pitfall Posted January 12, 2014 Posted January 12, 2014 Could You please take a look at these logs, and tell Me if I need to do anything else Please. I did run SAS a few times and avira. But untill I run mawarebytes, avira didn't show Yesterdays baddies ?. ........................ Malawarebytes log. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.11.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 the boss :: FRONTROOM [administrator] 11/01/2014 21:57:11 mbam-log-2014-01-11 (21-57-11).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 343704 Time elapsed: 3 hour(s), 29 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 7 C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000077.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000079.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000080.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000081.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000082.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000103.dll (PUP.Optional.Wajam) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000104.exe (PUP.Optional.Wajam) -> Quarantined and deleted successfully. (end) ....................... OTL logfile created on: 12/01/2014 02:44:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\the boss\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 989.48 Mb Total Physical Memory | 666.61 Mb Available Physical Memory | 67.37% Memory free 1.21 Gb Paging File | 0.75 Gb Available in Paging File | 61.96% Paging File free Paging file location(s): C:\pagefile.sys 336 672 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 33.11 Gb Total Space | 15.16 Gb Free Space | 45.78% Space Free | Partition Type: NTFS Computer Name: FRONTROOM | User Name: the boss | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\the boss\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer Inc.) PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation) PRC - C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) PRC - C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe () PRC - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe () PRC - C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG) PRC - C:\Program Files\Ahead\InCD\incdsrv.exe (AHEAD Software) PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe () MOD - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe () MOD - C:\Program Files\BroadJump\Client Foundation\CFD.exe () MOD - C:\Program Files\BroadJump\Client Foundation\TimerManager.DLL () MOD - C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.DLL () MOD - C:\Program Files\BroadJump\Client Foundation\AppProperties.DLL () MOD - C:\Program Files\BroadJump\Client Foundation\Marshaller.dll () MOD - C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll () MOD - C:\Program Files\BroadJump\Client Foundation\BJComRT.dll () MOD - C:\WINDOWS\system32\stlport_4_0_0_DDR.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SRV - (FspadSvc) -- C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe () SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\incdsrv.exe (AHEAD Software) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (k750obex) -- system32\DRIVERS\k750obex.sys File not found DRV - (k750mgmt) -- system32\DRIVERS\k750mgmt.sys File not found DRV - (k750mdm) -- system32\DRIVERS\k750mdm.sys File not found DRV - (k750mdfl) -- system32\DRIVERS\k750mdfl.sys File not found DRV - (k750bus) -- system32\DRIVERS\k750bus.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOCUME~1\wayne\LOCALS~1\Temp\catchme.sys File not found DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions) DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola) DRV - (SISNICXP) -- C:\WINDOWS\system32\drivers\sisnicxp.sys (SiS Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation) DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation) DRV - (qkbfiltr) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys (Quanta Computer, Inc.) DRV - (fspad) -- C:\WINDOWS\system32\drivers\fspad.sys (Asia Vital Components Co.,Ltd.) DRV - (qmofiltr) -- C:\WINDOWS\system32\drivers\qmofiltr.sys (Quanta Computer, Inc.) DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation) DRV - (InCDrec) -- C:\WINDOWS\System32\drivers\incdrec.sys (Ahead Software AG) DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\incdpass.sys (Ahead Software) DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\incdfs.sys () DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys (Logitech Inc.) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{1AB9E258-1622-499D-9B70-E06C8CCB79C6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{6638B77B-D0DF-461F-9133-220D6020A463}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{9D9EFC7F-8E7D-4CF9-80C4-ECEB6B6FD37F}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{BF1521BC-70FF-4303-9EC1-21ACA993D9BD}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{C60EBE12-0A1D-4B8B-82D6-5CFD294BE6C7}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{DBF4149D-43D5-4B05-A96F-6B51870D738F}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = IE - HKCU\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{25E0768B-6F96-40D2-9DA9-79C70260C4B8}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{5F73C9FE-755D-49CD-8C8B-034C82732AB3}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{A4002216-F71B-4F3E-854B-03A3FA149AB0}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{B909E871-1F49-4D21-AEB2-98823825B616}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{C02A4BE6-7476-4A95-B030-419A9F09FBEB}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{CC0D0CF2-665C-4255-BE0C-1BBC2B661B79}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{ED5D69C1-8340-438F-A1BD-75E72A38D2B0}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) [2013/12/10 20:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - homepage: http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtD0CtDzy0F0EtAyB0FtDtAtC0F0ByEtN0D0Tzu0SyByEtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1916909073&ir= CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Drive = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: WOT = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.0.17_0\ CHR - Extension: WOT = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.1.1_0\ CHR - Extension: YouTube = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\ CHR - Extension: Adblock Plus = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0\ CHR - Extension: Google Search = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ CHR - Extension: Gmail = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2014/01/04 01:30:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe () O4 - HKLM..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe () O4 - HKLM..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG) O4 - HKLM..\Run: [Keyboard Manager Utility] C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer Inc.) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342012978515 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://fdl.msn.com/public/chat/msnchat45.cab (MSN Chat Control 4.5) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{543330AD-2D59-4599-BF95-E62FDE47BA3E}: DhcpNameServer = 194.168.4.100 194.168.8.100 O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/09/09 17:51:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell - "" = AutoRun O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun\command - "" = D:\OEMBranding.exe O33 - MountPoints2\Z\Shell - "" = AutoRun O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^wayne^Start Menu^Programs^Startup^wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe - (Microsoft® Corporation) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2014/01/11 23:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2014/01/11 23:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2014/01/11 21:32:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\the boss\Recent [2014/01/11 21:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Local Settings\Application Data\Meltytech [2014/01/11 20:39:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\the boss\My Documents\picvids [2014/01/11 20:33:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\the boss\My Documents\wayne music [2014/01/11 20:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\to adust window up-dater (bits) [2014/01/11 19:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\MOGS [2014/01/11 19:14:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\the boss\My Documents\my pictures 1 [2014/01/11 19:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\My Playlists [2014/01/11 15:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\2013-10-18, Grace [2014/01/11 15:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\2010 me [2014/01/11 15:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\History [2014/01/11 13:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\waynemorris112183024717 [2014/01/11 13:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\dogs2 [2014/01/11 13:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\pdf files [2014/01/11 12:52:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\the boss\Desktop\OTL.scr [2014/01/10 00:16:18 | 000,000,000 | ---D | C] -- C:\SUPERDelete [2014/01/09 21:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Application Data\DigitalSites [2014/01/05 12:24:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2014/01/04 19:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2014/01/04 01:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2014/01/04 01:13:25 | 000,000,000 | RHSD | C] -- C:\cmdcons [2014/01/04 01:05:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2014/01/02 13:34:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2014/01/02 11:05:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/01/02 00:05:51 | 000,000,000 | ---D | C] -- C:\FRST [2013/12/17 16:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Application Data\SUPERAntiSpyware.com [2013/12/15 23:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Application Data\Avira [2013/12/14 23:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware [2013/12/14 23:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2013/12/14 23:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/12/13 03:25:04 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Repair [2013/12/13 03:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira [2013/12/13 03:12:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2013/12/13 03:12:08 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013/12/13 03:12:08 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013/12/13 03:12:08 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013/12/13 03:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013/12/13 03:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira ========== Files - Modified Within 30 Days ========== [2014/01/12 02:16:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2014/01/12 02:12:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014/01/11 20:17:08 | 000,000,292 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\to adjust window auto up-dates.rtf [2014/01/11 20:15:32 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\the boss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/01/11 13:54:50 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2014/01/11 12:52:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\the boss\Desktop\OTL.scr [2014/01/09 21:01:12 | 000,000,005 | ---- | M] () -- C:\Documents and Settings\the boss\Application Data\WBPU-TTL.DAT [2014/01/09 21:01:11 | 000,000,106 | ---- | M] () -- C:\Documents and Settings\the boss\Application Data\WB.CFG [2014/01/09 12:24:22 | 000,002,199 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\retired thoughts.rtf [2014/01/04 01:30:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2014/01/04 01:13:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013/12/26 20:29:04 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI [2013/12/22 12:46:18 | 001,028,034 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\firefox bookmarks.html [2013/12/21 16:49:56 | 000,093,316 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\MPs that voted against food bank inquiry.rtf [2013/12/18 02:19:12 | 000,001,313 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\penning oral % to be met.rtf [2013/12/18 02:13:10 | 000,133,878 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\PIP oral hc911.rtf [2013/12/16 12:22:16 | 000,000,325 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\find BITS in windows start and run.rtf [2013/12/14 23:32:57 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/12/13 03:12:58 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk [2013/12/13 03:00:26 | 000,153,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2014/01/11 20:40:22 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\262.rtf [2014/01/11 14:40:05 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\find BITS in windows start and run.rtf [2014/01/11 14:39:47 | 005,742,396 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Macy Gray I Try.wma [2014/01/11 14:39:28 | 003,174,852 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Hu_s_on_First.wmv [2014/01/11 14:38:54 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\home swappers emails.rtf [2014/01/11 14:38:20 | 000,007,117 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\how could you.rtf [2014/01/11 14:37:06 | 001,028,034 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\firefox bookmarks.html [2014/01/11 14:34:09 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\marxbrosvid.rtf [2014/01/11 14:27:43 | 000,000,335 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mine.rtf [2014/01/11 14:27:18 | 000,006,373 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\cameron.rtf [2014/01/11 14:27:18 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\CARE HOME PETITION.rtf [2014/01/11 14:27:14 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\dads obituary.rtf [2014/01/11 14:27:14 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\appeal video.rtf [2014/01/11 14:25:24 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Kasperksky.rtf [2014/01/11 14:21:17 | 000,011,709 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\IDS at autswitch.rtf [2014/01/11 14:18:57 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Mcv.rtf [2014/01/11 14:14:14 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\council tax.rtf [2014/01/11 14:13:46 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\dads family.rtf [2014/01/11 14:13:09 | 000,010,783 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\calums list1.rtf [2014/01/11 14:13:09 | 000,006,067 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\calums list.rtf [2014/01/11 14:13:09 | 000,004,680 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\calums list2.rtf [2014/01/11 14:12:43 | 000,011,782 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Calum and peters list.rtf [2014/01/11 14:12:03 | 000,011,867 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\blair.rtf [2014/01/11 14:11:18 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\to adjust window auto up-dates.rtf [2014/01/11 14:10:40 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\100 tory **** ups.rtf [2014/01/11 14:08:59 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mirosoft update fixer.rtf [2014/01/11 14:07:06 | 000,093,316 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\MPs that voted against food bank inquiry.rtf [2014/01/11 14:04:22 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mums obituary.rtf [2014/01/11 14:04:22 | 000,000,266 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Nelson passed away.rtf [2014/01/11 14:03:54 | 000,071,914 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\parliament.rtf [2014/01/11 14:03:54 | 000,037,033 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\paedos.rtf [2014/01/11 14:03:01 | 000,031,278 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\petes list.rtf [2014/01/11 13:54:50 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2014/01/11 13:31:15 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\New Playlist.wpl [2014/01/11 13:30:07 | 000,005,159 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Now Playing.wpl [2014/01/11 13:30:07 | 000,001,963 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\HIS.wpl [2014/01/11 13:30:07 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mine.wpl [2014/01/11 13:30:07 | 000,000,346 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Untitled Playlist.wpl [2014/01/11 13:14:37 | 000,069,897 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\0539c9a8-ed62-4af3-b0ff-f9b107d151cc_zpsec3eaa2f.jpg [2014/01/09 21:01:12 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\the boss\Application Data\WBPU-TTL.DAT [2014/01/09 21:01:07 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\the boss\Application Data\WB.CFG [2014/01/09 13:31:27 | 000,006,008 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\the Mccann case.rtf [2014/01/09 12:24:22 | 000,002,199 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\retired thoughts.rtf [2014/01/04 01:13:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2014/01/04 01:13:28 | 000,260,272 | RHS- | C] () -- C:\cmldr [2013/12/26 20:29:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2013/12/18 02:19:12 | 000,001,313 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\penning oral % to be met.rtf [2013/12/18 02:13:10 | 000,133,878 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\PIP oral hc911.rtf [2013/12/14 23:32:57 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/12/13 03:12:58 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk [2012/09/27 10:01:09 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\the boss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/15 10:51:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010/12/23 22:10:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\the boss\Application Data\wklnhst.dat [2006/12/14 08:05:35 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html ========== ZeroAccess Check ========== [2005/09/09 17:56:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/10/27 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2007/07/11 23:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames [2007/07/12 20:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear [2013/03/01 23:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses [2006/04/08 12:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\******* [2008/10/30 16:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca [2014/01/11 10:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2014/01/09 21:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\DigitalSites [2012/05/24 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\ElevatedDiagnostics [2010/12/12 00:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Opera [2012/05/02 20:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Oracle [2005/09/09 21:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\SampleView [2014/01/09 11:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\SumatraPDF [2012/09/11 09:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Template [2009/12/29 05:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media Interface type: IDE Media Type: Fixed\thard disk media Model: FUJITSU MHT2040AT Partitions: 2 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 33.00GB Starting Offset: 4449876480 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Unknown Bootable: False BootPartition: False PrimaryPartition: True Size: 4.00GB Starting Offset: 32256 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2005/09/09 17:51:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/04/16 15:47:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2014/01/04 01:13:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2006/12/12 21:24:45 | 000,033,553 | ---- | M] () -- C:\caavsetupLog.txt [2006/12/13 01:44:30 | 000,015,012 | ---- | M] () -- C:\caisslog.txt [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2014/01/04 01:35:38 | 000,010,929 | ---- | M] () -- C:\ComboFix.txt [2005/09/09 17:51:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2005/09/09 17:51:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007/02/05 23:05:52 | 000,001,647 | -H-- | M] () -- C:\IPH.PH [2005/09/12 17:45:51 | 000,000,021 | ---- | M] () -- C:\LOCAL [2010/05/02 12:50:14 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt [2005/09/12 17:45:51 | 000,000,021 | ---- | M] () -- C:\MINI [2005/09/09 17:51:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/08/23 11:27:08 | 000,250,048 | RHS- | M] () -- C:\ntldr [2014/01/12 02:11:35 | 352,321,536 | -HS- | M] () -- C:\pagefile.sys [2009/03/27 22:27:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm [2009/03/28 13:08:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm [2009/03/28 14:37:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2009/03/29 16:37:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2009/05/14 17:45:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm [2009/05/15 21:10:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm [2009/05/21 02:36:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm [2009/05/24 10:40:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm [2009/05/24 10:42:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2009/06/02 00:07:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm [2009/06/02 23:04:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm [2009/06/03 00:10:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm [2009/06/15 03:54:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2009/03/27 22:27:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2009/03/28 13:08:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2009/03/28 14:37:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2009/03/29 16:37:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2009/05/14 17:45:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2009/05/15 21:10:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2009/05/21 02:36:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2009/05/24 10:40:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2009/05/24 10:42:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2009/06/02 00:07:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2009/06/02 23:04:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2009/06/03 00:10:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2009/06/15 03:54:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2005/09/09 10:43:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2005/09/09 10:43:42 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2005/09/09 10:43:42 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/01/26 06:21:10 | 000,038,000 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/01/26 06:21:10 | 000,038,000 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" < > [2005/09/09 17:38:39 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2005/09/09 17:54:19 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report > ............................. extra OTL Extras logfile created on: 12/01/2014 02:44:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\the boss\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 989.48 Mb Total Physical Memory | 666.61 Mb Available Physical Memory | 67.37% Memory free 1.21 Gb Paging File | 0.75 Gb Available in Paging File | 61.96% Paging File free Paging file location(s): C:\pagefile.sys 336 672 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 33.11 Gb Total Space | 15.16 Gb Free Space | 45.78% Space Free | Partition Type: NTFS Computer Name: FRONTROOM | User Name: the boss | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.) "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{373B90E1-A28C-434C-92B6-7281AFA6115A}" = WOT for Internet Explorer "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{55aab41f-5d5c-abdf-4568-baef76587bd7}.sdb" = CVE-2013-3893 "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Roxio Burn Engine "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT "{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}" = Keyboard Manager Utility "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = AVC Finger-sensing Pad Driver "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "Avira AntiVir Desktop" = Avira Free Antivirus "BroadJump Client Foundation" = BroadJump Client Foundation "CCleaner" = CCleaner "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InCD!UninstallKey" = Ahead InCD "InstallShield_{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}" = Keyboard Manager Utility "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM "NeroVision!UninstallKey" = Ahead NeroVision Express "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "SiS VGA Driver" = SiS VGA Utilities "SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver "SpywareBlaster_is1" = SpywareBlaster 5.0 "StreetPlugin" = Learn2 Player (Uninstall Only) "SumatraPDF" = SumatraPDF 2.4 "VLC media player" = VLC media player 2.1.2 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/12/2013 10:19:49 | Computer Name = FRONTROOM | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 12/12/2013 12:36:22 | Computer Name = FRONTROOM | Source = Application Hang | ID = 1002 Description = Hanging application helpctr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/12/2013 12:44:55 | Computer Name = FRONTROOM | Source = Application Hang | ID = 1001 Description = Fault bucket 724433971. Error - 12/12/2013 13:46:39 | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 10005 Description = Product: Microsoft Baseline Security Analyzer 2.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2755. The arguments are: 3, C:\Documents and Settings\wayne\Local Settings\Temporary Internet Files\Content.IE5\UL9F3QNA\MBSASetup-x86-EN[1].msi, Error - 13/12/2013 00:57:42 | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 10005 Description = Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: Internet Explorer Error - 13/12/2013 00:58:54 | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 10005 Description = Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: Internet Explorer Error - 13/12/2013 01:00:35 | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 10005 Description = Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: Internet Explorer Error - 13/12/2013 01:00:44 | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 10005 Description = Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: Internet Explorer Error - 20/12/2013 05:06:06 | Computer Name = FRONTROOM | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d. Error - 11/01/2014 17:18:04 | Computer Name = FRONTROOM | Source = Application Hang | ID = 1002 Description = Hanging application shotcut-win32-140110.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 09/01/2014 13:02:08 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 09/01/2014 13:02:08 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 09/01/2014 13:02:09 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 09/01/2014 13:02:09 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 09/01/2014 13:02:09 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 09/01/2014 13:02:09 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 09/01/2014 13:02:09 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 09/01/2014 17:14:52 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. Error - 09/01/2014 17:14:52 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7000 Description = The IMAPI CD-Burning COM Service service failed to start due to the following error: %%1053 Error - 11/01/2014 22:15:17 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde < End of report > Quote
Starbuck Posted January 12, 2014 Posted January 12, 2014 Hi pitfall But untill I run mawarebytes, avira didn't show Yesterdays baddies ?. These baddies are not exactly installed on the system. Seems they had already been removed, but had been backed up in the restore points. So as long as you hadn't run a system restore.... they wouldn't have affected anything. MBAM just cleaned the restore points for you. Not all AV programs check the restore points..... they just remove the offending files etc. I see you have run AdwCleaner this year.... that may have removed the adware. We'll double check that all traces have now been removed and will clean up a few orphan entries in your report. Step 1 Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Step 2 Note: If the OTL freezes at all, you will need to uninstall MBAM and then run the OTL fix again. This is a known problem with some XP systems when MBAM is installed. So you may or may not be effected. MBAM can be reinstalled again after the fix has been run. Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section ) :otl SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found DRV - (WDICA) -- File not found DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (k750obex) -- system32\DRIVERS\k750obex.sys File not found DRV - (k750mgmt) -- system32\DRIVERS\k750mgmt.sys File not found DRV - (k750mdm) -- system32\DRIVERS\k750mdm.sys File not found DRV - (k750mdfl) -- system32\DRIVERS\k750mdfl.sys File not found DRV - (k750bus) -- system32\DRIVERS\k750bus.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOCUME~1\wayne\LOCALS~1\Temp\catchme.sys File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...lscbase370.cab (Windows Live Safety Center Base Module) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell - "" = AutoRun O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun\command - "" = D:\OEMBranding.exe O33 - MountPoints2\Z\Shell - "" = AutoRun O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [2013/10/27 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles In your next reply, please submit: JRT.txt OTL fix report Thanks. Quote Member of:UNITE
pitfall Posted January 12, 2014 Author Posted January 12, 2014 Helo Starbuck, I'm affraid I made a mess of Your instuctions. My blood sugars went very low before I was aware of it. Any way I had a 3 in 1 coffee and a bit of chcolate, once feeling a bit better. ( I don't think that helped very much ? ) The first time I run JRT, I didn't turn off My anti virus and The OLT "I done a scan and not a fix" I re-done them, but that has lost the first re-start point. and the original logs from JRT and OTL. This is what is showing now. I could roll back to the 9th and start again if You wish ?. Here's the logs I have at the momment :( ................. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Microsoft Windows XP x86 Ran by the boss on 12/01/2014 at 13:21:23.01 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 12/01/2014 at 13:26:45.25 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I'll grab an OTL one now. Quote
pitfall Posted January 12, 2014 Author Posted January 12, 2014 Now I think this is the log from OTL that I run as a scan and NOT as a FIX. ............ OTL logfile created on: 12/01/2014 11:49:44 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\the boss\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 989.48 Mb Total Physical Memory | 642.39 Mb Available Physical Memory | 64.92% Memory free 1.21 Gb Paging File | 0.75 Gb Available in Paging File | 62.24% Paging File free Paging file location(s): C:\pagefile.sys 336 672 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 33.11 Gb Total Space | 15.09 Gb Free Space | 45.58% Space Free | Partition Type: NTFS Computer Name: FRONTROOM | User Name: the boss | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\the boss\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer Inc.) PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation) PRC - C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) PRC - C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe () PRC - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe () PRC - C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG) PRC - C:\Program Files\Ahead\InCD\incdsrv.exe (AHEAD Software) PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe () MOD - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe () MOD - C:\Program Files\BroadJump\Client Foundation\CFD.exe () MOD - C:\Program Files\BroadJump\Client Foundation\TimerManager.DLL () MOD - C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.DLL () MOD - C:\Program Files\BroadJump\Client Foundation\AppProperties.DLL () MOD - C:\Program Files\BroadJump\Client Foundation\Marshaller.dll () MOD - C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll () MOD - C:\Program Files\BroadJump\Client Foundation\BJComRT.dll () MOD - C:\WINDOWS\system32\stlport_4_0_0_DDR.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SRV - (FspadSvc) -- C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe () SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\incdsrv.exe (AHEAD Software) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (k750obex) -- system32\DRIVERS\k750obex.sys File not found DRV - (k750mgmt) -- system32\DRIVERS\k750mgmt.sys File not found DRV - (k750mdm) -- system32\DRIVERS\k750mdm.sys File not found DRV - (k750mdfl) -- system32\DRIVERS\k750mdfl.sys File not found DRV - (k750bus) -- system32\DRIVERS\k750bus.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOCUME~1\wayne\LOCALS~1\Temp\catchme.sys File not found DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions) DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola) DRV - (SISNICXP) -- C:\WINDOWS\system32\drivers\sisnicxp.sys (SiS Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation) DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation) DRV - (qkbfiltr) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys (Quanta Computer, Inc.) DRV - (fspad) -- C:\WINDOWS\system32\drivers\fspad.sys (Asia Vital Components Co.,Ltd.) DRV - (qmofiltr) -- C:\WINDOWS\system32\drivers\qmofiltr.sys (Quanta Computer, Inc.) DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation) DRV - (InCDrec) -- C:\WINDOWS\System32\drivers\incdrec.sys (Ahead Software AG) DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\incdpass.sys (Ahead Software) DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\incdfs.sys () DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys (Logitech Inc.) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{1AB9E258-1622-499D-9B70-E06C8CCB79C6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{6638B77B-D0DF-461F-9133-220D6020A463}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{9D9EFC7F-8E7D-4CF9-80C4-ECEB6B6FD37F}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{BF1521BC-70FF-4303-9EC1-21ACA993D9BD}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{C60EBE12-0A1D-4B8B-82D6-5CFD294BE6C7}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{DBF4149D-43D5-4B05-A96F-6B51870D738F}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = IE - HKCU\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search IE - HKCU\..\SearchScopes\{25E0768B-6F96-40D2-9DA9-79C70260C4B8}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{5F73C9FE-755D-49CD-8C8B-034C82732AB3}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{A4002216-F71B-4F3E-854B-03A3FA149AB0}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{B909E871-1F49-4D21-AEB2-98823825B616}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{C02A4BE6-7476-4A95-B030-419A9F09FBEB}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{ED5D69C1-8340-438F-A1BD-75E72A38D2B0}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) [2013/12/10 20:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - homepage: http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtD0CtDzy0F0EtAyB0FtDtAtC0F0ByEtN0D0Tzu0SyByEtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1916909073&ir= CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Drive = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: WOT = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.0.17_0\ CHR - Extension: WOT = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.1.1_0\ CHR - Extension: YouTube = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\ CHR - Extension: Adblock Plus = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0\ CHR - Extension: Google Search = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ CHR - Extension: Gmail = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2014/01/04 01:30:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe () O4 - HKLM..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe () O4 - HKLM..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG) O4 - HKLM..\Run: [Keyboard Manager Utility] C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer Inc.) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342012978515 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://fdl.msn.com/public/chat/msnchat45.cab (MSN Chat Control 4.5) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{543330AD-2D59-4599-BF95-E62FDE47BA3E}: DhcpNameServer = 194.168.4.100 194.168.8.100 O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/09/09 17:51:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell - "" = AutoRun O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun\command - "" = D:\OEMBranding.exe O33 - MountPoints2\Z\Shell - "" = AutoRun O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014/01/12 11:31:19 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\the boss\Desktop\JRT.exe [2014/01/11 23:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2014/01/11 23:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2014/01/11 21:32:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\the boss\Recent [2014/01/11 21:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Local Settings\Application Data\Meltytech [2014/01/11 20:39:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\the boss\My Documents\picvids [2014/01/11 20:33:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\the boss\My Documents\wayne music [2014/01/11 20:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\to adust window up-dater (bits) [2014/01/11 19:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\MOGS [2014/01/11 19:14:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\the boss\My Documents\my pictures 1 [2014/01/11 19:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\My Playlists [2014/01/11 15:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\2013-10-18, Grace [2014/01/11 15:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\2010 me [2014/01/11 15:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\History [2014/01/11 13:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\waynemorris112183024717 [2014/01/11 13:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\dogs2 [2014/01/11 13:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\pdf files [2014/01/11 12:52:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\the boss\Desktop\OTL.scr [2014/01/10 00:16:18 | 000,000,000 | ---D | C] -- C:\SUPERDelete [2014/01/09 21:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Application Data\DigitalSites [2014/01/05 12:24:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2014/01/04 19:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2014/01/04 01:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2014/01/04 01:13:25 | 000,000,000 | RHSD | C] -- C:\cmdcons [2014/01/04 01:05:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2014/01/02 13:34:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2014/01/02 11:05:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/01/02 00:05:51 | 000,000,000 | ---D | C] -- C:\FRST [2013/12/17 16:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Application Data\SUPERAntiSpyware.com [2013/12/15 23:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Application Data\Avira [2013/12/14 23:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware [2013/12/14 23:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2013/12/14 23:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware ========== Files - Modified Within 30 Days ========== [2014/01/12 11:31:22 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\the boss\Desktop\JRT.exe [2014/01/12 11:18:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2014/01/12 10:54:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014/01/11 20:17:08 | 000,000,292 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\to adjust window auto up-dates.rtf [2014/01/11 20:15:32 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\the boss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/01/11 13:54:50 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2014/01/11 12:52:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\the boss\Desktop\OTL.scr [2014/01/09 21:01:12 | 000,000,005 | ---- | M] () -- C:\Documents and Settings\the boss\Application Data\WBPU-TTL.DAT [2014/01/09 21:01:11 | 000,000,106 | ---- | M] () -- C:\Documents and Settings\the boss\Application Data\WB.CFG [2014/01/09 12:24:22 | 000,002,199 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\retired thoughts.rtf [2014/01/04 01:30:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2014/01/04 01:13:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013/12/26 20:29:04 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI [2013/12/22 12:46:18 | 001,028,034 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\firefox bookmarks.html [2013/12/21 16:49:56 | 000,093,316 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\MPs that voted against food bank inquiry.rtf [2013/12/18 02:19:12 | 000,001,313 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\penning oral % to be met.rtf [2013/12/18 02:13:10 | 000,133,878 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\PIP oral hc911.rtf [2013/12/16 12:22:16 | 000,000,325 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\find BITS in windows start and run.rtf [2013/12/14 23:32:57 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk ========== Files Created - No Company Name ========== [2014/01/11 20:40:22 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\262.rtf [2014/01/11 14:40:05 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\find BITS in windows start and run.rtf [2014/01/11 14:39:47 | 005,742,396 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Macy Gray I Try.wma [2014/01/11 14:39:28 | 003,174,852 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Hu_s_on_First.wmv [2014/01/11 14:38:54 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\home swappers emails.rtf [2014/01/11 14:38:20 | 000,007,117 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\how could you.rtf [2014/01/11 14:37:06 | 001,028,034 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\firefox bookmarks.html [2014/01/11 14:34:09 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\marxbrosvid.rtf [2014/01/11 14:27:43 | 000,000,335 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mine.rtf [2014/01/11 14:27:18 | 000,006,373 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\cameron.rtf [2014/01/11 14:27:18 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\CARE HOME PETITION.rtf [2014/01/11 14:27:14 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\dads obituary.rtf [2014/01/11 14:27:14 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\appeal video.rtf [2014/01/11 14:25:24 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Kasperksky.rtf [2014/01/11 14:21:17 | 000,011,709 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\IDS at autswitch.rtf [2014/01/11 14:18:57 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Mcv.rtf [2014/01/11 14:14:14 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\council tax.rtf [2014/01/11 14:13:46 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\dads family.rtf [2014/01/11 14:13:09 | 000,010,783 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\calums list1.rtf [2014/01/11 14:13:09 | 000,006,067 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\calums list.rtf [2014/01/11 14:13:09 | 000,004,680 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\calums list2.rtf [2014/01/11 14:12:43 | 000,011,782 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Calum and peters list.rtf [2014/01/11 14:12:03 | 000,011,867 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\blair.rtf [2014/01/11 14:11:18 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\to adjust window auto up-dates.rtf [2014/01/11 14:10:40 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\100 tory **** ups.rtf [2014/01/11 14:08:59 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mirosoft update fixer.rtf [2014/01/11 14:07:06 | 000,093,316 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\MPs that voted against food bank inquiry.rtf [2014/01/11 14:04:22 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mums obituary.rtf [2014/01/11 14:04:22 | 000,000,266 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Nelson passed away.rtf [2014/01/11 14:03:54 | 000,071,914 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\parliament.rtf [2014/01/11 14:03:54 | 000,037,033 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\paedos.rtf [2014/01/11 14:03:01 | 000,031,278 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\petes list.rtf [2014/01/11 13:54:50 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2014/01/11 13:31:15 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\New Playlist.wpl [2014/01/11 13:30:07 | 000,005,159 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Now Playing.wpl [2014/01/11 13:30:07 | 000,001,963 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\HIS.wpl [2014/01/11 13:30:07 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mine.wpl [2014/01/11 13:30:07 | 000,000,346 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Untitled Playlist.wpl [2014/01/11 13:14:37 | 000,069,897 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\0539c9a8-ed62-4af3-b0ff-f9b107d151cc_zpsec3eaa2f.jpg [2014/01/09 21:01:12 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\the boss\Application Data\WBPU-TTL.DAT [2014/01/09 21:01:07 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\the boss\Application Data\WB.CFG [2014/01/09 13:31:27 | 000,006,008 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\the Mccann case.rtf [2014/01/09 12:24:22 | 000,002,199 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\retired thoughts.rtf [2014/01/04 01:13:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2014/01/04 01:13:28 | 000,260,272 | RHS- | C] () -- C:\cmldr [2013/12/26 20:29:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2013/12/18 02:19:12 | 000,001,313 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\penning oral % to be met.rtf [2013/12/18 02:13:10 | 000,133,878 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\PIP oral hc911.rtf [2013/12/14 23:32:57 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/09/27 10:01:09 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\the boss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/15 10:51:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010/12/23 22:10:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\the boss\Application Data\wklnhst.dat [2006/12/14 08:05:35 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html ========== ZeroAccess Check ========== [2005/09/09 17:56:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/10/27 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2007/07/11 23:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames [2007/07/12 20:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear [2013/03/01 23:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses [2006/04/08 12:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\******* [2008/10/30 16:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca [2014/01/12 11:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2014/01/09 21:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\DigitalSites [2012/05/24 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\ElevatedDiagnostics [2010/12/12 00:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Opera [2012/05/02 20:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Oracle [2005/09/09 21:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\SampleView [2014/01/09 11:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\SumatraPDF [2012/09/11 09:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Template [2009/12/29 05:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < :otl > [2005/09/09 17:38:39 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2005/09/09 17:54:19 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT < SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found > < SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found > < DRV - (WDICA) -- File not found > < DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found > < DRV - (PDRFRAME) -- File not found > < DRV - (PDRELI) -- File not found > < DRV - (PDFRAME) -- File not found > < DRV - (PDCOMP) -- File not found > < DRV - (PCIDump) -- File not found > < DRV - (lbrtfdc) -- File not found > < DRV - (k750obex) -- system32\DRIVERS\k750obex.sys File not found > < DRV - (k750mgmt) -- system32\DRIVERS\k750mgmt.sys File not found > < DRV - (k750mdm) -- system32\DRIVERS\k750mdm.sys File not found > < DRV - (k750mdfl) -- system32\DRIVERS\k750mdfl.sys File not found > < DRV - (k750bus) -- system32\DRIVERS\k750bus.sys File not found > < DRV - (Changer) -- File not found > < DRV - (catchme) -- C:\DOCUME~1\wayne\LOCALS~1\Temp\catchme.sys File not found > < O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present > < O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present > < O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab (Reg Error: Key error.) > Invalid Switch: qtplugin.cab (Reg Error: Key error.) < O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.) > Invalid Switch: sw.cab (Reg Error: Key error.) < O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...lscbase370.cab (Windows Live Safety Center Base Module) > Invalid Switch: res...lscbase370.cab (Windows Live Safety Center Base Module) < O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) > Invalid Switch: OnlineScanner.cab (Reg Error: Key error.) < O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) > Invalid Switch: gp.cab (Reg Error: Key error.) < O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell - "" = AutoRun > < O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun - "" = Auto&Play > < O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a > < O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell - "" = AutoRun > < O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun - "" = Auto&Play > < O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun\command - "" = D:\OEMBranding.exe > < O33 - MountPoints2\Z\Shell - "" = AutoRun > < O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play > < O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 > < [2013/10/27 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software > Invalid Switch: 27 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software < @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 > < > < :Files > < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. < > < :commands > < [emptytemp] > < [purity] > < [RESETHOSTS] > ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report > I have had a go at re-running the fix ( but I'm not sure it is working ) I deleted Malwarebytes, but I think it still froze up :confused: I'll try one more time to run the fix with OTL and get back to You. Cheers. Quote
Starbuck Posted January 12, 2014 Posted January 12, 2014 Hi pitfall This is what is showing now. I could roll back to the 9th and start again if You wish ?. That is not necessary. I have had a go at re-running the fix ( but I'm not sure it is working ) I can see from the report what the problem is. After entering the fix into OTL..... you clicked the scan button instead of the Fix button. I wish i had £1 for everytime that has happened. :) Please try again and make sure that you click on the scan button. Thanks Quote Member of:UNITE
pitfall Posted January 13, 2014 Author Posted January 13, 2014 Hi Starbuck, I did try and copy and paste Your fixit script, but something keeps going wrong. After I put Your script/code, in and press fix (By the way, You said to scan it in Your last post ;) ) It runs for a bit and stops at something saying " possessing 033 " or something like that. I left it for a long time to make sure it had run properly. but windows sent Me an error report to send. I had My anti virus off while I was doing the fix. I had to hard shut down, even task manager wouldn't close it. could You tell Me if the fix runs fast or not. I'm a bit stuck at the moment :( Is it worth starting over from the begining? or some other idea. Thanks for the quick help so far . Quote
Starbuck Posted January 13, 2014 Posted January 13, 2014 No you don't need to start again Now I know it's the o33 that is causing the problem I know the answer Am at work at the moment so am replying from my phone I will post an alternative fix when I get home. Thanks for letting me know. Quote Member of:UNITE
Starbuck Posted January 13, 2014 Posted January 13, 2014 Some of the fix before the 033 lines may have already been removed, but don't worry. If any of the lines have already been removed, the Otl fix will just pass over that point and show in the report that the file was missing. Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section ) :otl SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found DRV - (WDICA) -- File not found DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (k750obex) -- system32\DRIVERS\k750obex.sys File not found DRV - (k750mgmt) -- system32\DRIVERS\k750mgmt.sys File not found DRV - (k750mdm) -- system32\DRIVERS\k750mdm.sys File not found DRV - (k750mdfl) -- system32\DRIVERS\k750mdfl.sys File not found DRV - (k750bus) -- system32\DRIVERS\k750bus.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOCUME~1\wayne\LOCALS~1\Temp\catchme.sys File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...lscbase370.cab (Windows Live Safety Center Base Module) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) [2013/10/27 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles In your next reply, please submit: OTL fix report Thanks. Quote Member of:UNITE
pitfall Posted January 14, 2014 Author Posted January 14, 2014 Good Morning Starbuck. A new approach today I didn't turn My anti virus off this time ? I run Your codes, and We got as far as the " re-start computer, so I clicked on it, and a notice from micro popped up saying something about having to send an error report in and avira needs to shut down the comp. But I didn't send in the report. I said no, and clicked re-start. I then said " Windows was shutting down. But it just froze again, and I had to hard close once more. But on rer-boot, We got a log this time,were it hasn't produst one ( appart from when I pressed scan and not fix lol ) So I hope it is of some use to You. Good luck Mate, thanks again. .................... All processes killed ========== OTL ========== Error: No service named HidServ was found to stop! Service\Driver key HidServ not found. File %SystemRoot%\System32\hidserv.dll File not found not found. Error: No service named AppMgmt was found to stop! Service\Driver key AppMgmt not found. File %SystemRoot%\System32\appmgmts.dll File not found not found. Error: No service named WDICA was found to stop! Service\Driver key WDICA not found. File File not found not found. Error: No service named wanatw was found to stop! Service\Driver key wanatw not found. File system32\DRIVERS\wanatw4.sys File not found not found. Error: No service named PDRFRAME was found to stop! Service\Driver key PDRFRAME not found. File File not found not found. Error: No service named PDRELI was found to stop! Service\Driver key PDRELI not found. File File not found not found. Error: No service named PDFRAME was found to stop! Service\Driver key PDFRAME not found. File File not found not found. Error: No service named PDCOMP was found to stop! Service\Driver key PDCOMP not found. File File not found not found. Error: No service named PCIDump was found to stop! Service\Driver key PCIDump not found. File File not found not found. Error: No service named lbrtfdc was found to stop! Service\Driver key lbrtfdc not found. File File not found not found. Error: No service named k750obex was found to stop! Service\Driver key k750obex not found. File system32\DRIVERS\k750obex.sys File not found not found. Error: No service named k750mgmt was found to stop! Service\Driver key k750mgmt not found. File system32\DRIVERS\k750mgmt.sys File not found not found. Error: No service named k750mdm was found to stop! Service\Driver key k750mdm not found. File system32\DRIVERS\k750mdm.sys File not found not found. Error: No service named k750mdfl was found to stop! Service\Driver key k750mdfl not found. File system32\DRIVERS\k750mdfl.sys File not found not found. Error: No service named k750bus was found to stop! Service\Driver key k750bus not found. File system32\DRIVERS\k750bus.sys File not found not found. Error: No service named Changer was found to stop! Service\Driver key Changer not found. File File not found not found. Error: No service named catchme was found to stop! Service\Driver key catchme not found. File C:\DOCUME~1\wayne\LOCALS~1\Temp\catchme.sys File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found. Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. Starting removal of ActiveX control {5ED80217-570B-4DA9-BF44-BE107C0EC166} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\ not found. Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. C:\Documents and Settings\All Users\Application Data\AVAST Software\Persistent Data\Avast\Logs folder moved successfully. C:\Documents and Settings\All Users\Application Data\AVAST Software\Persistent Data\Avast folder moved successfully. C:\Documents and Settings\All Users\Application Data\AVAST Software\Persistent Data folder moved successfully. C:\Documents and Settings\All Users\Application Data\AVAST Software folder moved successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\the boss\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\the boss\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Administrator.FRONTROOM ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32835 bytes ->Flash cache emptied: 506 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: the boss ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 458819 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 998 bytes User: wayne ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 103073 bytes ->FireFox cache emptied: 64622278 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 1887682 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 64.00 mb File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot. Error: Unble to create default HOSTS file! OTL by OldTimer - Version 3.2.69.0 log created on 01142014_020154 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Quote
pitfall Posted January 14, 2014 Author Posted January 14, 2014 Sorry about putting this here, but just to let You know. I keep My patch tuesday turned to manual. I check them today and this was offered. I haven't updated them yet till You say I should ? http://support.microsoft.com/kb/2798897 Cheers :confused: Quote
Starbuck Posted January 14, 2014 Posted January 14, 2014 Hi Pitfall Although there were earlier problems with the Otl fix, it seems from the report that most of the previous runs had actually removed some of the items. I didn't turn My anti virus off this time ? I run Your codes, and We got as far as the " re-start computer, so I clicked on it, and a notice from micro popped up saying something about having to send an error report in and avira needs to shut down the comp. Seems that the fix didn't close all of Avira down (which it should have done) and Avira thought there was a problem. I keep My patch tuesday turned to manual. I check them today and this was offered. Yes M$ have released a security patch today to fix an "important" vulnerability in XP. It's worth installing it. Now the system has had time to settle down.... how is it running? Quote Member of:UNITE
pitfall Posted January 14, 2014 Author Posted January 14, 2014 Good Evening Starbuck. The old laptop runs pretty well,appart from always saying " virtual memory is low " but that can be expected for it's years and not enough ram. But it's life will probably be over soon anyway come april. I done the MS updates, but it had changed from the one I posted here. there are two now . Do You think We need to do anymore work before You lock up? PS. I want to use Firefox again, but it was a bit buggy. they said their not doing a new update this time around ? google is to bloated for XP and I don't like using IE. Is it worth putting F/F back for now ? Thanks for all the help Quote
KenB Posted January 15, 2014 Posted January 15, 2014 Just poking my nose in here ..... :) always saying " virtual memory is low This was posted earlier... 989.48 Mb Total Physical Memory | 642.39 Mb Available Physical Memory | 64.92% Memory free 1.21 Gb Paging File | 0.75 Gb Available in Paging File | 62.24% Paging File free This doesn't look too bad at all. Do you know if the Virtual Memory is "System Managed" The 1GB RAM that you have is ample for XP. Check that the V-M is system managed. [copied this - quicker than typing] Control Panel > System > Advanced ..... click Settings in the “Performance” Section. On the Advanced page of the result, the current total physical size of all page files that may be in existence is shown. Click Change to make settings for the Virtual memory operation. Here you can select any drive partition and set either ‘Custom’; ‘System Managed’ or ‘No page file’ Click on "Set". Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
pitfall Posted January 15, 2014 Author Posted January 15, 2014 (edited) Thanks Ken, I applied Your idea, and will let You know how it goes. I did try and turn it back, to make sure I could do it :rolleyes: But I would have to put a number in lol If This doesn't fix it, You can find Me a number to put back in lol Cheers ;) PS. I went ahead and put Firefox in, it's much faster than IE, I just wish they would update it. Edited January 15, 2014 by pitfall Quote
Starbuck Posted January 15, 2014 Posted January 15, 2014 (edited) Thanks for adding that Ken. :) I went ahead and put Firefox in, it's much faster than IE, I just wish they would update it. Not sure what you mean by ...'update it'. If you mean Firefox, it is always being updated. Do you have the menu bar showing at the top? http://img.photobucket.com/albums/v708/starbuck50/ff_zps50dcc8d9.png If not, right click in a blank area of the browser header and select 'Menu Bar'. Now click on the Help tab >> About Firefox is it showing that the version installed is 26.0 If so, this is the latest version. If you mean IE. I'm afraid you are stuck with IE8 as you are running XP. M$ don't support XP with any later versions. Edited January 15, 2014 by Starbuck Quote Member of:UNITE
pitfall Posted January 15, 2014 Author Posted January 15, 2014 Sorry about that Starbuck, I didn't explain it very well did I :(. Before I deleted firefox, and slimmed things down, while we fixed My lappy up. F/F was a bit buggy. I read somewhere that. "Mozilla backpedals on Firefox release schedule, in favour of a holiday break" and I thought That was the cause of the bugginess. As IE I was taking forever to load up or open a new page or tab? so I went back to F/F and it's loading very fast now? Probably due to the work done on My lappy here. can You tell Me if any of these progs are needed or not, or the settings changing. Thanks Peeps :) http://i464.photobucket.com/albums/rr8/stevo__2009/Firefoxsettings_zps281e3725.jpg http://i464.photobucket.com/albums/rr8/stevo__2009/firefoxsettings1_zps8e2e7129.jpg Quote
Starbuck Posted January 15, 2014 Posted January 15, 2014 can You tell Me if any of these progs are needed or not, or the settings changing You can leave them as they are. Windows Presentation Foundation I got told to turn this off. Yes, that's right. It was sneakily added during a Windows Update.... but actually caused a vunerability within Firefox. Microsoft .NET Framework Assistant. Should i keep this disabled. Yes, keep it disabled for the same reason as Windows Presentation Foundation. As the system is running well now, we can finish off the cleaning process. Step 1 Restart MBAM. (if installed) Click on the Quarantine tab http://img.photobucket.com/albums/v708/starbuck50/malwqua_zps3f437f52.png If there are items in quarantine..... Make sure everything is selected and then click Delete All. Close MBAM. Step 2 Double click on AdwCleaner.exe to run the tool again. Click on the Uninstall button. Click Yes when asked are you sure you want to uninstall. Both AdwCleaner.exe, its folder and all logs will be removed. JRT can now be removed also. Step 3 Please double-click OTL to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will cleanup an assortment of tools used during malware removal, plus itself Note: MBAM will not be removed if installed. Step 4 Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools may not be able to access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: Go to Start > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then go to Start > Run and type: Cleanmgr Click "OK". Select the drive for cleaning then click OK (usually 'C' drive) Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. To find out how you may have been infected....read this topic: How did i get infected? Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software Only install one AntiVirus program Update your AntiVirus Software regularly Use a Firewall Only install one software Firewall Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. Use an alternative browser to Internet Explorer: Some excellent alternatives to MS Internet Explorer are: Firefox For added security, add the NoScript extension to this browser: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks also consider adding: WOT - Safe Browsing Tool Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web. Btw: you don't have to make a contribution. Opera They offer better security, more stability, and better speed. Keep a backup of your registry Keeping a regular backup of your registry will help when something goes wrong. Use a program like: Erunt A full tutorial on how to set up and use Erunt can be found here: Erunt tutorial Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: TFC by OldTimer ATF Cleaner Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windowsupdate regularly. Alternatively, turn on the Automatic Updates. Peer to Peer programs Don't be tempted to use Peer to Peer programs. Many of the downloads are bundled with malware. Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
pitfall Posted January 15, 2014 Author Posted January 15, 2014 Thanks for all the help and giving Your time Starbuck I'm just going to make a new start point now, I've done the rest. ............. KenB, I haven't seen the warning pop up about virtual memory yet, so that looks good :) Quote
KenB Posted January 15, 2014 Posted January 15, 2014 I haven't seen the warning pop up about virtual memory yet, so that looks good Here's hoping :) Things are looking good - Starbuck's not bad is he :) [ don't tell him I said that !! ] Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
pitfall Posted January 15, 2014 Author Posted January 15, 2014 Yeah, Job well done :) I'm not looking forward to April, when Micro pulls the plug on the old XP :rolleyes: Quote
Starbuck Posted January 16, 2014 Posted January 16, 2014 [ don't tell him I said that !! ] I'm all ears I'm not looking forward to April, when Micro pulls the plug on the old XP Although M$ will stop all windows updates for XP in April.... Avira will still provide support until April 2015. So you'll still get another 12 months out of Avira if you wish. Avira - Support will end on April 8, 2015 Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.