KenB Posted January 7, 2014 Posted January 7, 2014 Hi AUTORUN.INF is connected to the CD DVD drive. It shouldn't come into play if you are simply downloading from the net. I have seen similar problems with Money Plus. Try downloading and installing MBAM. [ FREE version ] click here Does this install OK ? Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
jontye Posted January 7, 2014 Author Posted January 7, 2014 Hi Ken, the MBAM downloaded and did a scan ok, but made no difference to installing the microsoft money download. Strangely since I run the MBAM scan my download file has gone walk about,' windows defender' will not start and 'windows update' has also gone on strike and will not run. I've tried changing settings in control panel with a restart to no avail. I will close the laptop down completely tonight and see if it wil reset 'defender & updater, and forget about microsoft money download for the time being. Regards Jontye Quote
ExTS Admin Starbuck Posted January 7, 2014 ExTS Admin Posted January 7, 2014 Strangely since I run the MBAM scan my download file has gone walk about,' windows defender' will not start and 'windows update' has also gone on strike and will not run You didn't say if MBAM found and removed anything. If it did find anything but you can't remember what was found..... MBAM keeps a log of the reports. Start Malwarebytes AntiMalware. Click on the logs tab. The logs are date stamped ... double click on the log report from the scan. http://img.photobucket.com/albums/v708/starbuck50/new/mbamlog.png It'll open in notepad. Please copy/paste the report in your next reply. Quote Member of:UNITE
KenB Posted January 7, 2014 Posted January 7, 2014 jontye I didn't ask you to run MBAM - I just wanted to see if you could download and install it. This would then indicate that the problem lies with MS Money Plus. Running it would not normally create any problems. Please do as Starbuck asks before we try anything else :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
RandyL Posted January 8, 2014 Posted January 8, 2014 Hi everyone; I really don't intend to intrude on this thread too much but I did Google a bit on the program and the error in hopes I could provide a little help to those who are already helping. jontye can you please tell us exactly what program you are trying to install and provide a link to the download? The program and version number might help. As KenB said there does seem to be some issues but more information might help. As for Microsoft Money Plus it is an obsolete program as far as I can figure. In the USA the last supported version was released in 2010. In the UK the last supported version was released in 2005. Note that Vista was released in 2006 which is after 2005. I checked a couple downloads. The USA version was from Microsoft and was an exe file. The UK version I checked was from a reputable source and was also an exe file. There are many other third party sites that offer a download which I did not check. The USA version installed just fine for me. Some of the issues and solutions I found on other forums may not apply to you or your version. For instance some seem to have downloaded a zip file which once extracted they had to navigate to a particular exe or application file in the extracted folder which worked. In other cases a registry modification was needed. That is not exactly something I would suggest unless absolutely needed. I do know from my test that Microsoft Money immediately downloaded an update for the USA version because I set up a flag. but that was after the install. As for the downloads I checked and they were both exe files not folders. Also I checked the instructions. They said to download and SAVE the exe files and not choose RUN. Once SAVED it said to double click to install. Did you choose RUN or SAVE? This may be a program compatability issue or an improper installation method. 1. Download link please. 2. Method of install-Run or Save. 3. UK or USA version. 4. Exact version. 5. Exe or application file or did you download a folder? I know I asked a lot of questions but I have to in order for your helpers to proceed. There is also the possibilty that you migrated over issues via cloning. For instance if you had ever run a registry or optimizer program then registry items could be changed from the original Windows installation which might cause issues. If that is the case then there is one registry entry I found that might or might not work but the registry is not to be taken lightly. As for in info file error often times it is because it does not match OS parameters. Sometimes when you download and save an installation package an exe or application file points to an info file that tells the exe how and where to install the appe etc. You usually see this when installing from a disk but it can also be when installing from a downloaded folder. Windows sees a downloaded installation folder the same as it sees an installation disk. In the old days of Windows 3.... etc to Windows 98 the info file was needed as part of the installation and was common. I have seen it in much later versions with some software. Heck I even modified a few info files in my day. They can be opened with notepad. And one last thing I should ask? Are you really sure you want or need this program? It is after all obsolete and outdated and unsupported. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
KenB Posted January 8, 2014 Posted January 8, 2014 I really don't intend to intrude on this thread Hi Randy No problem at all - you have obviously spent some time on this - all useful stuff :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
jontye Posted January 8, 2014 Author Posted January 8, 2014 Hi Randy, Ken and Starbuck, I've only had time to read your posts without being able to take any action at the moment, I think Friday is the earliest that I will be able to reply to your requests, and I will. Thank you for your continued interest in my problems. Jontye. Quote
KenB Posted January 8, 2014 Posted January 8, 2014 No rush this end jontye :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
jontye Posted January 10, 2014 Author Posted January 10, 2014 Hi, The Malaware report you asked for.Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6053 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18783 14/03/2011 17:14:41 mbam-log-2011-03-14 (17-14-41).txt Scan type: Full scan (C:\|) Objects scanned: 253374 Time elapsed: 44 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\program files\registrycleanerpro (Rogue.RegistryCleanerPro) -> Quarantined and deleted successfully. Files Infected: c:\Users\John\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\6PT5NTO5\setup[1].exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\tmp000000032e55a1bc0b4086d7 (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Windows\System32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. c:\program files\registrycleanerpro\scheduleplan.txt (Rogue.RegistryCleanerPro) -> Quarantined and deleted successfully. Cheers Jontye Quote
jontye Posted January 10, 2014 Author Posted January 10, 2014 Hi Randy, I hope I've include all the information you asked for. 1, Download link, http://www.microsoft.com/en-us/download/confirmation.aspx?id=20738 2, I saved the download, then tried to install it, 3, No choice given other than language, English or Japanise. 4, USMoneyDixSunset.exe, File Version 6.0.2800.1168 5, exe file. I've used the original M.S. Money for years, until recently it has started to lose information, so I thought of trying this Money Plus Sunset. I am open to suggestions as to trying another simple money accounting programme. It has to be simple ( I'm a fisherman not a techno) and FREE. Regards Jontye. Quote
ExTS Admin Starbuck Posted January 10, 2014 ExTS Admin Posted January 10, 2014 Hi jontye To be honest, there's some fairly serious issues in the MBAM report and they should be investigated and dealt with properly. Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. Quote Member of:UNITE
RandyL Posted January 10, 2014 Posted January 10, 2014 Before doing anything else let our security team advise you on your malware issues. After you get the all clear we can proceed. Are you aware that your link to Money Plus Sunset Deluxe is for USA users and is not the UK version of Money Plus? I installed Money Plus Sunset Deluxe with no issues. The one I tried before was Money Plus Sunset Home and Business which is also for USA users. You could try that but I'll bet you will get the same error. A lot of people have had trouble with this. In your particular case I only found one solution that may work but it involves changing the registry. I always suggest backing up the registry before making any changes. You can backup the registry manually or by making a System Restore point. Another great option is Erunt. After that I found a great article with pictures on how to do this at Tech Geek and More. http://www.techgeekandmore.com/solution-software-fix-for-microsoft-money-autorun-inf-error-during-install/ I can't vouch for this download but it appears to be legit if you want the 2005 UK version of Money. http://money.mvps.org/downloads/files/2005/Money2005-UK-QFE2.exe As I said before it would probably be best if you get the all clear on your malware issues first. I'll keep watching. EDIT: I see Starbuck has already seen the report. :) Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
jontye Posted January 10, 2014 Author Posted January 10, 2014 Starbuck, The information you asked for, Jontye. OTL logfile created on: 10/01/2014 20:00:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.48% Memory free 4.21 Gb Paging File | 3.27 Gb Available in Paging File | 77.63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 702.51 Gb Total Space | 670.07 Gb Free Space | 95.38% Space Free | Partition Type: NTFS Drive F: | 223.63 Gb Total Space | 223.54 Gb Free Space | 99.96% Space Free | Partition Type: NTFS Drive G: | 931.51 Gb Total Space | 911.93 Gb Free Space | 97.90% Space Free | Partition Type: NTFS Computer Name: JOHN-PC | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\John\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe (Alcatel-Lucent) PRC - C:\Program Files\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (pcCMService) -- C:\Program Files\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found DRV - (PID_PEPI) -- system32\DRIVERS\LV302V32.SYS File not found DRV - (PID_08A0) -- system32\DRIVERS\LV302AV.SYS File not found DRV - (pepifilter) -- system32\DRIVERS\lv302af.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (LVUVC) -- system32\DRIVERS\lvuvc.sys File not found DRV - (LVUSBSta) -- system32\drivers\LVUSBSta.sys File not found DRV - (LVRS) -- system32\DRIVERS\lvrs.sys File not found DRV - (lvpopflt) -- system32\DRIVERS\lvpopflt.sys File not found DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (HTCAND32) -- System32\Drivers\ANDROIDUSB.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (bdselfpr) -- File not found DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender) DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender) DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender) DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (BitDefender) DRV - (trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.) DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (Bdvedisk) -- C:\Windows\System32\drivers\bdvedisk.sys (BitDefender) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (stppp) -- C:\Windows\System32\drivers\stppp.sys (THOMSON Telecom Belgium) DRV - (ST330) -- C:\Windows\System32\drivers\st330.sys (THOMSON Telecom Belgium) DRV - (STBUS) -- C:\Windows\System32\drivers\stbus.sys (THOMSON Telecom Belgium) DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Chic) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/Result***t.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\John IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fishingwithstyle.co.uk/NCS%20Flies/NCS130205/March%20Brown%202.JPG IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {4FBACD73-F67C-42AE-B46A-03960AFE3DFB} - No CLSID value found IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll (MTWB) IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {C2EE1C64-67B8-40D7-916C-C133CA2F6983} IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPA85B1728-DFD6-4530-9FED-1BD67F3DB236&q={searchTerms}&SSPV= IE - HKCU\..\SearchScopes\{1CD8BC16-DC6F-4C72-90EA-8225E532C3D0}: "URL" = http://search.orange.co.uk/all?brand=ouk&p=_searchbox&pt=iecd&tab=web&q={searchTerms} IE - HKCU\..\SearchScopes\{61509235-227D-440B-A45D-9FF2B1A589DC}: "URL" = http://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{7E91DF63-DF97-46CB-9C56-D410C1003928}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB IE - HKCU\..\SearchScopes\{C2EE1C64-67B8-40D7-916C-C133CA2F6983}: "URL" = http://search.conduit.com/Result***t.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN29086072011662512&UM=2 IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=WC IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/site/?search={searchTerms}&loc=search_box IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={searchTerms} IE - HKCU\..\SearchScopes\{E3E72EF0-0489-4E51-80A7-C41D6C3EECBC}: "URL" = http://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=19&tid={C1CDD69A-E792-48bd-B6DE-CA027CC444E7} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://mystart.incredimail.com/site/" FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717 FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/site/?loc=ff_address_bar&search=" FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2008/09/07 10:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions [2012/04/02 14:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vt7g8ftd.default\extensions [2009/03/07 20:33:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vt7g8ftd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2008/05/25 16:05:33 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vt7g8ftd.default\extensions\en-GB@dictionaries.addons.mozilla.org [2009/03/15 17:51:16 | 000,002,142 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vt7g8ftd.default\searchplugins\MyStart Search.xml ========== Chrome ========== CHR - homepage: http://www.google.com CHR - Extension: Docs = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: BT DesktopHelp extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\ CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No CLSID value found. O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) O4 - HKLM..\Run: [EaseUS EPM tray] C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe File not found O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide File not found O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Reg Error: Key error. File not found O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: adobe.com ([kb2] https in Trusted sites) O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites) O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6288F38A-57F9-4433-8790-2EED6B10991B}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B7683A1-5C4C-435E-86CB-793465AF67CB}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\John\Pictures\P1070213.JPG O24 - Desktop BackupWallPaper: C:\Users\John\Pictures\P1070213.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/07/10 03:50:51 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ] O32 - AutoRun File - [2002/10/16 12:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{f0ba63cf-0338-11de-8daa-a1a64b243bad}\Shell - "" = AutoRun O33 - MountPoints2\{f0ba63cf-0338-11de-8daa-a1a64b243bad}\Shell\AutoRun\command - "" = D:\setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2014/01/10 19:53:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe [2014/01/10 19:51:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\John\OTL.scr [2014/01/10 19:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2014/01/10 18:33:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft Corporation [2014/01/09 22:34:56 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\MigWiz [2014/01/08 23:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS [2014/01/08 21:51:56 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\DriverCure [2014/01/08 21:51:55 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\ParetoLogic [2014/01/08 21:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic [2014/01/08 20:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2014/01/08 20:17:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2014/01/08 20:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2014/01/08 20:14:38 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\John\mbam-setup-1.75.0.1300.exe [2014/01/07 15:03:39 | 006,252,752 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe [2014/01/07 15:03:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Cleaners [2014/01/07 15:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data [2014/01/07 14:01:24 | 035,677,984 | ---- | C] (Microsoft Corporation) -- C:\Users\John\USMoneyDlxSunset.exe [2014/01/06 15:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit [2014/01/06 15:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS [2014/01/06 15:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter [2014/01/05 16:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2014/01/05 15:30:44 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2013/12/30 14:47:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\JAM Software [2013/12/26 16:09:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/12/26 16:09:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/12/26 16:09:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/12/26 16:09:14 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/12/26 16:09:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/12/26 16:09:10 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/12/26 16:09:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/12/26 16:09:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/12/26 16:08:04 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll [2013/12/26 16:08:04 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys [2013/12/26 16:08:04 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys [2013/12/26 16:08:01 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/12/26 16:07:59 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe [2013/12/26 16:07:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/01/10 19:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe [2014/01/10 19:51:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\OTL.scr [2014/01/10 19:40:58 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2014/01/10 19:40:58 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2014/01/10 19:40:26 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2014/01/10 19:40:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/01/10 19:07:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/01/10 19:04:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2014/01/10 16:16:28 | 000,252,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014/01/09 23:29:57 | 000,001,661 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Update.lnk [2014/01/09 22:04:47 | 000,625,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014/01/09 22:04:47 | 000,116,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014/01/08 20:17:56 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/01/08 20:14:39 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\mbam-setup-1.75.0.1300.exe [2014/01/07 20:08:05 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014/01/07 20:08:05 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014/01/07 15:03:05 | 006,252,752 | ---- | M] (PC Cleaners) -- C:\ProgramData\pclunst.exe [2014/01/07 14:01:39 | 035,677,984 | ---- | M] (Microsoft Corporation) -- C:\Users\John\USMoneyDlxSunset.exe [2014/01/06 15:49:36 | 000,000,009 | ---- | M] () -- C:\END [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/01/10 19:04:03 | 000,001,831 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2014/01/10 16:16:05 | 000,252,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2014/01/09 23:29:57 | 000,001,661 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Update.lnk [2014/01/08 20:17:56 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/01/07 19:11:26 | 000,001,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014/01/06 15:47:24 | 000,000,009 | ---- | C] () -- C:\END [2014/01/05 15:36:50 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2013/06/28 15:02:26 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum [2013/06/26 19:20:45 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum [2013/06/26 19:19:53 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum [2012/03/15 13:30:14 | 000,057,075 | ---- | C] () -- C:\ProgramData\1331818096.2536.bin [2012/03/15 13:30:14 | 000,008,271 | ---- | C] () -- C:\ProgramData\1331818096.3632.bin [2012/03/15 13:30:10 | 000,003,256 | ---- | C] () -- C:\ProgramData\1331818096.3036.bin [2012/03/15 13:28:16 | 000,021,000 | ---- | C] () -- C:\ProgramData\1331818096.3832.bin [2012/03/15 13:12:37 | 000,012,906 | ---- | C] () -- C:\ProgramData\1331817154.bdinstall.bin [2012/03/15 13:12:29 | 000,012,907 | ---- | C] () -- C:\ProgramData\1331817140.bdinstall.bin [2012/03/15 13:12:13 | 000,056,198 | ---- | C] () -- C:\ProgramData\1331817105.bdinstall.bin [2012/03/15 13:08:06 | 000,060,095 | ---- | C] () -- C:\ProgramData\1331816851.bdinstall.bin [2012/03/15 09:37:51 | 000,274,813 | ---- | C] () -- C:\ProgramData\1331803562.bdinstall.bin [2012/03/15 00:10:28 | 000,001,175 | ---- | C] () -- C:\ProgramData\1331770228.2760.bin [2012/03/15 00:10:03 | 000,001,175 | ---- | C] () -- C:\ProgramData\1331770203.2288.bin [2012/03/15 00:08:29 | 000,001,175 | ---- | C] () -- C:\ProgramData\1331770109.1340.bin [2012/03/15 00:06:46 | 000,001,175 | ---- | C] () -- C:\ProgramData\1331770006.3224.bin [2012/03/15 00:05:51 | 000,001,175 | ---- | C] () -- C:\ProgramData\1331769951.1308.bin [2012/03/15 00:04:27 | 000,001,175 | ---- | C] () -- C:\ProgramData\1331769867.3692.bin [2012/03/15 00:02:52 | 000,099,373 | ---- | C] () -- C:\ProgramData\1331769706.bdinstall.bin [2012/03/14 20:09:07 | 000,279,212 | ---- | C] () -- C:\ProgramData\1331754741.bdinstall.bin [2012/02/26 14:08:57 | 000,001,515 | ---- | C] () -- C:\ProgramData\search_result.xml [2012/01/25 19:51:03 | 000,014,848 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2012/01/18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2012/01/18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011/03/14 17:26:35 | 000,258,403 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011/03/14 16:18:24 | 000,001,356 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat [2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe [2009/10/12 13:18:26 | 000,000,760 | ---- | C] () -- C:\Users\John\AppData\Roaming\setup_ldm.iss [2008/12/21 13:31:21 | 008,320,474 | ---- | C] () -- C:\Users\John\AppData\Roaming\UserTile.png [2008/09/01 21:30:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2006/11/02 12:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009/06/30 20:13:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2011/03/14 17:48:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BitDefender [2012/08/09 21:40:35 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\CompuClever [2014/01/08 21:51:56 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DriverCure [2013/11/12 23:19:03 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Dropbox [2009/03/03 22:10:06 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\gtk-2.0 [2013/05/01 22:35:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\HTC [2013/12/30 15:27:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\JAM Software [2008/09/12 19:47:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech [2008/02/25 23:16:45 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Netscape [2014/01/08 21:51:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ParetoLogic [2011/07/20 20:04:19 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PC Suite [2011/03/14 17:28:57 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\QuickScan [2011/08/04 12:59:53 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Samsung [2008/09/12 20:24:00 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Teleca ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/03/15 11:03:24 | 000,053,542 | ---- | M] () -- C:\bdlog.txt [2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2006/11/30 22:18:32 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2014/01/06 15:49:36 | 000,000,009 | ---- | M] () -- C:\END [2007/09/28 14:21:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007/09/28 14:21:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2014/01/10 19:39:48 | 2450,993,152 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2006/11/02 09:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\Spool\prtprocs\w32x86\EP0NPP01.DLL [2009/04/16 14:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 10:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\* > [2008/09/07 12:09:40 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/08/13 18:42:58 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/08/13 18:42:58 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/08/13 18:42:58 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/11/14 23:18:24 | 000,757,488 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/11/14 23:18:24 | 000,757,488 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/08/13 18:42:58 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/08/13 18:42:58 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/08/13 18:42:58 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/11/14 23:18:24 | 000,757,488 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/11/14 23:18:24 | 000,757,488 | ---- | M] (Microsoft Corporation) ========== Files - Unicode (All) ========== [2012/03/14 19:32:18 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污 [2012/03/14 19:32:18 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污 < End of report > OTL Extras logfile created on: 10/01/2014 20:00:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.48% Memory free 4.21 Gb Paging File | 3.27 Gb Available in Paging File | 77.63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 702.51 Gb Total Space | 670.07 Gb Free Space | 95.38% Space Free | Partition Type: NTFS Drive F: | 223.63 Gb Total Space | 223.54 Gb Free Space | 99.96% Space Free | Partition Type: NTFS Drive G: | 931.51 Gb Total Space | 911.93 Gb Free Space | 97.90% Space Free | Partition Type: NTFS Computer Name: JOHN-PC | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06B5D3CE-55AF-4631-AE30-77B21671703C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1044F41E-0765-4ADD-9584-5E4ACF322FBC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{27112E08-235A-498D-AEC5-639C5843B1F6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{45D4556B-66EB-4FFE-9830-2B5D7A484905}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7F2AEA2C-B6D4-46CF-A860-3A8562AEDCC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A65216EF-86A6-44CB-900C-FD7BA7BEC996}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B191512B-C785-45E7-B29C-991265AFDBD3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D5E8832A-EEC4-4A58-BC4C-7FD218814B16}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E7C6BD71-C7EC-4B83-B00D-FEFAD6D165FC}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1E5C9197-F581-4AE8-96A4-16C3C8ED1C2F}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | "{40D0753F-F61F-49BE-B152-7AA9F4C42348}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4C98F4EB-FA1D-4311-881C-C5DF3F39A86D}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | "{6B2F301F-2A6A-4FCE-8B30-96CF5E8F0DB8}" = protocol=6 | dir=in | app=e:\sthiwv\stinstall.exe | "{6DF54D84-984B-433A-82E3-D5881E7C2E3B}" = protocol=17 | dir=in | app=e:\sthiwv\stinstall.exe | "{C27D79AF-A690-4CD3-8B40-64B8D100AB5C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{CD153217-B1C6-453F-8079-B52122680770}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe | "{E75E21DB-7010-47E4-B235-DEC29BC4B51E}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe | "{EF5AE8D8-ED46-4F00-A297-174A40474E18}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{F12A6BCC-DF02-4C91-90B1-DBA1B7CA950C}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | "{F31C666F-0E77-4719-A662-99434914E078}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | "TCP Query User{5E5BCD2B-248A-4A8B-AE21-8896D784CF8B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{A2DDA8D7-7D29-4A58-9FCB-CDA835E13477}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | "TCP Query User{B45D264B-1486-4F0F-A84F-C7B5D89CD4D9}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{D33D50B9-8C77-4D3E-8477-6A829211FFB1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{D8C42A85-C3F6-41B7-B185-E16291E347A9}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{2BB60A59-1578-4AA2-9ADF-367A8A0F97EF}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{3F6D457F-8BC9-447E-8BB3-346E972F34C8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{49047279-96B8-44A3-911A-61D12CF2601D}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | "UDP Query User{AA71A4B2-EE19-4FD6-9235-01BA6C71C812}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{B8973569-FA50-47B9-8C77-1A2EDD9C73B7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 P****r and SDK "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8) "{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "BT Desktop Help" = BT Desktop Help "BTHomeHub" = BTHomeHub "cayahooantispy" = CA Yahoo! Anti-Spy (remove only) "CCleaner" = CCleaner "HDMI" = Intel® Graphics Media Accelerator Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "PrintMaster Gold 3.00" = PrintMaster Gold 3.00 "SMSERIAL" = Motorola SM56 Speakerphone Modem "SynTPDeinstKey" = Synaptics Pointing Device Driver ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10/01/2014 15:41:52 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1160) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 10/01/2014 15:41:52 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1160) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 10/01/2014 15:42:27 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1160) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 10/01/2014 15:42:27 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1160) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 10/01/2014 15:42:27 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1160) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 10/01/2014 15:42:27 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1160) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 10/01/2014 16:12:27 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1160) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 10/01/2014 16:12:27 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1160) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 10/01/2014 16:12:27 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1160) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 10/01/2014 16:12:27 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1160) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. [ System Events ] Error - 09/01/2014 17:18:05 | Computer Name = John-PC | Source = Service Control Manager | ID = 7026 Description = Error - 09/01/2014 18:50:55 | Computer Name = John-PC | Source = DCOM | ID = 10010 Description = Error - 09/01/2014 19:28:36 | Computer Name = John-PC | Source = Service Control Manager | ID = 7026 Description = Error - 10/01/2014 12:17:28 | Computer Name = John-PC | Source = Service Control Manager | ID = 7026 Description = Error - 10/01/2014 13:07:29 | Computer Name = John-PC | Source = DCOM | ID = 10010 Description = Error - 10/01/2014 13:10:38 | Computer Name = John-PC | Source = Service Control Manager | ID = 7026 Description = Error - 10/01/2014 15:00:42 | Computer Name = John-PC | Source = Service Control Manager | ID = 7026 Description = Error - 10/01/2014 15:04:37 | Computer Name = John-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0xc8000222 Error description: Length of message passed to NtRequestPort or NtRequestWaitReplyPort was longer than the maximum message allowed by the port. Error - 10/01/2014 15:05:02 | Computer Name = John-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0xc8000222 Error description: Length of message passed to NtRequestPort or NtRequestWaitReplyPort was longer than the maximum message allowed by the port. Error - 10/01/2014 15:41:27 | Computer Name = John-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > Quote
jontye Posted January 10, 2014 Author Posted January 10, 2014 Hi, I certainly didn't notice that the MPSD was for USA use only, and I don't think I want to be messing with the registry, the very thought scares the hell out of me. I will take your advice and not touch anything until Starbuck has advised me on the malware problems. Cheers. Quote
ExTS Admin Starbuck Posted January 12, 2014 ExTS Admin Posted January 12, 2014 Hi jontye Sorry for the late reply. For some strange reason i didn't get a notification of your reply. Ok we have a little work to do here. Step 1 Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator. Click on the Scan button. AdwCleaner will begin to scan your computer. After the scan has finished... Click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Step 2 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section ) :otl DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found DRV - (PID_PEPI) -- system32\DRIVERS\LV302V32.SYS File not found DRV - (PID_08A0) -- system32\DRIVERS\LV302AV.SYS File not found DRV - (pepifilter) -- system32\DRIVERS\lv302af.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (LVUVC) -- system32\DRIVERS\lvuvc.sys File not found DRV - (LVUSBSta) -- system32\drivers\LVUSBSta.sys File not found DRV - (LVRS) -- system32\DRIVERS\lvrs.sys File not found DRV - (lvpopflt) -- system32\DRIVERS\lvpopflt.sys File not found DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (HTCAND32) -- System32\Drivers\ANDROIDUSB.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (bdselfpr) -- File not found DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender) DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender) DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender) DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (BitDefender) DRV - (trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.) DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB) DRV - (Bdvedisk) -- C:\Windows\System32\drivers\bdvedisk.sys (BitDefender) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No CLSID value found. O4 - HKLM..\Run: [EaseUS EPM tray] C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe File not found O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide File not found O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun File not found O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Reg Error: Key error. File not found O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: adobe.com ([kb2] https in Trusted sites) O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites) O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O33 - MountPoints2\{f0ba63cf-0338-11de-8daa-a1a64b243bad}\Shell - "" = AutoRun O33 - MountPoints2\{f0ba63cf-0338-11de-8daa-a1a64b243bad}\Shell\AutoRun\command - "" = D:\setup.exe AUTORUN=1 [2012/03/15 13:30:14 | 000,057,075 | ---- | C] () -- C:\ProgramData\1331818096.2536.bin [2012/03/15 13:30:14 | 000,008,271 | ---- | C] () -- C:\ProgramData\1331818096.3632.bin [2012/03/15 13:30:10 | 000,003,256 | ---- | C] () -- C:\ProgramData\1331818096.3036.bin [2012/03/15 13:28:16 | 000,021,000 | ---- | C] () -- C:\ProgramData\1331818096.3832.bin [2012/03/15 13:12:37 | 000,012,906 | ---- | C] () -- C:\ProgramData\1331817154.bdinstall.bin [2012/03/15 13:12:29 | 000,012,907 | ---- | C] () -- C:\ProgramData\1331817140.bdinstall.bin [2012/03/15 13:12:13 | 000,056,198 | ---- | C] () -- C:\ProgramData\1331817105.bdinstall.bin [2012/03/15 13:08:06 | 000,060,095 | ---- | C] () -- C:\ProgramData\1331816851.bdinstall.bin [2012/03/15 09:37:51 | 000,274,813 | ---- | C] () -- C:\ProgramData\1331803562.bdinstall.bin [2012/03/15 00:10:28 | 000,001,175 | ---- | C] () -- C:\ProgramData\1331770228.2760.bin [2012/03/15 00:10:03 | 000,001,175 | ---- | C] () -- C:\ProgramData\1331770203.2288.bin [2012/03/15 00:08:29 | 000,001,175 | ---- | C] () -- C:\ProgramData\1331770109.1340.bin [2012/03/15 00:06:46 | 000,001,175 | ---- | C] () -- C:\ProgramData\1331770006.3224.bin [2012/03/15 00:05:51 | 000,001,175 | ---- | C] () -- C:\ProgramData\1331769951.1308.bin [2012/03/15 00:04:27 | 000,001,175 | ---- | C] () -- C:\ProgramData\1331769867.3692.bin [2012/03/15 00:02:52 | 000,099,373 | ---- | C] () -- C:\ProgramData\1331769706.bdinstall.bin [2012/03/14 20:09:07 | 000,279,212 | ---- | C] () -- C:\ProgramData\1331754741.bdinstall.bin [2014/01/08 21:51:56 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\DriverCure [2014/01/08 21:51:55 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\ParetoLogic [2014/01/08 21:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic [2011/03/14 17:48:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BitDefender [2012/03/14 19:32:18 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污 [2012/03/14 19:32:18 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污 :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 3 Let's have a fresh set of OTL reports so that i can double check the reports after the cleaning. Double click on OTL to run it. Under Extra Registry section, select Use SafeList. Don't check the boxes beside 'LOP Check' and 'Purity Check' this time. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. In your next reply, please submit: JRT.txt AdwCleaner report OTL fix report 2 fresh OTL reports. You may have to post these reports over more than one reply. Thanks. Quote Member of:UNITE
jontye Posted January 12, 2014 Author Posted January 12, 2014 Starbuck, Reports for step 1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows Vista Home Basic x86 Ran by John on 12/01/2014 at 13:34:07.99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\powerpack Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3196716 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3281675 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3282137 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{61509235-227D-440B-A45D-9FF2B1A589DC} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C2EE1C64-67B8-40D7-916C-C133CA2F6983} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E3E72EF0-0489-4E51-80A7-C41D6C3EECBC} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\conduit" Successfully deleted: [Folder] "C:\ProgramData\pc1data" Successfully deleted: [Folder] "C:\Users\John\AppData\Roaming\drivercure" Successfully deleted: [Folder] "C:\Users\John\AppData\Roaming\nosibay" Successfully deleted: [Folder] "C:\Users\John\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\John\appdata\local\torch" Successfully deleted: [Folder] "C:\Users\John\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\John\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Program Files\conduit" Successfully deleted: [Folder] "C:\Program Files\nosibay" Successfully deleted: [Folder] "C:\Program Files\search guard plus" Successfully deleted: [Folder] "C:\Program Files\search guard plusu" Successfully deleted: [Folder] "C:\Program Files\sgpsa" Successfully deleted: [Folder] "C:\Users\John\AppData\Roaming\microsoft\windows\start menu\programs\pc cleaners" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 12/01/2014 at 13:37:21.44 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.016 - Report created 12/01/2014 at 13:48:34 # Updated 23/12/2013 by Xplode # Operating System : Windows Vista Home Basic Service Pack 2 (32 bits) # Username : John - JOHN-PC # Running from : C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVI02XPO\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\ParetoLogic Folder Deleted : C:\Users\John\AppData\Local\PackageAware Folder Deleted : C:\Users\John\AppData\Roaming\ParetoLogic Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vt7g8ftd.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vt7g8ftd.default\searchplugins\MyStart Search.xml File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vt7g8ftd.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [bubbledock@nosibay.com] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23AF19F7-1D5B-442C-B14C-3D1081953C94} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442C-B14C-3D1081953C94} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442C-B14C-3D1081953C94} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442C-B14C-3D1081953C94} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}] Key Deleted : HKCU\Software\Nosibay Key Deleted : HKCU\Software\ParetoLogic Key Deleted : HKCU\Software\SGPUpdater Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\ParetoLogic Key Deleted : HKLM\Software\Uniblue ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16526 -\\ Mozilla Firefox v [ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vt7g8ftd.default\prefs.js ] Line Deleted : user_pref("browser.search.defaultenginename", "MyStart Search"); Line Deleted : user_pref("browser.startup.homepage", "hxxp://mystart.incredimail.com/site/"); Line Deleted : user_pref("keyword.URL", "hxxp://mystart.incredimail.com/site/?loc=ff_address_bar&search="); -\\ Google Chrome v [ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3269 octets] - [12/01/2014 13:47:29] AdwCleaner[s0].txt - [3252 octets] - [12/01/2014 13:48:34] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3312 octets] ########## Quote
ExTS Admin Starbuck Posted January 12, 2014 ExTS Admin Posted January 12, 2014 Hi jontye Thanks for those reports. Please post: OTL fix report 2 fresh OTL reports. when you have finished them. Thanks Quote Member of:UNITE
jontye Posted January 12, 2014 Author Posted January 12, 2014 Second attempt to send results of step2, All processes killed ========== OTL ========== Service USBAAPL stopped successfully! Service USBAAPL deleted successfully! File System32\Drivers\usbaapl.sys File not found not found. Service PID_PEPI stopped successfully! Service PID_PEPI deleted successfully! File system32\DRIVERS\LV302V32.SYS File not found not found. Service PID_08A0 stopped successfully! Service PID_08A0 deleted successfully! File system32\DRIVERS\LV302AV.SYS File not found not found. Service pepifilter stopped successfully! Service pepifilter deleted successfully! File system32\DRIVERS\lv302af.sys File not found not found. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File system32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File system32\DRIVERS\nwlnkflt.sys File not found not found. Service MRENDIS5 stopped successfully! Service MRENDIS5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found not found. Service MREMPR5 stopped successfully! Service MREMPR5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found not found. Service LVUVC stopped successfully! Service LVUVC deleted successfully! File system32\DRIVERS\lvuvc.sys File not found not found. Service LVUSBSta stopped successfully! Service LVUSBSta deleted successfully! File system32\drivers\LVUSBSta.sys File not found not found. Service LVRS stopped successfully! Service LVRS deleted successfully! File system32\DRIVERS\lvrs.sys File not found not found. Service lvpopflt stopped successfully! Service lvpopflt deleted successfully! File system32\DRIVERS\lvpopflt.sys File not found not found. Service Lavasoft Kernexplorer stopped successfully! Service Lavasoft Kernexplorer deleted successfully! File C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File system32\DRIVERS\ipinip.sys File not found not found. Service HTCAND32 stopped successfully! Service HTCAND32 deleted successfully! File System32\Drivers\ANDROIDUSB.sys File not found not found. Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\system32\drivers\blbdrive.sys File not found not found. Service bdselfpr stopped successfully! Service bdselfpr deleted successfully! File File not found not found. Error: Unable to stop service avchv! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avchv deleted successfully. C:\Windows\System32\drivers\avchv.sys moved successfully. Service avckf stopped successfully! Service avckf deleted successfully! C:\Windows\System32\drivers\avckf.sys moved successfully. Error: No service named avc3 was found to stop! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avc3 deleted successfully. C:\Windows\System32\drivers\avc3.sys moved successfully. Service bdfsfltr stopped successfully! Service bdfsfltr deleted successfully! C:\Windows\System32\drivers\bdfsfltr.sys moved successfully. Service trufos stopped successfully! Service trufos deleted successfully! C:\Windows\System32\drivers\trufos.sys moved successfully. Service Lbd stopped successfully! Service Lbd deleted successfully! C:\Windows\System32\drivers\Lbd.sys moved successfully. Service Bdvedisk stopped successfully! Service Bdvedisk deleted successfully! C:\Windows\System32\drivers\bdvedisk.sys moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EaseUS EPM tray deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LogitechQuickCamRibbon deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{77BF5300-1474-4EC7-9980-D32B190E9B07}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77BF5300-1474-4EC7-9980-D32B190E9B07}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe.com\kb2\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\o2.co.uk\*.broadband\ deleted successfully. Invalid CLSID key: *.broadband Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\o2.co.uk\*.broadband\ not found. Invalid CLSID key: *.broadband Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000} C:\Windows\Downloaded Program Files\swdir.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\Windows\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0ba63cf-0338-11de-8daa-a1a64b243bad}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0ba63cf-0338-11de-8daa-a1a64b243bad}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0ba63cf-0338-11de-8daa-a1a64b243bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0ba63cf-0338-11de-8daa-a1a64b243bad}\ not found. File D:\setup.exe AUTORUN=1 not found. C:\ProgramData\1331818096.2536.bin moved successfully. C:\ProgramData\1331818096.3632.bin moved successfully. C:\ProgramData\1331818096.3036.bin moved successfully. C:\ProgramData\1331818096.3832.bin moved successfully. C:\ProgramData\1331817154.bdinstall.bin moved successfully. C:\ProgramData\1331817140.bdinstall.bin moved successfully. C:\ProgramData\1331817105.bdinstall.bin moved successfully. C:\ProgramData\1331816851.bdinstall.bin moved successfully. C:\ProgramData\1331803562.bdinstall.bin moved successfully. C:\ProgramData\1331770228.2760.bin moved successfully. C:\ProgramData\1331770203.2288.bin moved successfully. C:\ProgramData\1331770109.1340.bin moved successfully. C:\ProgramData\1331770006.3224.bin moved successfully. C:\ProgramData\1331769951.1308.bin moved successfully. C:\ProgramData\1331769867.3692.bin moved successfully. C:\ProgramData\1331769706.bdinstall.bin moved successfully. C:\ProgramData\1331754741.bdinstall.bin moved successfully. Folder C:\Users\John\AppData\Roaming\DriverCure\ not found. Folder C:\Users\John\AppData\Roaming\ParetoLogic\ not found. Folder C:\ProgramData\ParetoLogic\ not found. C:\Users\John\AppData\Roaming\BitDefender\Desktop\Profiles\Logs\3da0dab0-1a5e-4d20-aee8-7662e922bcc8 folder moved successfully. C:\Users\John\AppData\Roaming\BitDefender\Desktop\Profiles\Logs\2ab858ed-450b-4bb6-b67c-8e3c45ec13ac folder moved successfully. C:\Users\John\AppData\Roaming\BitDefender\Desktop\Profiles\Logs folder moved successfully. C:\Users\John\AppData\Roaming\BitDefender\Desktop\Profiles\LGKC folder moved successfully. C:\Users\John\AppData\Roaming\BitDefender\Desktop\Profiles folder moved successfully. C:\Users\John\AppData\Roaming\BitDefender\Desktop folder moved successfully. C:\Users\John\AppData\Roaming\BitDefender folder moved successfully. C:\Windows\System32\獷楬汢捯污 moved successfully. File C:\Windows\System32\獷楬汢捯污 not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\John\Desktop\cmd.bat deleted successfully. C:\Users\John\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: ASPNET User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User User: Guest ->Temp folder emptied: 388687 bytes ->Temporary Internet Files folder emptied: 66340 bytes User: John ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 96416510 bytes ->Java cache emptied: 7639819 bytes ->FireFox cache emptied: 59302024 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 997 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 551429 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 45766 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 157.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 01122014_175643 Files\Folders moved on Reboot... File\Folder C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(68)\Content.IE5\MBWMUNG2\32dpn.ver.72.app.3ie33cpgj6dhi.ver.42.app.62dhh6thj8cb3.ver.31.app.66c9i6pj32d33.ver.13.app.68c34chgjadj1.ver.6.app.68ohh6com6c1h.ver.8.app.6cdj26sq3cdb6.ver[1].8 not found! C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMGM4710\like[1].htm moved successfully. C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMGM4710\poweredby[1].htm moved successfully. C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMGM4710\xd_arbiter[1].htm moved successfully. C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMGM4710\xd_arbiter[2].htm moved successfully. C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4YRIFJ5L\hub[1].htm moved successfully. C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4YRIFJ5L\tweet_button.1387492107[1].htm moved successfully. C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4TKER1AG\page4[1].htm moved successfully. C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4TKER1AG\pinit017[1].htm moved successfully. C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\22O6WX9H\DXI1ORHCpsQm3Vp6mXoaTYM1ygXM8I716iU3CHRQUAk[1].eot moved successfully. C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\22O6WX9H\hub[1].htm moved successfully. C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\22O6WX9H\MTP_ySUJH_bn48VBG8sNSoM1ygXM8I716iU3CHRQUAk[1].eot moved successfully. C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\22O6WX9H\RjgO7rYTmqiVp7vzi-Q5UfY6323mHUZFJMgTvxaG2iE[1].eot moved successfully. C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\22O6WX9H\sh142[1].htm moved successfully. C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Quote
jontye Posted January 12, 2014 Author Posted January 12, 2014 Starbuck, OTL. TXT Result, OTL logfile created on: 12/01/2014 18:11:32 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.40% Memory free 4.22 Gb Paging File | 3.43 Gb Available in Paging File | 81.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 702.51 Gb Total Space | 670.04 Gb Free Space | 95.38% Space Free | Partition Type: NTFS Drive F: | 223.63 Gb Total Space | 223.53 Gb Free Space | 99.95% Space Free | Partition Type: NTFS Computer Name: JOHN-PC | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\John\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - c:\Support\couponsupport.exe () PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) PRC - C:\Program Files\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (pcCMService) -- C:\Program Files\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (stppp) -- C:\Windows\System32\drivers\stppp.sys (THOMSON Telecom Belgium) DRV - (ST330) -- C:\Windows\System32\drivers\st330.sys (THOMSON Telecom Belgium) DRV - (STBUS) -- C:\Windows\System32\drivers\stbus.sys (THOMSON Telecom Belgium) DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Chic) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\John IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fishingwithstyle.co.uk/NCS%20Flies/NCS130205/Orl%20Fly%20Turton%201836%202.JPG IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {4FBACD73-F67C-42AE-B46A-03960AFE3DFB} - No CLSID value found IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{1CD8BC16-DC6F-4C72-90EA-8225E532C3D0}: "URL" = http://search.orange.co.uk/all?brand=ouk&p=_searchbox&pt=iecd&tab=web&q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{7E91DF63-DF97-46CB-9C56-D410C1003928}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2008/09/07 10:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions [2014/01/12 13:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vt7g8ftd.default\extensions [2008/05/25 16:05:33 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vt7g8ftd.default\extensions\en-GB@dictionaries.addons.mozilla.org [2014/01/12 13:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vt7g8ftd.default\extensions\staged ========== Chrome ========== CHR - homepage: http://www.google.com CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\ CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gamkofkinkpkbehlcnejljdoddjkmmmd\1.1\ CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hecgaagphfglfafllaigbknfblfhbbni\1.1\ CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2014/01/12 17:59:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6288F38A-57F9-4433-8790-2EED6B10991B}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B7683A1-5C4C-435E-86CB-793465AF67CB}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\John\Pictures\P1070213.JPG O24 - Desktop BackupWallPaper: C:\Users\John\Pictures\P1070213.JPG O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014/01/12 14:05:48 | 000,000,000 | ---D | C] -- C:\_OTL [2014/01/12 13:47:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/01/12 13:34:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014/01/12 13:15:29 | 000,000,000 | ---D | C] -- C:\Support [2014/01/12 13:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ShoppingChip [2014/01/12 13:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\92b0c55cfad394f4 [2014/01/12 13:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\ShoppingChip [2014/01/12 13:15:01 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Comodo [2014/01/10 19:53:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe [2014/01/10 19:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2014/01/10 18:33:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft Corporation [2014/01/09 22:34:56 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\MigWiz [2014/01/08 23:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS [2014/01/08 20:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2014/01/08 20:17:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2014/01/08 20:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2014/01/08 20:14:38 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\John\mbam-setup-1.75.0.1300.exe [2014/01/07 15:03:39 | 006,252,752 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe [2014/01/06 15:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS [2014/01/06 15:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter [2014/01/05 16:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2014/01/05 15:30:44 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2013/12/30 14:47:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\JAM Software [2013/12/26 16:09:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/12/26 16:09:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/12/26 16:09:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/12/26 16:09:14 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/12/26 16:09:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/12/26 16:09:10 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/12/26 16:09:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/12/26 16:09:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/12/26 16:08:04 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll [2013/12/26 16:08:04 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys [2013/12/26 16:08:04 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys [2013/12/26 16:08:01 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/12/26 16:07:59 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe [2013/12/26 16:07:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll ========== Files - Modified Within 30 Days ========== [2014/01/12 18:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/01/12 18:00:54 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2014/01/12 18:00:54 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2014/01/12 18:00:46 | 000,000,354 | -H-- | M] () -- C:\Windows\tasks\couponsupport-S-649636217.job [2014/01/12 18:00:38 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2014/01/12 18:00:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/01/12 17:59:29 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2014/01/12 13:15:04 | 000,001,666 | ---- | M] () -- C:\Windows\System32\${LOGFILE} [2014/01/11 17:30:31 | 000,638,266 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014/01/11 17:30:31 | 000,121,042 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014/01/10 19:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe [2014/01/10 19:04:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2014/01/10 16:16:28 | 000,252,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014/01/09 23:29:57 | 000,001,661 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Update.lnk [2014/01/08 20:17:56 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/01/08 20:14:39 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\mbam-setup-1.75.0.1300.exe [2014/01/07 20:08:05 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014/01/07 20:08:05 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014/01/07 15:03:05 | 006,252,752 | ---- | M] (PC Cleaners) -- C:\ProgramData\pclunst.exe ========== Files Created - No Company Name ========== [2014/01/12 13:15:30 | 000,000,354 | -H-- | C] () -- C:\Windows\tasks\couponsupport-S-649636217.job [2014/01/12 13:14:18 | 000,001,666 | ---- | C] () -- C:\Windows\System32\${LOGFILE} [2014/01/10 19:04:03 | 000,001,831 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2014/01/10 16:16:05 | 000,252,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2014/01/09 23:29:57 | 000,001,661 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Update.lnk [2014/01/08 20:17:56 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/01/07 19:11:26 | 000,001,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014/01/05 15:36:50 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2013/06/28 15:02:26 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum [2013/06/26 19:20:45 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum [2013/06/26 19:19:53 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum [2012/02/26 14:08:57 | 000,001,515 | ---- | C] () -- C:\ProgramData\search_result.xml [2012/01/25 19:51:03 | 000,014,848 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2012/01/18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2012/01/18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011/03/14 17:26:35 | 000,258,403 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011/03/14 16:18:24 | 000,001,356 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat [2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe [2009/10/12 13:18:26 | 000,000,760 | ---- | C] () -- C:\Users\John\AppData\Roaming\setup_ldm.iss [2008/12/21 13:31:21 | 008,320,474 | ---- | C] () -- C:\Users\John\AppData\Roaming\UserTile.png [2008/09/01 21:30:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2006/11/02 12:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Quote
jontye Posted January 12, 2014 Author Posted January 12, 2014 Starbuck, OTL. Extras TxT report, OTL Extras logfile created on: 12/01/2014 18:11:32 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.40% Memory free 4.22 Gb Paging File | 3.43 Gb Available in Paging File | 81.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 702.51 Gb Total Space | 670.04 Gb Free Space | 95.38% Space Free | Partition Type: NTFS Drive F: | 223.63 Gb Total Space | 223.53 Gb Free Space | 99.95% Space Free | Partition Type: NTFS Computer Name: JOHN-PC | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06B5D3CE-55AF-4631-AE30-77B21671703C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1044F41E-0765-4ADD-9584-5E4ACF322FBC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{27112E08-235A-498D-AEC5-639C5843B1F6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{45D4556B-66EB-4FFE-9830-2B5D7A484905}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7F2AEA2C-B6D4-46CF-A860-3A8562AEDCC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A65216EF-86A6-44CB-900C-FD7BA7BEC996}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B191512B-C785-45E7-B29C-991265AFDBD3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D5E8832A-EEC4-4A58-BC4C-7FD218814B16}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E7C6BD71-C7EC-4B83-B00D-FEFAD6D165FC}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1E5C9197-F581-4AE8-96A4-16C3C8ED1C2F}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | "{40D0753F-F61F-49BE-B152-7AA9F4C42348}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4C98F4EB-FA1D-4311-881C-C5DF3F39A86D}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | "{6B2F301F-2A6A-4FCE-8B30-96CF5E8F0DB8}" = protocol=6 | dir=in | app=e:\sthiwv\stinstall.exe | "{6DF54D84-984B-433A-82E3-D5881E7C2E3B}" = protocol=17 | dir=in | app=e:\sthiwv\stinstall.exe | "{C27D79AF-A690-4CD3-8B40-64B8D100AB5C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{CD153217-B1C6-453F-8079-B52122680770}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe | "{E75E21DB-7010-47E4-B235-DEC29BC4B51E}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe | "{EF5AE8D8-ED46-4F00-A297-174A40474E18}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{F12A6BCC-DF02-4C91-90B1-DBA1B7CA950C}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | "{F31C666F-0E77-4719-A662-99434914E078}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | "TCP Query User{5E5BCD2B-248A-4A8B-AE21-8896D784CF8B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{A2DDA8D7-7D29-4A58-9FCB-CDA835E13477}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | "TCP Query User{B45D264B-1486-4F0F-A84F-C7B5D89CD4D9}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{D33D50B9-8C77-4D3E-8477-6A829211FFB1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{D8C42A85-C3F6-41B7-B185-E16291E347A9}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{2BB60A59-1578-4AA2-9ADF-367A8A0F97EF}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{3F6D457F-8BC9-447E-8BB3-346E972F34C8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{49047279-96B8-44A3-911A-61D12CF2601D}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | "UDP Query User{AA71A4B2-EE19-4FD6-9235-01BA6C71C812}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{B8973569-FA50-47B9-8C77-1A2EDD9C73B7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 P****r and SDK "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8) "{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "BT Desktop Help" = BT Desktop Help "BTHomeHub" = BTHomeHub "cayahooantispy" = CA Yahoo! Anti-Spy (remove only) "CCleaner" = CCleaner "HDMI" = Intel® Graphics Media Accelerator Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "PrintMaster Gold 3.00" = PrintMaster Gold 3.00 "S-649636217" = CouponSupport "SMSERIAL" = Motorola SM56 Speakerphone Modem "SynTPDeinstKey" = Synaptics Pointing Device Driver ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/01/2014 14:03:30 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1152) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 12/01/2014 14:03:30 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1152) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 12/01/2014 14:03:30 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1152) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 12/01/2014 14:03:30 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1152) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 12/01/2014 14:10:34 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1152) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 12/01/2014 14:10:34 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1152) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 12/01/2014 14:10:34 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1152) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 12/01/2014 14:10:34 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1152) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 12/01/2014 14:10:34 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1152) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. Error - 12/01/2014 14:10:34 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1152) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546. [ System Events ] Error - 12/01/2014 09:38:15 | Computer Name = John-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1613.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0xc8000222 Error description: Length of message passed to NtRequestPort or NtRequestWaitReplyPort was longer than the maximum message allowed by the port. Error - 12/01/2014 09:52:12 | Computer Name = John-PC | Source = Service Control Manager | ID = 7026 Description = Error - 12/01/2014 10:01:19 | Computer Name = John-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1613.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0xc8000222 Error description: Length of message passed to NtRequestPort or NtRequestWaitReplyPort was longer than the maximum message allowed by the port. Error - 12/01/2014 12:20:26 | Computer Name = John-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 16:05:36 on 12/01/2014 was unexpected. Error - 12/01/2014 12:21:39 | Computer Name = John-PC | Source = Service Control Manager | ID = 7026 Description = Error - 12/01/2014 13:50:51 | Computer Name = John-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 17:07:03 on 12/01/2014 was unexpected. Error - 12/01/2014 13:51:08 | Computer Name = John-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002 Description = Error - 12/01/2014 13:52:18 | Computer Name = John-PC | Source = Service Control Manager | ID = 7026 Description = Error - 12/01/2014 14:10:34 | Computer Name = John-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1613.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0xc8000222 Error description: Length of message passed to NtRequestPort or NtRequestWaitReplyPort was longer than the maximum message allowed by the port. < End of report > Quote
ExTS Admin Starbuck Posted January 13, 2014 ExTS Admin Posted January 13, 2014 Hi jontye Can you please explain where these came from :confused: [2014/01/12 13:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ShoppingChip [2014/01/12 13:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\92b0c55cfad394f4 [2014/01/12 13:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\ShoppingChip [2014/01/12 13:15:01 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Comodo Seems there may be problems with your Windows Updates: Please go Here Scroll down to the Windows Vista and Windows XP Fit It section and click on Run Now. Follow any prompts. Quote Member of:UNITE
jontye Posted January 14, 2014 Author Posted January 14, 2014 Hi Starbuck, This pile of junk popped up and installed themselves when I shut down the protective software inbetween downloading and running the 'Junkware Removal Tool'. I stopped the JRT, switched on the protective software then ran the JRT again . Then i checked through programmes & files, found the items and uninstalled / deleted them, I think i got rid of all of them. I've not been able to use Windows Update since I changed the hard disc, I've tried several solutions, stopping & starting the auto updates, restarting my laptop. Just run the MS FIX IT , problem not fixed, on the log all the items were fixed apart from 'Problems Installing Recent Updates ........ Not Fixed. Windows Update still not working, Message says 'unable to check for updates because service is not running - restart computer' [TABLE=width: 1] [TD=class: heading]Windows Update [TD=align: right]Publisher details [TABLE=class: block] [TH=class: title, colspan: 3]Issues found Some security settings are missing or have been changed Some security settings are missing or have been changed [TD=width: 90]Fixed [TD=width: 20]http://extremetechsupport.com/images/check.png [TD=colspan: 4, align: right] Reset security settings Check for missing or corrupt files Check for missing or corrupt files [TD=width: 90]Fixed [TD=width: 20]http://extremetechsupport.com/images/check.png [TD=colspan: 4, align: right] Repair missing or corrupt files Service registration is missing or corrupt Service registration is missing or corrupt [TD=width: 90]Fixed [TD=width: 20]http://extremetechsupport.com/images/check.png [TD=colspan: 4, align: right] Reset service registration Problems installing recent updates Problems installing recent updates [TD=width: 90]Fixed [TD=width: 20]http://extremetechsupport.com/images/check.png [TD=colspan: 4, align: right] Repair Windows Update Corrupt Patch Registry keys Corrupt Patch Registry keys Detects corrupt or missing patch cache [TD=width: 90]Fixed [TD=width: 20]http://extremetechsupport.com/images/check.png [TD=colspan: 4, align: right] Fixing patch registry problems [TABLE=class: block] [TH=class: title, colspan: 3]Issues checked Windows Update environment variables are incorrect Windows Update environment variables are incorrect [TD=width: 90]Checked [TD=width: 20]http://extremetechsupport.com/images/check.png Windows Update error None Windows Update error None [TD=width: 90]Checked [TD=width: 20]http://extremetechsupport.com/images/check.png Windows Update services are not running Windows Update services are not running [TD=width: 90]Checked [TD=width: 20]http://extremetechsupport.com/images/check.png Cryptographic service components are not registered Cryptographic service components are not registered [TD=width: 90]Checked [TD=width: 20]http://extremetechsupport.com/images/check.png [TABLE=width: 1] [TD=class: heading]Issues found [TD=align: right]Detection details Fixed http://extremetechsupport.com/images/check.png [TD=class: content] Fixed http://extremetechsupport.com/images/check.png [TD=class: content] Fixed http://extremetechsupport.com/images/check.png [TD=class: content] Fixed http://extremetechsupport.com/images/check.png [TD=class: content] Fixed http://extremetechsupport.com/images/check.png [TD=class: content]Detects corrupt or missing patch cache [TD=class: content] Fixing patch registry problems [TABLE=width: 1] [TD=class: heading]Issues checked [TD=align: right]Detection details Checked http://extremetechsupport.com/images/check.png [TD=class: content] Checked http://extremetechsupport.com/images/check.png [TD=class: content] Checked http://extremetechsupport.com/images/check.png [TD=class: content] Checked http://extremetechsupport.com/images/check.png [TD=class: content] [TABLE=width: 1] [TD=class: heading]Detection details [TD=align: right]http://extremetechsupport.com/images/expand.png http://extremetechsupport.com/images/info.png Service Status [TABLE="class: info"] $PropName: $Value $PropName: $Value Computer Name: JOHN-PC Windows Version: 6.0 Architecture: x86 Time: 1/13/2014 11:09:57 PM [TABLE=width: 1] [TD=class: heading]Publisher details [TD=align: right]http://extremetechsupport.com/images/expand.png Package Version: 8.1.2.20131119 Publisher: Microsoft Corporation http://extremetechsupport.com/images/collapse.pnghttp://extremetechsupport.com/images/expand.png Just Quote
ExTS Admin Starbuck Posted January 14, 2014 ExTS Admin Posted January 14, 2014 Hi jontye Let's check that you have the latest version of the Windows Update Agent. You may need to show Hidden files: Click on Start ... Control Panel Click on the Appearance and Personalization link . Click on Folder Options. Click on the View tab. Then under Hidden Files and Folders.....Make sure there's a tick against.. Show hidden files and folders Then click Apply and then Ok. Just reverse this process to hide them again when finished. Click Start >> Computer >> C drive >> Windows >> System32 Then Right-click Wuaueng.dll, and then click Properties. Click the Details tab, and then locate the file version number. The latest version of the Windows Update Agent for Windows Vista and Windows XP is 7.6.7600.256. Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb .log. Error -546. There is a manual fix for this, but i would have assumed that the M$ Fixit program would have done it already. But let's check anyway. Click Start >> Computer >> C drive >> Windows >> SoftwareDistribution >> DataStore >> Logs Delete the edb.log file (if you’re not seeing the .log part, then delete the files that simply says edb) Restart your computer and try running the Windows Update Utility again Have you tried to manually download the updates? It's worth trying this to find out out if that works or not. Click Start >> All Programs >> Windows Update When the page opens, click Check for updates, and then wait while Windows looks for the latest updates for your computer. If any updates are found, click Install updates. Quote Member of:UNITE
jontye Posted January 15, 2014 Author Posted January 15, 2014 Starbuck, Another problem bites the dust, Windows Update now working fine, thank you very much for your time and knowledge. I had tried to open Windows Update manually, as well as the automatic system, several times without success. I also reversed the 'hidden files & folders' action. The highlighted section 'Unable to read the header of logfile', in your last message, is that just an example or are you asking me for some information regarding the header ? Are there many more security issues to deal with ? Regards Jontye.:yo: Quote
ExTS Admin Starbuck Posted January 16, 2014 ExTS Admin Posted January 16, 2014 Hi jontye Another problem bites the dust, Windows Update now working fine, That's good to hear. The highlighted section 'Unable to read the header of logfile', in your last message, is that just an example or are you asking me for some information regarding the header ? I took that section from the Error log in the last Otl report: Error - 12/01/2014 14:10:34 | Computer Name = John-PC | Source = ESENT | ID = 412 Description = wuaueng.dll (1152) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb .log. Error -546. That was the reason for the manual fixes in my previous post. Are there many more security issues to deal with ? We'll just get rid of those lines i mentioned in the earlier report: Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section ) :otl IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {4FBACD73-F67C-42AE-B46A-03960AFE3DFB} - No CLSID value found IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found [2014/01/12 13:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ShoppingChip [2014/01/12 13:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\92b0c55cfad394f4 [2014/01/12 13:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\ShoppingChip [2014/01/12 13:15:01 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Comodo [2014/01/12 13:15:30 | 000,000,354 | -H-- | C] () -- C:\Windows\tasks\couponsupport-S-649636217.job :commands [emptytemp] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Thanks Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.