:30:55 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/24 09:34:42 | 000,000,265 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2011/05/06 10:55:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2011/01/18 11:53:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll [2011/01/18 10:53:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/01/18 10:47:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011/01/18 10:29:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/01/18 10:27:59 | 000,130,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [2011/08/22 09:15:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/07/28 11:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask [2012/04/16 12:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success [2011/11/12 13:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2012/07/27 18:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2012/07/28 11:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp [2011/06/26 06:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tipard Studio [2011/11/12 11:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2011/09/27 09:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AnvSoft [2012/09/20 12:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Audacity [2011/09/01 08:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DVDVideoSoft [2012/10/29 10:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\eBookConverter [2011/11/16 19:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Epson [2011/09/25 14:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo [2011/12/04 14:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Hunspell [2011/09/04 14:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Image Zone Express [2011/01/18 11:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Infineon [2011/09/27 15:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InfraRecorder [2012/09/11 22:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LG Electronics [2012/04/14 07:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OOo-dev [2012/08/25 10:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenCandy [2012/07/03 18:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle [2012/01/16 19:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SkyMonk [2012/09/18 21:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Unity [2012/09/11 22:52:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\User\Application Data\{D94BA408-F110-488B-A65E-3AE7945F79E6} ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media Interface type: IDE Media Type: Fixed\thard disk media Model: HTS424040M9AT00 Partitions: 1 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 37.00GB Starting Offset: 32256 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2011/01/18 10:50:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011/01/18 10:44:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2011/01/18 10:50:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011/01/18 10:50:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011/01/18 10:50:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008/04/13 21:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/04/13 23:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/12/10 08:27:25 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2006/04/10 13:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpzpp054.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2011/01/18 10:27:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2011/01/18 10:27:14 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2011/01/18 10:27:14 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > [2007/04/25 06:46:54 | 000,009,728 | ---- | M] () -- C:\Program Files\LiveZilla Prerequisites.msi < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 12:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 12:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 12:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 12:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 12:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 12:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < End of report > Report 2: OTL Extras logfile created on: 10/12/2012 09:15:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1015.36 Mb Total Physical Memory | 301.94 Mb Available Physical Memory | 29.74% Memory free 2.38 Gb Paging File | 1.72 Gb Available in Paging File | 72.14% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.25 Gb Total Space | 20.92 Gb Free Space | 56.16% Space Free | Partition Type: NTFS Computer Name: USER-9F4EEDCD71 | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google) "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe "C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google) "C:\Documents and Settings\User\Local Settings\Application Data\Pearson VUE\UKCAT Practice Tests\jre\bin\java.exe" = C:\Documents and Settings\User\Local Settings\Application Data\Pearson VUE\UKCAT Practice Tests\jre\bin\java.exe:*:Enabled:Java Platform SE binary "C:\Program Files\RipTiger\RipTiger.exe" = C:\Program Files\RipTiger\RipTiger.exe:*:Enabled:RipTiger "C:\Program Files\RipTiger\HTTPDownloaderApp.exe" = C:\Program Files\RipTiger\HTTPDownloaderApp.exe:*:Enabled:RipTiger HTTP Downloader "C:\Program Files\RipTiger\RTMPDownloaderApp.exe" = C:\Program Files\RipTiger\RTMPDownloaderApp.exe:*:Enabled:RipTiger RTMP Downloader "C:\Program Files\RipTiger\MMSDownloaderApp.exe" = C:\Program Files\RipTiger\MMSDownloaderApp.exe:*:Enabled:RipTiger MMS/RTSP Downloader "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION) "C:\Program Files\Mail.Ru\Sputnik\SputnikHelper.exe" = C:\Program Files\Mail.Ru\Sputnik\SputnikHelper.exe:*:Enabled:C:\Program Files\Mail.Ru\Sputnik\SputnikHelper.exe "C:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe" = C:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe:*:Enabled:C:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "E:\dvdriver_cnet.exe" = E:\dvdriver_cnet.exe:*:Disabled:dvdriver application "E:\wc2k1_67\WebCam2000.exe" = E:\wc2k1_67\WebCam2000.exe:*:Disabled:WebCam2000 Image Server "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert "{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{1959CCD2-1227-4de4-97E7-04F29D526762}_is1" = AnyMedia Player 1.7.8 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin "{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B3F6591E-D615-4123-87B1-49E7DEDD2F66}" = OOo-dev 3.3 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{C57001A6-4C3F-4ACE-95EC-A9BF8BF99254}" = Ultra Call Control "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = Uninstall LG PC Suite III "{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "7-Zip" = 7-Zip 9.22beta "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe AIR" = Adobe AIR "Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Audacity_is1" = Audacity 2.0.2 "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem "Coupon Companion" = Coupon Companion "DjVuLibre+DjView" = DjVuLibre+DjView "DU301 Concept Mapper" = DU301 Concept Mapper "EPSON Scanner" = EPSON Scan "EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall "EPSON SX218 Series Manual" = EPSON SX218 Series Manual "Graph_is1" = Graph 4.3 "HPOCR" = OCR Software by I.R.I.S 7.0 "ie8" = Windows Internet Explorer 8 "InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers. "LAME_is1" = LAME v3.99.3 (for Windows) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NumericalSkills CD-ROM" = NumericalSkills CD-ROM "PDFePubRMRemoval" = PDF ePub DRM Removal "tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine "VLC media player" = VLC media player 1.1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinPcapInst" = WinPcap 4.1.2 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Adobe Connect Add-in" = Adobe Connect Add-in "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 25/11/2012 14:55:33 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 | ID = 2001 Description = Error - 28/11/2012 17:48:37 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 | ID = 2001 Description = Error - 01/12/2012 12:53:15 | Computer Name = USER-9F4EEDCD71 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.1.522.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 03/12/2012 09:29:55 | Computer Name = USER-9F4EEDCD71 | Source = Windows Live Messenger | ID = 1000 Description = Error - 03/12/2012 10:29:08 | Computer Name = USER-9F4EEDCD71 | Source = Windows Live Messenger | ID = 1000 Description = Error - 04/12/2012 17:11:06 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 | ID = 2001 Description = Error - 05/12/2012 14:57:56 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 | ID = 2001 Description = Error - 05/12/2012 16:38:59 | Computer Name = USER-9F4EEDCD71 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 05/12/2012 16:39:09 | Computer Name = USER-9F4EEDCD71 | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 06/12/2012 06:28:10 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 | ID = 2001 Description = [ System Events ] Error - 09/12/2012 05:22:44 | Computer Name = USER-9F4EEDCD71 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.3 for the Network Card with network address 0012F05A9998 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 09/12/2012 05:23:33 | Computer Name = USER-9F4EEDCD71 | Source = Service Control Manager | ID = 7000 Description = The DVDRIVER service failed to start due to the following error: %%1058 Error - 09/12/2012 10:51:46 | Computer Name = USER-9F4EEDCD71 | Source = Service Control Manager | ID = 7000 Description = The DVDRIVER service failed to start due to the following error: %%1058 Error - 09/12/2012 10:56:25 | Computer Name = USER-9F4EEDCD71 | Source = Service Control Manager | ID = 7000 Description = The DVDRIVER service failed to start due to the following error: %%1058 Error - 09/12/2012 11:28:14 | Computer Name = USER-9F4EEDCD71 | Source = Service Control Manager | ID = 7000 Description = The DVDRIVER service failed to start due to the following error: %%1058 Error - 09/12/2012 17:44:39 | Computer Name = USER-9F4EEDCD71 | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 09/12/2012 17:45:26 | Computer Name = USER-9F4EEDCD71 | Source = Service Control Manager | ID = 7000 Description = The DVDRIVER service failed to start due to the following error: %%1058 Error - 09/12/2012 17:45:30 | Computer Name = USER-9F4EEDCD71 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: PCIIde Error - 10/12/2012 04:27:54 | Computer Name = USER-9F4EEDCD71 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.2 for the Network Card with network address 0012F05A9998 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 10/12/2012 04:28:42 | Computer Name = USER-9F4EEDCD71 | Source = Service Control Manager | ID = 7000 Description = The DVDRIVER service failed to start due to the following error: %%1058 < End of report > Report 3: Malwarebytes Anti-Malware (Trial) 1.65.1.1000 http://www.malwarebytes.org Database version: v2012.12.09.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: USER-9F4EEDCD71 [administrator] Protection: Enabled 09/12/2012 19:19:30 mbam-log-2012-12-09 (19-19-30).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 251524 Time elapsed: 2 hour(s), 11 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully. HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully. Registry Values Detected: 4 HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Data: -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Data: 8194 -> Quarantined and deleted successfully. HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: f5df3e369cf9a3245e2b1da97c577d49 -> Quarantined and deleted successfully. HKCU\Software\InstalledBrowserExtensions\215 Apps|4493 (PUP.CrossFire.SA) -> Data: Coupon Companion -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Documents and Settings\User\Local Settings\Temp\CouponDropDown.exe (PUP.CrossRider.CDD) -> Quarantined and deleted successfully. (end) Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
KenB Posted December 10, 2012 Posted December 10, 2012 It would help the security guys if you could post the MBAM log too please. Click on the MBAM icon > let it load > click on the Logs Tab > copy the most recent log and paste it here. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Yockie Posted December 11, 2012 Author Posted December 11, 2012 2012/12/11 07:49:28 GMT USER-9F4EEDCD71 MESSAGE Starting protection 2012/12/11 07:49:28 GMT USER-9F4EEDCD71 MESSAGE Protection started successfully 2012/12/11 07:49:28 GMT USER-9F4EEDCD71 MESSAGE Starting IP protection 2012/12/11 07:50:26 GMT USER-9F4EEDCD71 User MESSAGE IP Protection started successfully 2012/12/10 08:28:33 GMT USER-9F4EEDCD71 MESSAGE Starting protection 2012/12/10 08:28:33 GMT USER-9F4EEDCD71 MESSAGE Protection started successfully 2012/12/10 08:28:33 GMT USER-9F4EEDCD71 MESSAGE Starting IP protection 2012/12/10 08:29:07 GMT USER-9F4EEDCD71 User MESSAGE IP Protection started successfully 2012/12/10 17:48:54 GMT USER-9F4EEDCD71 MESSAGE Executing scheduled update: Daily 2012/12/10 17:48:55 GMT USER-9F4EEDCD71 MESSAGE Starting protection 2012/12/10 17:48:55 GMT USER-9F4EEDCD71 MESSAGE Protection started successfully 2012/12/10 17:48:55 GMT USER-9F4EEDCD71 MESSAGE Starting IP protection 2012/12/10 17:49:48 GMT USER-9F4EEDCD71 MESSAGE Scheduled update executed successfully: database updated from version v2012.12.09.04 to version v2012.12.10.06 2012/12/10 17:50:05 GMT USER-9F4EEDCD71 User MESSAGE IP Protection started successfully 2012/12/10 17:50:05 GMT USER-9F4EEDCD71 User MESSAGE Starting database refresh 2012/12/10 17:50:06 GMT USER-9F4EEDCD71 User MESSAGE Stopping IP protection 2012/12/10 17:50:06 GMT USER-9F4EEDCD71 User MESSAGE IP Protection stopped successfully 2012/12/10 17:50:23 GMT USER-9F4EEDCD71 User MESSAGE Database refreshed successfully 2012/12/10 17:50:23 GMT USER-9F4EEDCD71 User MESSAGE Starting IP protection 2012/12/10 17:50:27 GMT USER-9F4EEDCD71 User MESSAGE IP Protection started successfully 2012/12/09 19:16:51 GMT USER-9F4EEDCD71 User MESSAGE Executing scheduled update: Daily 2012/12/09 19:16:51 GMT USER-9F4EEDCD71 User MESSAGE Starting protection 2012/12/09 19:16:53 GMT USER-9F4EEDCD71 User MESSAGE Protection started successfully 2012/12/09 19:16:53 GMT USER-9F4EEDCD71 User MESSAGE Starting IP protection 2012/12/09 19:17:01 GMT USER-9F4EEDCD71 User MESSAGE IP Protection started successfully 2012/12/09 19:18:23 GMT USER-9F4EEDCD71 User MESSAGE Starting database refresh 2012/12/09 19:18:23 GMT USER-9F4EEDCD71 User MESSAGE Stopping IP protection 2012/12/09 19:18:23 GMT USER-9F4EEDCD71 User MESSAGE IP Protection stopped successfully 2012/12/09 19:18:23 GMT USER-9F4EEDCD71 User MESSAGE Scheduled update executed successfully: database updated from version v2012.09.29.05 to version v2012.12.09.04 2012/12/09 19:18:29 GMT USER-9F4EEDCD71 User MESSAGE Database refreshed successfully 2012/12/09 19:18:29 GMT USER-9F4EEDCD71 User MESSAGE Starting IP protection 2012/12/09 19:18:35 GMT USER-9F4EEDCD71 User MESSAGE IP Protection started successfully 2012/12/09 21:45:17 GMT USER-9F4EEDCD71 MESSAGE Starting protection 2012/12/09 21:45:17 GMT USER-9F4EEDCD71 MESSAGE Protection started successfully 2012/12/09 21:45:17 GMT USER-9F4EEDCD71 MESSAGE Starting IP protection 2012/12/09 21:45:38 GMT USER-9F4EEDCD71 User MESSAGE IP Protection started successfully Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.09.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: USER-9F4EEDCD71 [administrator] Protection: Enabled 09/12/2012 19:19:30 mbam-log-2012-12-09 (19-19-30).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 251524 Time elapsed: 2 hour(s), 11 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully. HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully. Registry Values Detected: 4 HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Data: -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Data: 8194 -> Quarantined and deleted successfully. HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: f5df3e369cf9a3245e2b1da97c577d49 -> Quarantined and deleted successfully. HKCU\Software\InstalledBrowserExtensions\215 Apps|4493 (PUP.CrossFire.SA) -> Data: Coupon Companion -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Documents and Settings\User\Local Settings\Temp\CouponDropDown.exe (PUP.CrossRider.CDD) -> Quarantined and deleted successfully. (end) Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
KenB Posted December 11, 2012 Posted December 11, 2012 I will ask one of our security experts to advise you on the next steps :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted December 11, 2012 Posted December 11, 2012 Hi Yockie, Step 1 Please uninstall the following Java version: Java 6 Update 31 This older version should have been removed when your Java was updated. Only remove this version. Step 2 Because of the Adware that MBAM removed, let's check to make sure there's no more|: Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on the Delete button. A logfile will automatically open after the scan has finished. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[s1].txt as well. Step 3 Now let's see what's left to clean up. Double click on OTL to run it. Under Extra Registry section, select Use SafeList. Don't check the boxes beside 'LOP Check' and 'Purity Check' this time. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. In your next reply, please submit: AdwCleaner.txt and both new reports from Otl. Thanks Quote Member of:UNITE
Yockie Posted December 11, 2012 Author Posted December 11, 2012 Hi Starbuck, Thank you for your response. I removed Java 6 and now it says I have Java 7 and JavaFX 2.1.1. Should I delete the the 2.1.1 as well? Otherwise, here are the logs :) 1: # AdwCleaner v2.100 - Logfile created 12/11/2012 at 20:02:21 # Updated 09/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : User - USER-9F4EEDCD71 # Boot Mode : Normal # Running from : C:\Documents and Settings\User\My Documents\Downloads\AdwCleaner (1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia Folder Deleted : C:\Documents and Settings\User\Application Data\OpenCandy Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\APN Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Ilivid Player Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\Ilivid ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ConduitSearchScopes Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\Crossrider Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2653012 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\Software\Tarma Installer Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=186f7b1b-bde5-469b-a987-defed86f2f88&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=186f7b1b-bde5-469b-a987-defed86f2f88&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=186f7b1b-bde5-469b-a987-defed86f2f88&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=186f7b1b-bde5-469b-a987-defed86f2f88&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com -\\ Google Chrome v23.0.1271.95 File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted [l.14] : homepage = "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=1[...] Deleted [l.1747] : homepage = "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=186f[...] ************************* AdwCleaner[s1].txt - [5638 octets] - [11/12/2012 20:02:21] ########## EOF - C:\AdwCleaner[s1].txt - [5698 octets] ########## 2: OTL Extras logfile created on: 11/12/2012 20:06:58 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1015.36 Mb Total Physical Memory | 509.46 Mb Available Physical Memory | 50.18% Memory free 2.38 Gb Paging File | 1.97 Gb Available in Paging File | 82.53% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.25 Gb Total Space | 21.24 Gb Free Space | 57.02% Space Free | Partition Type: NTFS Computer Name: USER-9F4EEDCD71 | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google) "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe "C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google) "C:\Documents and Settings\User\Local Settings\Application Data\Pearson VUE\UKCAT Practice Tests\jre\bin\java.exe" = C:\Documents and Settings\User\Local Settings\Application Data\Pearson VUE\UKCAT Practice Tests\jre\bin\java.exe:*:Enabled:Java Platform SE binary "C:\Program Files\RipTiger\RipTiger.exe" = C:\Program Files\RipTiger\RipTiger.exe:*:Enabled:RipTiger "C:\Program Files\RipTiger\HTTPDownloaderApp.exe" = C:\Program Files\RipTiger\HTTPDownloaderApp.exe:*:Enabled:RipTiger HTTP Downloader "C:\Program Files\RipTiger\RTMPDownloaderApp.exe" = C:\Program Files\RipTiger\RTMPDownloaderApp.exe:*:Enabled:RipTiger RTMP Downloader "C:\Program Files\RipTiger\MMSDownloaderApp.exe" = C:\Program Files\RipTiger\MMSDownloaderApp.exe:*:Enabled:RipTiger MMS/RTSP Downloader "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION) "C:\Program Files\Mail.Ru\Sputnik\SputnikHelper.exe" = C:\Program Files\Mail.Ru\Sputnik\SputnikHelper.exe:*:Enabled:C:\Program Files\Mail.Ru\Sputnik\SputnikHelper.exe "C:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe" = C:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe:*:Enabled:C:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "E:\dvdriver_cnet.exe" = E:\dvdriver_cnet.exe:*:Disabled:dvdriver application "E:\wc2k1_67\WebCam2000.exe" = E:\wc2k1_67\WebCam2000.exe:*:Disabled:WebCam2000 Image Server "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert "{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{1959CCD2-1227-4de4-97E7-04F29D526762}_is1" = AnyMedia Player 1.7.8 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin "{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B3F6591E-D615-4123-87B1-49E7DEDD2F66}" = OOo-dev 3.3 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{C57001A6-4C3F-4ACE-95EC-A9BF8BF99254}" = Ultra Call Control "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = Uninstall LG PC Suite III "{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "7-Zip" = 7-Zip 9.22beta "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe AIR" = Adobe AIR "Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Audacity_is1" = Audacity 2.0.2 "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem "Coupon Companion" = Coupon Companion "DjVuLibre+DjView" = DjVuLibre+DjView "DU301 Concept Mapper" = DU301 Concept Mapper "EPSON Scanner" = EPSON Scan "EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall "EPSON SX218 Series Manual" = EPSON SX218 Series Manual "Graph_is1" = Graph 4.3 "HPOCR" = OCR Software by I.R.I.S 7.0 "ie8" = Windows Internet Explorer 8 "InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers. "LAME_is1" = LAME v3.99.3 (for Windows) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NumericalSkills CD-ROM" = NumericalSkills CD-ROM "PDFePubRMRemoval" = PDF ePub DRM Removal "tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine "VLC media player" = VLC media player 1.1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinPcapInst" = WinPcap 4.1.2 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Adobe Connect Add-in" = Adobe Connect Add-in "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01/12/2012 12:53:15 | Computer Name = USER-9F4EEDCD71 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.1.522.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 03/12/2012 09:29:55 | Computer Name = USER-9F4EEDCD71 | Source = Windows Live Messenger | ID = 1000 Description = Error - 03/12/2012 10:29:08 | Computer Name = USER-9F4EEDCD71 | Source = Windows Live Messenger | ID = 1000 Description = Error - 04/12/2012 17:11:06 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 | ID = 2001 Description = Error - 05/12/2012 14:57:56 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 | ID = 2001 Description = Error - 05/12/2012 16:38:59 | Computer Name = USER-9F4EEDCD71 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 05/12/2012 16:39:09 | Computer Name = USER-9F4EEDCD71 | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 06/12/2012 06:28:10 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 | ID = 2001 Description = Error - 11/12/2012 05:20:49 | Computer Name = USER-9F4EEDCD71 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19328, fault address 0x000da6fc. Error - 11/12/2012 16:00:40 | Computer Name = USER-9F4EEDCD71 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. [ System Events ] Error - 10/12/2012 13:48:11 | Computer Name = USER-9F4EEDCD71 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.2 for the Network Card with network address 0012F05A9998 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 10/12/2012 13:49:07 | Computer Name = USER-9F4EEDCD71 | Source = Service Control Manager | ID = 7000 Description = The DVDRIVER service failed to start due to the following error: %%1058 Error - 10/12/2012 13:50:53 | Computer Name = USER-9F4EEDCD71 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. Error - 10/12/2012 13:50:53 | Computer Name = USER-9F4EEDCD71 | Source = Service Control Manager | ID = 7000 Description = The Application Layer Gateway Service service failed to start due to the following error: %%1053 Error - 11/12/2012 03:48:49 | Computer Name = USER-9F4EEDCD71 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.3 for the Network Card with network address 0012F05A9998 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 11/12/2012 03:49:34 | Computer Name = USER-9F4EEDCD71 | Source = Service Control Manager | ID = 7000 Description = The DVDRIVER service failed to start due to the following error: %%1058 Error - 11/12/2012 09:55:04 | Computer Name = USER-9F4EEDCD71 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.2 for the Network Card with network address 0012F05A9998 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 11/12/2012 09:55:47 | Computer Name = USER-9F4EEDCD71 | Source = Service Control Manager | ID = 7000 Description = The DVDRIVER service failed to start due to the following error: %%1058 Error - 11/12/2012 10:12:27 | Computer Name = USER-9F4EEDCD71 | Source = Service Control Manager | ID = 7000 Description = The DVDRIVER service failed to start due to the following error: %%1058 Error - 11/12/2012 16:06:17 | Computer Name = USER-9F4EEDCD71 | Source = Service Control Manager | ID = 7000 Description = The DVDRIVER service failed to start due to the following error: %%1058 < End of report > 3: OTL logfile created on: 11/12/2012 20:06:58 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1015.36 Mb Total Physical Memory | 509.46 Mb Available Physical Memory | 50.18% Memory free 2.38 Gb Paging File | 1.97 Gb Available in Paging File | 82.53% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.25 Gb Total Space | 21.24 Gb Free Space | 57.02% Space Free | Partition Type: NTFS Computer Name: USER-9F4EEDCD71 | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.) PRC - C:\Program Files\lg_fwupdate\fwupdate.exe (BL) PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll () ========== Services (SafeList) ========== SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe File not found SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (GSService) -- C:\WINDOWS\system32\GSService.exe () SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (UIUSys) -- system32\drivers\UIUSys.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MpKsl0418b3a0) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93621239-4B25-4FC4-B5F3-EAE219A9ECA7}\MpKsl0418b3a0.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (DVDRIVER) -- C:\WINDOWS\system32\drivers\dvdriver.sys (Eagletron Inc.) DRV - (mcaudrv_simple) -- C:\WINDOWS\system32\drivers\mcaudrv.sys (ManyCam LLC) DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\mcvidrv.sys (ManyCam LLC) DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.) DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.) DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.) DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.) DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (LgBttPort) -- C:\WINDOWS\system32\drivers\lgbtport.sys (LG Electronics Inc.) DRV - (LGVMODEM) -- C:\WINDOWS\system32\drivers\lgvmodem.sys (LG Electronics Inc.) DRV - (lgbusenum) -- C:\WINDOWS\system32\drivers\lgbtbus.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments) DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.) DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CD722DB4-2F19-4A6D-9DA7-B24CFB558347}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\User\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\User\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\User\Application Data\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\User\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: ChromeTheme.net = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihhcnlkciomldimadgimaoakoabelfmj\1_0\ CHR - Extension: Skype Click to Call = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\ CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2003/06/20 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Coupon Companion) - {11111111-1111-1111-1111-110011441193} - C:\Program Files\Coupon Companion\Coupon Companion.dll (215 Apps) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll File not found O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll File not found O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKCU\..\Toolbar\WebBrowser: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll File not found O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BL) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON SX218 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56F62E6E-AD64-4317-810F-4A8B2210F841}: DhcpNameServer = 192.168.1.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71A12AC7-DB10-495B-A8E2-93DB584B3D2B}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/01/18 10:50:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{7d0aabb0-cff3-11e0-ab52-0012f05a9998}\Shell - "" = AutoRun O33 - MountPoints2\{7d0aabb0-cff3-11e0-ab52-0012f05a9998}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7d0aabb0-cff3-11e0-ab52-0012f05a9998}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe O33 - MountPoints2\{7e825bd7-ac98-11e0-aaf4-0012f05a9998}\Shell - "" = AutoRun O33 - MountPoints2\{7e825bd7-ac98-11e0-aaf4-0012f05a9998}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7e825bd7-ac98-11e0-aaf4-0012f05a9998}\Shell\AutoRun\command - "" = E:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/12/11 19:34:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/12/10 09:13:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe [2012/12/09 19:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes [2012/12/09 19:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/09 19:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/12/09 19:15:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/12/09 19:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/12/09 15:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Iteral_Group_Ltd [2012/12/09 11:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Skype [2012/12/09 11:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2012/12/09 11:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/12/09 11:28:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012/12/09 11:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/11 20:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/12/11 20:08:45 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/12/11 20:08:44 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/12/11 20:06:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/12/11 20:05:23 | 000,000,265 | ---- | M] () -- C:\WINDOWS\lgfwup.ini [2012/12/11 20:05:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/12/11 19:21:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-796845957-1417001333-1003UA.job [2012/12/11 18:48:59 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{46CF5938-AECF-4F65-9729-FD6E2FC48E17}.job [2012/12/11 18:47:31 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012/12/11 14:21:31 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/12/10 09:13:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe [2012/12/09 21:44:04 | 000,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/12/09 19:15:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/09 15:23:04 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/12/09 15:22:21 | 000,473,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/12/09 15:22:21 | 000,076,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/12/09 11:28:23 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/12/09 11:21:18 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-796845957-1417001333-1003Core.job [2012/11/30 20:26:25 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\User\Desktop\google chrome.lnk [2012/11/30 20:26:25 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/11/25 22:18:39 | 000,037,321 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Stage Standard US format.pdf [2012/11/25 22:18:13 | 000,029,852 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Stage Acceptable UK format.pdf [2012/11/14 20:23:18 | 000,195,742 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Hewett School OFSTED Report.PDF [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/09 19:15:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/09 11:28:23 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/11/25 22:18:39 | 000,037,321 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Stage Standard US format.pdf [2012/11/25 22:18:13 | 000,029,852 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Stage Acceptable UK format.pdf [2012/11/14 20:23:17 | 000,195,742 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Hewett School OFSTED Report.PDF [2012/10/30 00:16:10 | 000,521,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/10/07 09:28:28 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll [2012/10/07 09:28:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll [2012/10/07 09:28:27 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll [2012/10/07 09:28:27 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll [2012/10/07 09:28:27 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll [2012/10/07 09:28:27 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll [2012/10/07 09:28:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll [2012/10/07 09:28:27 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll [2012/10/07 09:28:27 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll [2012/10/07 09:28:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll [2012/10/07 09:28:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll [2012/10/07 09:28:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll [2012/10/07 09:28:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll [2012/10/07 09:28:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll [2012/10/07 09:28:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll [2012/10/07 09:28:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll [2012/10/07 09:28:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll [2012/10/07 09:28:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll [2012/10/07 09:28:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll [2012/10/07 09:28:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll [2012/07/27 17:35:38 | 000,003,690 | ---- | C] () -- C:\Documents and Settings\User\.jmf-resource [2012/02/15 08:43:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/08 22:16:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\My Documents_1120108_221604.dmp [2011/12/22 13:13:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Progs_.ini [2011/12/03 17:12:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\1way.ini [2011/11/12 17:31:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2011/10/01 20:36:41 | 000,450,048 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe [2011/09/28 08:48:51 | 000,069,435 | ---- | C] () -- C:\Documents and Settings\User\My Documents_1110828_084851.dmp [2011/09/10 12:35:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\My Documents_1110810_123553.dmp [2011/09/09 21:54:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\My Documents_1110809_215442.dmp [2011/09/01 22:19:19 | 000,000,550 | ---- | C] () -- C:\WINDOWS\VideoDownloader.INI [2011/08/22 09:12:50 | 000,009,728 | ---- | C] () -- C:\Program Files\LiveZilla Prerequisites.msi [2011/06/24 12:30:55 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/24 09:34:42 | 000,000,265 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2011/05/06 10:55:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2011/01/18 11:53:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll [2011/01/18 10:53:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/01/18 10:47:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011/01/18 10:29:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/01/18 10:27:59 | 000,130,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [2011/08/22 09:15:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
Starbuck Posted December 11, 2012 Posted December 11, 2012 Hi Yockie, Hopefully you received my PM earlier explaining about the board software this evening. If you didn't receive it let me know as i did answer a couple of your questions. Ok here's the Otl fix. Step 1 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe File not found DRV - (UIUSys) -- system32\drivers\UIUSys.sys File not found DRV - (MpKsl0418b3a0) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93621239-4B25-4FC4-B5F3-EAE219A9ECA7}\MpKsl0418b3a0.sys File not found O2 - BHO: (Coupon Companion) - {11111111-1111-1111-1111-110011441193} - C:\Program Files\Coupon Companion\Coupon Companion.dll (215 Apps) O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll File not found O3 - HKLM\..\Toolbar: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll File not found O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O33 - MountPoints2\{7d0aabb0-cff3-11e0-ab52-0012f05a9998}\Shell - "" = AutoRun O33 - MountPoints2\{7d0aabb0-cff3-11e0-ab52-0012f05a9998}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7d0aabb0-cff3-11e0-ab52-0012f05a9998}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe :Files C:\Program Files\Coupon Companion C:\Program Files\Mail.Ru ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 I'd like you to do an ESET OnlineScan You may find it beneficial to close your resident AV program before running the scan. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Note: It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% ) To prevent this happening: When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology http://img.photobucket.com/albums/v708/starbuck50/eset.png In your next reply, please submit: Otl fix report Eset scan report (if anything is found) Thanks Quote Member of:UNITE
Yockie Posted December 13, 2012 Author Posted December 13, 2012 (edited) Hi Starbuck, Here are the three reports that were generated from my daughter's PC. For the ESET OnlineScan, she could not do the Advanced option as it all ran completely and fully for her without giving her to choose any options - she told me that the Eset's Online Scan did not fail the database download (which was step 2 out of 4 apparently) but it just moved on to step 3, which was the actual scanning and so there was no where for her to enable the Anti-Stealth technology as per your instructions. If she needs to run the scan again because of that do please let me know and how is she supposed to find the Advanced option. Thank you. All processes killed ========== OTL ========== Service NMSAccess stopped successfully! Service NMSAccess deleted successfully! File C:\Program Files\Blaze Media Pro\NMSAccess32.exe File not found not found. Service UIUSys stopped successfully! Service UIUSys deleted successfully! File system32\drivers\UIUSys.sys File not found not found. Error: No service named MpKsl0418b3a0 was found to stop! Service\Driver key MpKsl0418b3a0 not found. File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93621239-4B25-4FC4-B5F3-EAE219A9ECA7}\MpKsl0418b3a0.sys File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441193}\ deleted successfully. C:\Program Files\Coupon Companion\Coupon Companion.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{09900DE8-1DCA-443F-9243-26FF581438AF} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09900DE8-1DCA-443F-9243-26FF581438AF} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d0aabb0-cff3-11e0-ab52-0012f05a9998}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d0aabb0-cff3-11e0-ab52-0012f05a9998}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d0aabb0-cff3-11e0-ab52-0012f05a9998}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d0aabb0-cff3-11e0-ab52-0012f05a9998}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d0aabb0-cff3-11e0-ab52-0012f05a9998}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d0aabb0-cff3-11e0-ab52-0012f05a9998}\ not found. File E:\USBAutoRun.exe not found. ========== FILES ========== C:\Program Files\Coupon Companion folder moved successfully. File\Folder C:\Program Files\Mail.Ru not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 49554 bytes User: NetworkService ->Temp folder emptied: 480090 bytes ->Temporary Internet Files folder emptied: 33237 bytes User: User ->Temp folder emptied: 936453402 bytes ->Temporary Internet Files folder emptied: 302560537 bytes ->Java cache emptied: 68864917 bytes ->Google Chrome cache emptied: 302046618 bytes ->Flash cache emptied: 5383887 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2402044 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1045950348 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 154988494 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 14060769 bytes Total Files Cleaned = 2,702.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 12122012_232754 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... --------------- ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=ee57834a682d4a4b8329e01dd505444c # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-13 09:15:58 # local_time=2012-12-13 09:15:58 (+0000, GMT Standard Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5892 16777213 88 94 6480806 9029530 0 0 # scanned=52295 # found=1 # cleaned=1 # scan_time=2902 C:\Documents and Settings\User\My Documents\MS Office 2007\MSOffice2007-6in1-Settings\300000003f00002i\CLVIEW.EXE probably a variant of Win32/Agent.ZLDNPI trojan (cleaned by deleting - quarantined) 610B86D459A8573B34CFE061F6C67167EB752D12 C [ATTACH]921.vB5-legacyid=1796[/ATTACH][ATTACH]920.vB5-legacyid=1795[/ATTACH][ATTACH]919.vB5-legacyid=1794[/ATTACH]logESETScan.txtESETScan.txtOTL_log_today.txt Edited December 13, 2012 by Starbuck Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
Starbuck Posted December 13, 2012 Posted December 13, 2012 Hi Yockie, If she needs to run the scan again because of that do please let me know No, it's ok the scan ran just fine. how is she supposed to find the Advanced option. The Advanced option was on one of the first screens: I've highlighted it here for you: http://img.photobucket.com/albums/v708/starbuck50/esetadvance.png Total Files Cleaned = 2,702.00 mb That's a sizeable chuck removed :) .... How is the system running now? Quote Member of:UNITE
Yockie Posted December 13, 2012 Author Posted December 13, 2012 Hi Starbuck,Thank you for the detailed explanation. The system is working well, although a bit slow, but my daughter says that it has always been like that. I was glad that the issues were not as bad on her computer as they are on mine.We did this check in the first place when my computer got infected and we were scared that the other 2 laptops in the house may stop working as well ( my son is about to do the same check on some point soon). So, everything that was found on my daughter's computer was unexpected for us anyway ( well, every computer has issues, but we didn't expect so many and so different things to be on hers !). Now, should we count this as the end of the matter, or is there anything else we should do? If this is it- can she delete all the malware programs and stay only with Microsoft essentials, as originally started? Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
Yockie Posted December 13, 2012 Author Posted December 13, 2012 I cant understand why everything I write comes out so squashed, sorry about that. Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
Starbuck Posted December 13, 2012 Posted December 13, 2012 Hi Yockie although a bit slow, but my daughter says that it has always been like that. This obviously quite an old system... looking at the specs. Drive C: | 37.25 Gb Total Space | 21.24 Gb Free Space | 57.02% Space Free | Partition Type: NTFS The amount of Ram memory is fine for Win xp, but the Hard Drive is quite small compared to what it fitted now a days. But like they say ... if it does the job, then it's fine. but we didn't expect so many and so different things to be on hers ! A lot of what was removed was ordinary AdWare. This is stuff that gets installed when you download a legit program. Some programs will tell you that it will install this rubbish and give you the option to untick it at install. Some programs tell you about it, but in writing so small it's very easy to miss. It's all about making money. That is why we always say to actually read everything on the install screens and don't just click 'Next'. On the whole it's not dangerous.... just annoying. Now, should we count this as the end of the matter, or is there anything else we should do? There is one thing we will do. After running this, give the system a day or two and see how it's running. If everything is ok, we'll remove the programs we used. There is a particular why to remove them, which i'll explain. Download Puran Disc Defragmenter Save it to your 'Desktop'. Run the program. From the main 'Puran Defrag' screen, click on the 'C' drive to highlight it. Then click on 'Defrag'. This program is faster than the built in Windows Defrag and is more efficient. Try not to use the m/c while the defrag is running. See if the system runs any faster afterwards. I cant understand why everything I write comes out so squashed, sorry about that. There's a lot of odd things happening on the site lately. It may well be nothing to do with your system. Let me know if things run any better after running the Puran program. When you are satisfied the system is ok, we'll remove the programs we've used and finish the cleanup procedure. Quote Member of:UNITE
Yockie Posted December 14, 2012 Author Posted December 14, 2012 Thank you Starbuck, for the very detailed and easy to understand post. My daughter did all you said and we are now waiting few days to see will it work better ( a bit at least). Will keep you informed, and thank you again. Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
Starbuck Posted December 15, 2012 Posted December 15, 2012 Thank you Starbuck, for the very detailed and easy to understand post. No problem. The easier i make it, the less chance of any mistakes. :) Will keep you informed Thanks Quote Member of:UNITE
Yockie Posted December 18, 2012 Author Posted December 18, 2012 Hi Starbuck, It has been 3 full days since my daughter completed your instructions. The PC runs the same, neither faster, nor slower, but that’s ok, as long as it actually runs well. Thank you for all your help, as usual – pleasure working with you. The only thing left now is to tell me which one of the programs to delete and how to do it. Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
Starbuck Posted December 18, 2012 Posted December 18, 2012 Hi Yockie The only thing left now is to tell me which one of the programs to delete and how to do it. Ok, it's nice and easy: Step 1 Restart MBAM. Click on the Quarantine tab If there are items in quarantine..... Make sure everything is selected and then click Delete All. Close MBAM. Step 2 Please double-click OTL to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will cleanup an assortment of tools used during malware removal, plus itself Note: MBAM will not be removed Step 3 Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: Go to Start > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then go to Start > Run and type: Cleanmgr Click "OK". Select the drive for cleaning then click OK (usually 'C' drive) Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. To find out how you may have been infected....read this topic: How did i get infected? Not all of the following information will be applicable to you, but it's still best to read it all. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software Only install one AntiVirus program Update your AntiVirus Software regularly Use a 3rd party Firewall Online Armor Free ZoneAlarm ...Important note below NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option. Only install one software Firewall Some 3rd party Firewalls will turn off the windows firewall when they are installed. It's always best to check that the Windows Firewall is turned off: How to turn off Windows Firewall: Start ... Control Panel ...click on 'Classic View'. now select Windows Firewall. When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. Use an alternative browser: Some excellent alternatives to MS Internet Explorer are: Firefox For added security, add the NoScript extension to this browser: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks also consider adding: WOT - Safe Browsing Tool Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web. Btw: you don't have to make a contribution. Opera They offer better security, more stability, and better speed. Keep a backup of your registry Keeping a regular backup of your registry will help when something goes wrong. Use a program like: Erunt A full tutorial on how to set up and use Erunt can be found here: Erunt tutorial Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: TFC by OldTimer ATF Cleaner Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.