Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Unwanted pop-ups

Started by bluetown , Feb 10 2011 10:06 AM

This topic is locked

#1
bluetown

Posted 10 February 2011 - 10:06 AM

Member

Member
80 posts

Hello Geekstogo,

I originally posted here http://www.geekstogo...295401-pop-ups/

As you can see I am getting a lot of pop up windows even with my pop up blocker on.

I also ran Belarc Advisor and got this message,

"These required security hotfixes (using the 01/11/2011 Microsoft Security Bulletin Summary) were not found installed. Note: CIS benchmarks require that Critical and Important severity security hotfixes must be installed."

There was a list of 20 hotfixes that are either critical or important.

When I click "Click here to see all available Microsoft security hotfixes for this computer."
I am taken to http://www.microsoft...rvicepackid=570

When I click "want less technical detail it takes me here
http://windows.micro.../windows-update but when I click the check your settings button the page wont load, I have tried over and over.

When I click start, all programs, windows update, the page wont load, internet explorer cannot display the website. All other website open.

This webpage will not open for me http://update.micros...icrosoftupdate/

In control panel automatic updates are set to "on".
Control panel, Security, firewall, automatic updates and virus protection are all set to "on".

Apart from that I am not getting any error messages or infection names.

I downloaded and ran OTL, I did not see how I was to fix the problem so I will post below the OTL.Txt and Extras.Txt

OTL logfile created on: 10/02/2011 14:58:24 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\onlyone\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,007.00 Mb Total Physical Memory | 504.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 137.84 Gb Free Space | 92.48% Space Free | Partition Type: NTFS

Computer Name: WINDOWS | User Name: onlyone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2011/02/10 14:58:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\onlyone\Desktop\OTL.exe
PRC - [2010/11/25 09:45:45 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/25 09:42:46 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/05 14:40:58 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 08:00:21 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 07:59:59 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 07:59:19 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe
PRC - [2003/09/11 03:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0F2.EXE
PRC - [2002/10/18 19:40:44 | 000,020,480 | ---- | M] (松下電器産業株式会社) -- C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe
PRC - [2001/08/07 13:27:44 | 000,049,152 | ---- | M] ( Matsushita Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\sdpasvc.exe
PRC - [1997/04/09 21:04:50 | 000,050,176 | ---- | M] () -- C:\WINDOWS\system32\CRYPSERV.EXE

========== Modules (SafeList) ==========

MOD - [2011/02/10 14:58:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\onlyone\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/07/17 07:59:59 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2002/10/18 19:40:44 | 000,020,480 | ---- | M] (松下電器産業株式会社) [Auto | Running] -- C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe -- (SDJB Manager)
SRV - [2001/08/07 13:27:44 | 000,049,152 | ---- | M] ( Matsushita Electric Industrial Co.,Ltd.) [Auto | Running] -- C:\WINDOWS\System32\sdpasvc.exe -- (SDPASVC)
SRV - [1997/04/09 21:04:50 | 000,050,176 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\CRYPSERV.EXE -- (Crypkey License)

========== Driver Services (SafeList) ==========

DRV - [2010/07/17 08:00:32 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 07:59:33 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 08:38:19 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/09/10 07:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 22:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/06/22 06:17:04 | 000,018,004 | R--- | M] (Silan Micro-Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slnt.sys -- (slnt)
DRV - [2002/11/01 17:43:32 | 000,093,450 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM302.sys -- (ZSMC302)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 12:50:46 | 000,101,760 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sis300ip.sys -- (SiS300i)
DRV - [2001/08/17 12:20:16 | 000,297,728 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97sis.sys -- (SiS7018) Service for AC'97 Sample Driver (WDM)
DRV - [1997/04/09 20:31:22 | 000,020,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.exrx.net/.../Directory.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKCU..\Run: [XBV6RD5SZF] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C0B8E968-6A2B-4825-8029-A92874CA6BD5} http://vivfilms.vivi...player_ocx.jpeg (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.65,93.188.161.205
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\onlyone\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\onlyone\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/19 16:50:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 360 Days ==========

[2011/02/10 14:57:56 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\onlyone\Desktop\OTL.exe
[2011/01/28 11:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Settings\onlyone\Desktop\slsb4setup.exe
[2011/01/21 18:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\onlyone\Local Settings\Application Data\Temp
[2011/01/21 14:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/01/21 14:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/01/21 14:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\onlyone\Local Settings\Application Data\Google
[2011/01/21 14:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/01/21 14:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/01/21 14:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/01/12 23:53:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\onlyone\Recent
[2011/01/05 18:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\onlyone\Application Data\Paltalk
[2011/01/05 17:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\onlyone\My Documents\Webcasts
[2011/01/05 17:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\onlyone\.webrenderer
[2010/12/19 14:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\GameTop.com
[2010/12/15 09:13:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/12/15 09:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/15 09:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/15 09:10:45 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/15 09:10:44 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/15 09:10:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/15 09:10:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/15 09:10:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/15 09:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/15 09:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\onlyone\Application Data\Sun
[2010/12/15 09:06:48 | 000,883,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\onlyone\Desktop\JavaSetup6u23.exe
[2010/12/12 14:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Data\Mozilla
[2010/10/04 12:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\onlyone\Application Data\Mozilla
[2010/10/04 12:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(2)
[2010/07/17 08:00:20 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/14 20:02:21 | 000,000,000 | ---D | C] -- C:\4c673c042fa68cb70f9d4245d6
[2010/04/22 08:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\PC CAM 300A
[2010/04/22 08:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ PC CAM 300A
[2010/04/22 08:31:01 | 000,022,571 | ---- | C] (Walter Oney Software) -- C:\WINDOWS\System32\drivers\UsbMicfilt.sys
[2010/04/22 08:30:11 | 000,147,527 | ---- | C] (VM) -- C:\WINDOWS\System32\VM302Prp.Ax
[2010/04/22 08:30:11 | 000,093,450 | ---- | C] (VM) -- C:\WINDOWS\System32\drivers\usbVM302.sys
[2010/04/22 08:30:11 | 000,061,440 | ---- | C] (VM) -- C:\WINDOWS\System32\VM302STI.dll
[2010/04/20 05:30:08 | 000,285,696 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010/03/06 08:25:05 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/06 08:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free 9.0
[2010/03/06 08:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/06 08:05:40 | 000,891,208 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\onlyone\Desktop\avg_free_stb_en_9_40.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\onlyone\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\onlyone\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2011/02/10 15:04:00 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011/02/10 14:58:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\onlyone\Desktop\OTL.exe
[2011/02/10 14:48:43 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/10 14:46:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2011/02/10 14:44:32 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\fsbnb.job
[2011/02/10 14:44:32 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/10 14:44:32 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\16bbd98a.job
[2011/02/10 14:44:13 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/10 14:44:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/10 14:44:03 | 1056,493,568 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 14:44:03 | 000,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 09:39:22 | 000,002,068 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/10 08:34:10 | 071,008,679 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/02/06 16:03:49 | 000,001,325 | ---- | M] () -- C:\Documents and Settings\onlyone\My Documents\MTF
[2011/01/28 10:55:57 | 005,188,336 | ---- | M] (MetaQuotes Software Corp.) -- C:\Documents and Settings\onlyone\Desktop\slsb4setup.exe
[2011/01/22 11:11:09 | 003,281,529 | ---- | M] () -- C:\Documents and Settings\onlyone\Desktop\FMT.zip
[2011/01/04 20:09:37 | 000,005,947 | ---- | M] () -- C:\Documents and Settings\onlyone\My Documents\NLA2 snippets.rtf
[2010/12/15 09:09:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/15 09:09:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/15 09:09:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/15 09:09:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/15 09:09:39 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/15 09:06:50 | 000,883,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\onlyone\Desktop\JavaSetup6u23.exe
[2010/12/12 14:49:03 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\onlyone\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/12 14:31:47 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\onlyone\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/12/12 14:31:47 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/12/12 14:26:39 | 000,449,784 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\onlyone\My Documents\msgr8us.exe
[2010/12/07 14:03:14 | 000,417,792 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\onlyone\My Documents\msgr10uk.exe
[2010/11/14 17:27:32 | 000,001,956 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/01 09:07:00 | 000,312,378 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/01 09:07:00 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/04 12:22:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/08/18 08:18:24 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/08/05 18:28:56 | 001,135,080 | ---- | M] () -- C:\Documents and Settings\onlyone\My Documents\yahoomailuploader_0.5.exe
[2010/07/17 08:00:32 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/17 08:00:20 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/17 07:59:33 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/03 08:38:19 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/21 17:18:26 | 000,002,658 | ---- | M] () -- C:\Documents and Settings\onlyone\My Documents\Tesco fine.rtf
[2010/04/20 05:30:08 | 000,285,696 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010/04/20 05:30:08 | 000,285,696 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2010/03/31 18:38:31 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/03/29 19:34:58 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\onlyone\My Documents\XT600E specifications.rtf
[2010/03/06 08:24:59 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/03/06 08:24:57 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/06 08:24:50 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/03/06 08:05:48 | 000,891,208 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\onlyone\Desktop\avg_free_stb_en_9_40.exe
[2010/02/25 08:37:54 | 000,404,065 | ---- | M] () -- C:\Documents and Settings\onlyone\Desktop\dla rules.pdf
[2010/02/22 20:58:26 | 000,008,989 | ---- | M] () -- C:\Documents and Settings\onlyone\Desktop\MOT requirements 07.rtf
[2010/02/15 16:01:29 | 001,917,882 | ---- | M] () -- C:\Documents and Settings\onlyone\My Documents\eBike_Policy_Wording.pdf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\onlyone\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\onlyone\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/21 14:20:38 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/01/21 14:20:38 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk

[2010/12/12 14:31:47 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\onlyone\Application
[2010/11/14 17:27:32 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/04 12:22:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/27 23:57:04 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/25 13:35:10 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 13:35:01 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\fsbnb.job
[2010/08/18 08:18:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/15 18:55:07 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/15 18:52:30 | 000,000,284 | -H-- | C] () -- C:\WINDOWS\tasks\16bbd98a.job
[2010/05/21 16:32:07 | 000,002,658 | ---- | C] () -- C:\Documents and Settings\onlyone\My Documents\Tesco fine.rtf
[2010/04/22 08:31:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MKDSCSetting.exe
[2010/04/22 08:31:02 | 000,000,149 | ---- | C] () -- C:\WINDOWS\System32\InfoSetting.ini
[2010/04/22 08:30:11 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2010/04/19 16:25:09 | 517,011,864 | ---- | C] () -- C:\Documents and Settings\onlyone\My Documents\blowing.AVI
[
[2010/04/09 15:41:38 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\onlyone\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/29 19:34:58 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\onlyone\My Documents\XT600E specifications.rtf
[2010/03/06 08:24:59 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/25 08:37:54 | 000,404,065 | ---- | C] () -- C:\Documents and Settings\onlyone\Desktop\dla rules.pdf
[2010/02/22 20:58:26 | 000,008,989 | ---- | C] () -- C:\Documents and Settings\onlyone\Desktop\MOT requirements 07.rtf
[2010/01/28 21:55:36 | 000,000,342 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2009/06/10 15:40:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009/06/04 10:23:52 | 000,021,052 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/06/04 10:23:52 | 000,015,144 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/06/04 10:23:52 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/06/04 10:23:16 | 000,020,768 | ---- | C] () -- C:\WINDOWS\System32\CKLDRV.SYS
[2009/06/04 10:23:16 | 000,000,009 | ---- | C] () -- C:\WINDOWS\CRYPKEY.INI
[2009/05/27 12:09:21 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/05/20 12:14:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
[2009/05/20 10:27:31 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/05/19 17:32:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/07 07:14:59 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\HEMavcodec.dll
[2009/05/07 07:14:59 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\HEMmplayer.dll
[2007/03/20 15:44:02 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2004/08/04 12:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 12:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 12:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 12:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 12:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

< End of report >

OTL Extras logfile created on: 10/02/2011 14:58:24 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\onlyone\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,007.00 Mb Total Physical Memory | 504.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 137.84 Gb Free Space | 92.48% Space Free | Partition Type: NTFS

Computer Name: WINDOWS | User Name: onlyone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B59B9F-C360-11D7-875B-0090CC005647}" = PIF DESIGNER2.1
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{73C2BB36-ABE5-4E02-A043-E6C0F91A3E2C}" = PC VGA Camer@ Plus
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8629A6E3-E2B6-4EDC-8BBB-826EF9369E67}" = Hyper Electronics Mappers Utilities
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5C20A37-B367-11D6-AE16-00105A5D0C38}" = SD-JukeboxV3
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{D79C884A-462D-4BB3-ADA7-5C84EB598E21}" = SD-MovieStage
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG Free 9.0
"Belarc Advisor" = Belarc Advisor 7.2
"CCleaner" = CCleaner (remove only)
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR300 Reference Guide" = ESPR300 Reference Guide
"ESPR300 Software Guide" = ESPR300 Software Guide
"ESPR300 Standalone Guide" = ESPR300 Standalone Guide
"ie8" = Windows Internet Explorer 8
"InstallShield_{73C2BB36-ABE5-4E02-A043-E6C0F91A3E2C}" = PC VGA Camer@ Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PC CAM 300A" = PC CAM 300A
"PokerStars" = PokerStars
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/01/2011 04:51:31 | Computer Name = WINDOWS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x000ec345.

Error - 06/01/2011 14:08:24 | Computer Name = WINDOWS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/01/2011 09:18:21 | Computer Name = WINDOWS | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 21/01/2011 09:18:21 | Computer Name = WINDOWS | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 22/01/2011 15:27:45 | Computer Name = WINDOWS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 24/01/2011 04:04:15 | Computer Name = WINDOWS | Source = Application Hang | ID = 1002
Description = Hanging application terminal.exe, version 4.0.0.229, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 01/02/2011 12:46:07 | Computer Name = WINDOWS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module shell32.dll, version 6.0.2900.5622, fault address 0x00032c3d.

Error - 01/02/2011 12:46:18 | Computer Name = WINDOWS | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 01/02/2011 12:46:42 | Computer Name = WINDOWS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06/02/2011 11:31:27 | Computer Name = WINDOWS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 03/02/2011 15:19:54 | Computer Name = WINDOWS | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 04/02/2011 02:22:12 | Computer Name = WINDOWS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00E0208C33A0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 05/02/2011 04:53:17 | Computer Name = WINDOWS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00E0208C33A0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 05/02/2011 07:49:33 | Computer Name = WINDOWS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00E0208C33A0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 05/02/2011 12:01:56 | Computer Name = WINDOWS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00E0208C33A0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 05/02/2011 15:19:54 | Computer Name = WINDOWS | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 06/02/2011 04:03:01 | Computer Name = WINDOWS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00E0208C33A0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 07/02/2011 15:19:55 | Computer Name = WINDOWS | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 09/02/2011 14:05:01 | Computer Name = WINDOWS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00E0208C33A0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 09/02/2011 17:48:13 | Computer Name = WINDOWS | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

< End of report >

I will wait patiently and wont post again in this thread until one of you kind people has had a chance to review it.

Regards

#2
Render

Posted 10 February 2011 - 11:21 AM

Trusted Helper

Malware Removal
4,195 posts

Hi, bluetown! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

I am currently in training, so my replies will need to be quickly checked before I post them to you, so there may be a small delay in between.
Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

I'm sorry for the delay. I'm currently reviewing your logs.

#3
Render

Posted 10 February 2011 - 12:50 PM

Trusted Helper

Malware Removal
4,195 posts

Hi, bluetown

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2

We need to run an OTL Fix

Please reopen on your desktop.
Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the textbox.

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O4 - HKCU..\Run: [XBV6RD5SZF] File not found
O16 - DPF: {C0B8E968-6A2B-4825-8029-A92874CA6BD5} http://vivfilms.vivi...player_ocx.jpeg (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.65,93.188.161.205
[2011/02/10 15:04:00 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011/02/10 14:46:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2011/02/10 14:44:32 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\fsbnb.job
[2011/02/10 14:44:32 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/10 14:44:32 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\16bbd98a.job

:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 3

Posted Image

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Check the boxes beside LOP Check and Purity Check.

Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image

textbox.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:

TDSSKiller log
OTL fix log
OTL custom scan log

#4
bluetown

Posted 10 February 2011 - 01:50 PM

Member

Topic Starter
Member
80 posts

Thank-you for your quick reply Render.

I have had this unwanted pop up problem for many months now, thought it was something I would have to put up with until I found this website.

I do my online banking with this PC so I am extremely worried now after reading your post.

You did say that "We can still clean this machine but I can't guarantee that it will be 100% secure afterwards."

Would it be safer to reinstall the Windows XP home edition disc?
Is that what you mean by reformat?

#5
Render

Posted 10 February 2011 - 02:06 PM

Trusted Helper

Malware Removal
4,195 posts

Yes. If you're using this PC for on-line banking I recommend you to format all your disk partitions and then fresh Windows installation. Tell me how you will decide and I can assist you either way.

#6
bluetown

Posted 10 February 2011 - 02:18 PM

Member

Topic Starter
Member
80 posts

Thanks for the reply.

I would like to format all the partitions, I have no idea how to do this though.

I did read the 2 links your posted. It sounds quite complicated.

This is the only PC I have and I do not have access to another PC.

I do have the Windows XP disc here and understand I need to have it disconnected from the internet while I install and before connecting to the internet make sure all the service packs are installed and make sure in security center that the windows virus scan is on and running.

Editing to add that I wil not bother saving any documents as reading that link they might be infected.
I have nothing important on this PC so I will install any programmes if and when I need them.

Edited by bluetown, 10 February 2011 - 02:20 PM.

#7
Render

Posted 10 February 2011 - 02:42 PM

Trusted Helper

Malware Removal
4,195 posts

Editing to add that I wil not bother saving any documents as reading that link they might be infected.
I have nothing important on this PC so I will install any programmes if and when I need them.

OK. But if you have some personal certificates (for e-bank etc) I would strongly recommend you to export them and save them on removable media if you didn't already done so.

I will be back to you soon with formating advise. How many hard disks and how many partitions you have now?

#8
bluetown

Posted 10 February 2011 - 02:49 PM

Member

Topic Starter
Member
80 posts

I don't know how many hard disks I have, I assume 1.
Partitions, no idea. Not something I have been made aware of before.

I can tell this is going to be tough.

#9
Render

Posted 10 February 2011 - 03:02 PM

Trusted Helper

Malware Removal
4,195 posts

Aje. Now I'm feeling stupid.

In this PC you have one hard disk and one partition on it.

Well... I think that we can still successfully clean up your PC. But it's your decision.

#10
bluetown

Posted 10 February 2011 - 03:12 PM

Member

Topic Starter
Member
80 posts

Hi Render,

I am not sure I understood your last post.
Are you now saying we can clean it up successfully without formatting and reinstalling Windows?

Obviously that would be easier but you did type earleir "We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps."

I do want it to be secure because what you informed me about someone having access to my banking details had worried me.

#11
Render

Posted 10 February 2011 - 03:29 PM

Trusted Helper

Malware Removal
4,195 posts

Yes. You're right. Sorry for confusing you. Let's proceed with OS reinstall. Please follow the steps below. You should print these instructions because you will not be able to access the internet.

Change the BIOS boot order so the CD or DVD drive is listed first. Some computers are already configured this way but many are not.
If the CD or DVD drive is not first in the boot order, your PC will start "normally" (i.e. boot from your hard drive) without even looking at what might be in your disc drive.
Note: After setting your optical drive as the first boot device in BIOS, your computer will check that drive for a bootable CD or DVD each time your computer starts. Leaving your PC configured this way shouldn't cause problems unless you plan on leaving a disc in the drive all the time.
Insert your Windows XP installation disc into your CD drive (Home or Pro--it does not matter).
Now as you computer boots a little more it will say "Press any key to boot from CD.." press a key to do so.
The CD will load up a blue screen and then spend a while loading files it needs. When it is finished it will list a few options, mainly "Press ENTER to set up Windows XP." Press Enter or Return.
Now you will be at a screen to select where to install Windows to. This is where you can delete old partitions and format drives. The box in the bottom half of the screen shows all your drives and the partitions that exist on them. Use the Up and Down arrow keys to highlight your "C:" partition and press the 'D' key (if all that shows up is "Unpartitioned space" and you have no C: or D: partitions, skip this step). On the next screen press the 'L' key to finalize deleting the partition.
Now you are back on the screen to choose where to install Windows. The box on the lower half of the screen should no longer show a partition but simply have an entry "Unpartitioned space xxxxxMB." Select this with the arrow keys and press the 'C' key to create a partition on the drive. The next screen tells you the minimum and maximum sizes the partition can be and lets you pick the size. The default size is the maximum, but double check that the number entered is the maximum and hit enter.
Now you will again be back at the choose where to install Windows screen. But this time you will have a partition that looks something like this "C: Partition1 [New (Raw)]xxxxxxMB." Highlight this entry and press enter.
The next screen lets you choose which file system to format the drive with. Choose NTFS as it is faster and more secure. If the drive is brand new and has never been used before then use one of the options that ends in "(Quick)." Or, choose one of the lower down options. Use the arrow keys to select the proper one and press Enter or Return.
From here you are all set and the installation of Windows will proceed starting with a format of your drive. This will take a while (over half an hour) so you can take a little break.

#12
bluetown

Posted 10 February 2011 - 03:47 PM

Member

Topic Starter
Member
80 posts

You know my biggest fear is getting stuck in BIOS mode and not being able to use the PC again

Anyway I have printed out your instructions and will disconnect from the internet and try to follow your instructions.

In case I mess things back up and can't get it working I will thank-you now for the quick responses.

If I am successful I will make sure security centre is up and running and service packs installed before connecting up to the internet.

Regards.

#13
Render

Posted 10 February 2011 - 03:53 PM

Trusted Helper

Malware Removal
4,195 posts

Start with step 4 and you will see... Maybe is your BIOS already configured to boot from CD/DVD.

#14
bluetown

Posted 10 February 2011 - 04:14 PM

Member

Topic Starter
Member
80 posts

Hi Render,

I did get into BIOS mode (scary) and the 1st boot order was already set to the CDROM.

Sorry for this seemingly daft question, I was not sure if I needed to stay in Bios mode and insert the CD or can I just put the CD in now and restart my PC?