browser problems

etavares · May 15, 2011

@RandyL - good question. Once we got rid of the malware/adware, that's next on my list.

Hi odb- To attach a file, please click reply then Go Advanced underneath the reply window. In the windo that pops up, in the bar, there is an icon of a paperclip and a paper in the first row of icons to the right of the Font option. Click that and an upload manager will open and you can attach the screenshot.

You can also temporarily stop the Norton Firewall. I'm not sure what version you have from the logs, but the instructions should be similar:

1. Open Norton Firewall

2. Click Status & Settings

3. Click Security

4. Click turn off

Then, try to load a Yahoo!. If that doesn't work, turn off the antivirus and try again. Regardless of how that turns off, immediately reenable your antivirus and let me know how it went.

Edited May 15, 2011 by etavares

odb · May 15, 2011

did try to turn norton off but still does not work.

pls see attachment

When trying to see my inbox.doc

etavares · May 15, 2011

Hi odb,

Thanks for the attachment. That's helpful. Are you using any type of Script blocker (Adblock, No Script, etc.)?

Please follow these Yahoo Mail troubleshooters one at a time in the order shown. Let me know if they help. If you do update the flash player, please reboot before trying Yahoo mail again.

Enable JavaScript

Clear your cache

Update flash player

Next, let's get one final virus check:

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
3. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

[*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

[*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.

[*]Accept any security warnings from your browser.

[*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

[*]Push the Start button.

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

[*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.

[*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

odb · May 16, 2011

thank you for your help on this etavares. will follow the instructions when i get home. i did try to download the scan but nothing was happening. maybe i will switch to IE to see if i can run the scan.

also i tried a system restore and it did not work either !

odb · May 16, 2011

tired the troubleshooting steps bit nothing happened. still the same. tried downloading the ESET scan but cannot download nothing happens. used IE, firefox and chrome

what is this ccpxysvc.exe? keeps using all the cpu memory

etavares · May 16, 2011

also i tried a system restore and it did not work either !

When did you try that and when did you roll back to? That likely undid some of our previous work as well and could have reset several entries. Please don't do anything unless instructed...we'll end up working against each other. If you have any ideas, please let's talk them first. Can you please run an OTL quick scan and post the resulting log? Please make sure to select Use SafeList in the Extra Registry section before you push the Run Scan button. Please post both logs.

That file is related to Norton's firewall. I do think something is screwed up with it. Are you willing to change to a different security provider? I'd like to uninstall Norton (it's not as simple as an uninstall via Add/Remove Programs) and install a different free antivirus to start and enable the Windows Firewall to start. Norton may be the root cause here, or it could be a virus we haven't detected yet. We'll do the simple solution first if you're ok with it.

Here's the reference to that file:

http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-ff&search=ccpxysvc.exe

odb · May 17, 2011

When did you try that and when did you roll back to? That likely undid some of our previous work as well and could have reset several entries. Please don't do anything unless instructed...we'll end up working against each other. If you have any ideas, please let's talk them first. Can you please run an OTL quick scan and post the resulting log? Please make sure to select Use SafeList in the Extra Registry section before you push the Run Scan button. Please post both logs.

That file is related to Norton's firewall. I do think something is screwed up with it. Are you willing to change to a different security provider? I'd like to uninstall Norton (it's not as simple as an uninstall via Add/Remove Programs) and install a different free antivirus to start and enable the Windows Firewall to start. Norton may be the root cause here, or it could be a virus we haven't detected yet. We'll do the simple solution first if you're ok with it.

Here's the reference to that file:
http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-ff&search=ccpxysvc.exe

i tried to revert back to the 11 April.

i will run the scan again this evening when i get back home. i am willing o change to a different security provider with the windows firewall. can we use a free one?

odb · May 17, 2011

1st log for the quick scan:

OTL logfile created on: 17/05/2011 20:52:38 - Run 3

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 245.00 Mb Available Physical Memory | 48.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.60 Gb Total Space | 34.58 Gb Free Space | 48.29% Space Free | Partition Type: NTFS

Drive D: | 4.71 Gb Total Space | 1.17 Gb Free Space | 24.72% Space Free | Partition Type: FAT32

Computer Name: YOUR-Q7FWQX3NCP | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 15:15:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe

PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

PRC - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

PRC - [2002/11/15 10:41:26 | 000,116,336 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\Navapsvc.exe

PRC - [2002/11/15 10:29:06 | 000,054,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2002/11/14 19:31:24 | 000,140,992 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Personal Firewall\NISUM.EXE

PRC - [2002/11/14 19:30:06 | 000,034,496 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Personal Firewall\ccPxySvc.exe

PRC - [2002/11/14 07:44:02 | 000,317,128 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

========== Modules (SafeList) ==========

MOD - [2011/05/14 15:15:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe

MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/05/16 22:07:29 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)

SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)

SRV - [2002/11/15 10:41:26 | 000,116,336 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Norton AntiVirus\Navapsvc.exe -- (navapsvc)

SRV - [2002/11/15 10:30:02 | 000,100,032 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2002/11/14 19:31:24 | 000,140,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Personal Firewall\NISUM.EXE -- (NISUM)

SRV - [2002/11/14 19:30:06 | 000,034,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Personal Firewall\ccPxySvc.exe -- (ccPxySvc)

SRV - [2002/11/14 07:44:02 | 000,317,128 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

========== Driver Services (SafeList) ==========

DRV - [2010/07/21 09:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/07/21 09:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVENG.SYS -- (NAVENG)

DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/08/04 06:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)

DRV - [2003/12/08 12:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)

DRV - [2003/12/08 12:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)

DRV - [2003/09/18 13:47:56 | 000,035,552 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SAVRTPEL.SYS -- (SAVRTPEL)

DRV - [2003/09/18 13:47:48 | 000,235,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SAVRT.SYS -- (SAVRT)

DRV - [2003/03/01 14:38:56 | 000,576,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2003/02/27 03:19:50 | 000,260,736 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2002/12/27 19:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)

DRV - [2002/12/25 06:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)

DRV - [2002/11/14 07:46:50 | 000,073,480 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2002/11/07 13:07:14 | 000,233,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)

DRV - [2002/11/07 13:07:10 | 000,015,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)

DRV - [2002/11/07 13:06:58 | 000,094,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIDSCo.sys -- (SYMIDSCO)

DRV - [2002/11/07 13:06:54 | 000,039,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)

DRV - [2002/11/07 13:06:48 | 000,050,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)

DRV - [2002/11/07 13:06:42 | 000,138,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)

DRV - [2002/11/07 13:06:38 | 000,011,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)

DRV - [2002/10/01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2002/09/07 02:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)

DRV - [2002/07/11 14:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2001/08/18 03:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

DRV - [2001/06/04 22:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/07/29 23:39:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 19:21:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/17 20:48:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/07/29 23:39:06 | 000,000,000 | ---D | M]

[2011/03/27 11:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2011/05/17 20:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/05/17 20:49:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

File not found (No name found) --

[2010/07/11 23:17:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/08/08 21:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/04/29 19:20:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/09 00:38:42 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)

O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [ccRegVfy] c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe (Symantec Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275863542500 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/01/02 09:43:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 21:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 20:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/05/16 22:12:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/05/14 21:02:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/05/14 21:02:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/05/14 21:02:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/05/14 21:02:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/05/14 21:01:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/05/14 21:00:31 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/05/12 23:52:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent

[2011/05/12 23:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner

[2011/05/12 23:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware

[2011/05/09 00:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2011/05/04 21:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/17 20:33:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/17 20:12:15 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3771520934-3417903565-3085154701-1003UA.job

[2011/05/17 19:49:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/05/17 19:28:50 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/17 19:28:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/17 19:28:40 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/16 00:12:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/16 00:11:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3771520934-3417903565-3085154701-1003Core.job

[2011/05/15 13:25:46 | 004,348,448 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\etavaresCF.exe

[2011/05/14 20:12:53 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk

[2011/05/14 20:12:53 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/05/14 18:08:57 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/14 15:46:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat

[2011/05/14 15:44:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable

[2011/05/09 20:42:11 | 000,026,415 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hejazi.jpg

[2011/05/09 00:38:42 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/04/29 22:58:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/04/29 20:01:03 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job

[2011/04/24 02:01:12 | 000,333,332 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Project1.png

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/14 21:02:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/05/14 21:02:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/05/14 21:02:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/05/14 21:02:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/05/14 21:02:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/05/14 20:58:17 | 004,348,448 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\etavaresCF.exe

[2011/05/14 15:46:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat

[2011/05/14 15:44:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable

[2011/05/09 20:42:19 | 000,026,415 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hejazi.jpg

[2011/04/24 02:01:11 | 000,333,332 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Project1.png

[2011/01/30 18:50:52 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll

[2010/11/01 22:42:46 | 000,047,836 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/09/04 03:04:15 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/06 22:56:24 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2010/08/06 22:56:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2010/08/06 22:56:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2010/08/06 22:56:24 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2010/08/06 22:56:24 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2010/08/06 22:56:24 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2010/08/06 22:56:24 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2010/08/06 22:56:24 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2010/08/06 22:56:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2010/08/06 22:56:24 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2010/08/06 22:56:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2010/08/06 22:56:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2010/08/06 22:56:24 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2010/08/06 22:56:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2010/08/06 22:56:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2010/08/06 22:56:24 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2010/08/06 22:56:24 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2010/08/06 22:56:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2010/08/06 22:56:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2010/06/12 21:14:35 | 000,057,344 | ---- | C] () -- C:\WINDOWS\WNMHINDR.EXE

[2010/06/12 21:14:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NMH040A.DLL

[2010/06/12 14:02:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/06/07 00:19:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2010/06/06 23:38:11 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{D3BB659E-119D-49C0-AF14-6126292918E1}.dat

[2010/06/06 23:38:11 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{C7C32029-BF24-4C40-BAC0-E79142AD897F}.dat

[2010/06/06 23:21:31 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2003/03/20 00:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2003/01/02 16:32:39 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/01/02 16:32:13 | 000,434,138 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2003/01/02 16:32:13 | 000,068,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2003/01/02 16:31:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2003/01/02 12:53:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/01/02 12:53:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll

[2003/01/02 12:41:28 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{FB87616A-9CEE-411F-8EC4-E9C6E419DF82}.dat

[2003/01/02 12:41:28 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{E71BF92A-8764-401B-8F93-576AD165DB73}.dat

[2003/01/02 12:41:22 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SR2.dat

[2003/01/02 10:38:33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll

[2003/01/02 10:38:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2003/01/02 10:22:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003/01/02 10:16:05 | 000,184,405 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe

[2003/01/02 10:12:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin

[2003/01/02 10:12:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin

[2003/01/02 10:02:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2003/01/02 09:53:19 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2003/01/02 09:53:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2003/01/02 09:53:03 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2003/01/02 09:47:22 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/01/02 09:45:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2003/01/02 09:41:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2003/01/02 09:36:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003/01/02 09:35:36 | 000,259,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2003/01/02 02:43:25 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini

[2003/01/02 02:43:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

[2003/01/01 10:26:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003/01/01 09:42:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2003/01/01 09:42:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2003/01/01 09:41:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003/01/01 09:13:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2003/01/01 09:13:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2003/01/01 09:13:05 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003/01/01 09:12:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003/01/01 09:12:52 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2002/05/24 16:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll

[2002/05/24 16:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

========== LOP Check ==========

[2010/06/28 20:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2010/07/29 23:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache

[2010/08/06 23:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic

[2010/06/28 20:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2011/02/19 14:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

[2011/05/04 23:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2011/01/21 00:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!

[2010/10/09 00:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/10/09 00:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DC++

[2011/05/09 00:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2003/01/02 10:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust

[2010/12/05 20:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo

[2010/07/29 23:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia

[2010/07/30 00:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite

[2003/01/02 10:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2011/03/26 18:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Serif

[2010/08/07 22:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue

[2011/05/17 19:49:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 364 bytes -> C:\Documents and Settings\Owner\Desktop\Vietnam 009.Spp:�SummaryInformation

< End of report >

odb · May 17, 2011

2nd log extra registry:

OTL Extras logfile created on: 17/05/2011 21:19:28 - Run 3

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 146.00 Mb Available Physical Memory | 29.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.60 Gb Total Space | 34.60 Gb Free Space | 48.33% Space Free | Partition Type: NTFS

Drive D: | 4.71 Gb Total Space | 1.17 Gb Free Space | 24.72% Space Free | Partition Type: FAT32

Computer Name: YOUR-Q7FWQX3NCP | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1051:TCP" = 1051:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (http://www.sopcast.com)

"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (http://www.sopcast.com)

"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()

"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01A2E33A-8ADA-42D1-9173-8F65149E952F}" = Microsoft Money

"{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}" = Microsoft Money System Pack

"{035A0014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard - WE 2003

"{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = easy Internet sign-up

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform

"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update

"{15BFECE8-A100-4861-B92B-1EFF76683C23}" = Norton Personal Firewall

"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 25

"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution

"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp

"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes

"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{60E80B13-8649-4A69-85E2-1AE99E061F43}" = ShowBiz DVD

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0

"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word

"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite

"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002

"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer

"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0

"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A0765939-76F5-48D8-82B1-8D0BBFAD0702}" = Serif PhotoPlus Starter Edition

"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{EDCD4CE3-DE92-49A9-87F9-FE09B2FBA16C}" = Norton AntiVirus 2003

"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version

"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver

"{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}" = Microsoft AutoRoute 2002

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)

"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Akamai" = Akamai NetSession Interface

"ATI Display Driver" = ATI Display Driver

"CCleaner" = CCleaner

"DC++" = DC++ 0.770

"DivX Setup.divx.com" = DivX Setup

"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)

"ie8" = Windows Internet Explorer 8

"InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = easy Internet sign-up

"LiveReg" = LiveReg (Symantec Corporation)

"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705

"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)

"Nokia Ovi Suite" = Nokia Ovi Suite

"Nokia PC Suite" = Nokia PC Suite

"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers

"PokerStars" = PokerStars

"PS2" = PS2

"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions

"Python 2.2.1" = Python 2.2.1

"S3Display" = S3Display

"S3Gamma2" = S3Gamma2

"S3Info2" = S3Info2

"S3Overlay" = S3Overlay

"Shockwave" = Shockwave

"ShowShifter" = ShowShifter

"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver

"SopCast" = SopCast 3.2.9

"Veetle TV" = Veetle TV 0.9.18

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"Works2003Setup" = Microsoft Works 2003 Setup Launcher

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 14/05/2011 17:11:57 | Computer Name = YOUR-Q7FWQX3NCP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 14/05/2011 17:11:57 | Computer Name = YOUR-Q7FWQX3NCP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 585234

Error - 14/05/2011 17:11:57 | Computer Name = YOUR-Q7FWQX3NCP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 585234

Error - 14/05/2011 17:15:20 | Computer Name = YOUR-Q7FWQX3NCP | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 14/05/2011 17:37:27 | Computer Name = YOUR-Q7FWQX3NCP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 14/05/2011 17:37:27 | Computer Name = YOUR-Q7FWQX3NCP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2062

Error - 14/05/2011 17:37:27 | Computer Name = YOUR-Q7FWQX3NCP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2062

Error - 17/05/2011 16:16:10 | Computer Name = YOUR-Q7FWQX3NCP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17/05/2011 16:16:10 | Computer Name = YOUR-Q7FWQX3NCP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2078

Error - 17/05/2011 16:16:10 | Computer Name = YOUR-Q7FWQX3NCP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2078

[ System Events ]

Error - 08/05/2011 10:59:49 | Computer Name = YOUR-Q7FWQX3NCP | Source = Service Control Manager | ID = 7034

Description = The Symantec Proxy Service service terminated unexpectedly. It has

done this 1 time(s).

Error - 08/05/2011 11:07:48 | Computer Name = YOUR-Q7FWQX3NCP | Source = Service Control Manager | ID = 7034

Description = The Symantec Proxy Service service terminated unexpectedly. It has

done this 1 time(s).

Error - 11/05/2011 16:01:30 | Computer Name = YOUR-Q7FWQX3NCP | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x800706be: Windows Malicious Software Removal Tool - May 2011 (KB890830).

Error - 11/05/2011 18:38:18 | Computer Name = YOUR-Q7FWQX3NCP | Source = Service Control Manager | ID = 7034

Description = The Symantec Proxy Service service terminated unexpectedly. It has

done this 1 time(s).

Error - 12/05/2011 18:50:06 | Computer Name = YOUR-Q7FWQX3NCP | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 192.168.2.3

with the system having network hardware address 00:23:4D:E4:95:FA. Network operations

on this system may be disrupted as a result.

Error - 12/05/2011 18:50:09 | Computer Name = YOUR-Q7FWQX3NCP | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 192.168.2.3

with the system having network hardware address 00:23:4D:E4:95:FA. Network operations

on this system may be disrupted as a result.

Error - 12/05/2011 18:50:09 | Computer Name = YOUR-Q7FWQX3NCP | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 192.168.2.3

with the system having network hardware address 00:23:4D:E4:95:FA. Network operations

on this system may be disrupted as a result.

Error - 12/05/2011 18:50:10 | Computer Name = YOUR-Q7FWQX3NCP | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 192.168.2.3

with the system having network hardware address 00:23:4D:E4:95:FA. Network operations

on this system may be disrupted as a result.

Error - 12/05/2011 18:50:10 | Computer Name = YOUR-Q7FWQX3NCP | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 192.168.2.3

with the system having network hardware address 00:23:4D:E4:95:FA. Network operations

on this system may be disrupted as a result.

Error - 12/05/2011 18:50:14 | Computer Name = YOUR-Q7FWQX3NCP | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 192.168.2.3

with the system having network hardware address 00:23:4D:E4:95:FA. Network operations

on this system may be disrupted as a result.

< End of report >

OTL logfile created on: 17/05/2011 21:19:28 - Run 3