Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE8 Redirected

Started by Rickles , May 25 2011 03:15 AM

  • This topic is locked This topic is locked

#1
Rickles
Posted 25 May 2011 - 03:15 AM

Rickles

    Member

  • Member
  • PipPipPip
  • 629 posts
Hi,
It loks like many people the IE8 is redirecting links to other, but always different, websites.

For example, when I click on the link to a known and trusted website, Rodaways of WW1 I wind up going to http://www.tripadvis...u/Hotel_Review. Other times I get redirected to other sites.

I got confused following the opening instructions and I ran Malwarebytes' Anti-Malware first and got this log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6671

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25/05/2011 6:49:35 PM
mbam-log-2011-05-25 (18-49-35).txt

Scan type: Quick scan
Objects scanned: 143252
Time elapsed: 7 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\msisipl.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ipmontrk.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\WINDOWS\reggenieonuninstall.exe (Spyware.Passwords) -> Quarantined and deleted successfully.

Then I ran OTL:

OTL logfile created on: 25/05/2011 7:00:47 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads\My DAP Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1015.23 Mb Total Physical Memory | 313.23 Mb Available Physical Memory | 30.85% Memory free
2.38 Gb Paging File | 1.74 Gb Available in Paging File | 72.83% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 128.35 Gb Free Space | 92.17% Space Free | Partition Type: NTFS
Drive D: | 9.78 Gb Total Space | 6.29 Gb Free Space | 64.34% Space Free | Partition Type: NTFS

Computer Name: YOUR-4678038BAA | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\My Documents\Downloads\My DAP Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files\Acer Display\eDisplay Management\dthtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe (Clarus, Inc.)
PRC - C:\Program Files\Portrait Displays\Pivot Pro Plugin\Floater.exe ()
PRC - C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe ()
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe (Portrait Displays, Inc.)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files\Auslogics\Auslogics Disk Defrag\cdefrag.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Pantone\huey\hueyTray.exe (Pantone & GretagMacbeth)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I3F2.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\Wtablet\TabUserW.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Administrator\My Documents\Downloads\My DAP Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll (Symantec Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TabHook.dll (Wacom Technology, Corp.)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (SZASSIST) -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe (Clarus, Inc.)
SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110524.018\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110524.018\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110518.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (mvd22) -- C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys ()
DRV - (mdf16) -- C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys ()
DRV - (Pivot) -- C:\WINDOWS\system32\drivers\pivot.sys (Portrait Displays, Inc.)
DRV - (pivotmou) -- C:\WINDOWS\system32\drivers\pivotmou.sys (Portrait Displays, Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HSFHWBS3) -- C:\WINDOWS\system32\drivers\HSFHWBS3.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\incdrm.sys (Ahead Software AG)
DRV - (PenClass) -- C:\WINDOWS\system32\Drivers\penclass.sys (Wacom Technology Corporation)
DRV - (UdfReadr) -- C:\WINDOWS\System32\drivers\udfreadr.BAK (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tsnintern...m.au/index.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/05/11 14:57:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/05/10 18:03:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/04/14 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe ()
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe (Pantone & GretagMacbeth)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.22.163.41 202.22.163.43
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/26 01:04:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{597cf8c6-c14f-11df-b9b3-b2228a5d1292}\Shell - "" = AutoRun
O33 - MountPoints2\{597cf8c6-c14f-11df-b9b3-b2228a5d1292}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{597cf8c6-c14f-11df-b9b3-b2228a5d1292}\Shell\AutoRun\command - "" = H:\HPLauncher.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/25 18:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2011/05/25 18:39:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/25 18:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/25 18:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/25 18:39:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/25 18:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/24 22:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\TV
[2011/05/02 22:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DisplayTune
[2011/04/28 00:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\MyPublisher
[2011/04/27 15:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\MyPublisher
[2010/05/19 12:50:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/25 19:01:09 | 000,000,610 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
[2011/05/25 18:52:40 | 000,012,474 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2011/05/25 18:52:22 | 000,000,366 | -HS- | M] () -- C:\WINDOWS\tasks\Ohbbhkzi.job
[2011/05/25 18:52:22 | 000,000,334 | -HS- | M] () -- C:\WINDOWS\tasks\Ztoku.job
[2011/05/25 18:52:22 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\tasks\VUCOAAUJ.job
[2011/05/25 18:52:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/25 18:39:54 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 23:57:22 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/23 18:23:17 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/20 17:12:57 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2011/05/18 16:26:21 | 001,829,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/11 14:56:32 | 000,593,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/05/10 18:04:07 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/10 18:04:07 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/10 18:04:07 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/05/10 18:04:07 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/05/09 16:02:58 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/02 17:03:50 | 001,572,114 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2011/05/01 19:14:14 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\default.pls
[2011/04/29 13:29:05 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\isolate.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/25 18:39:54 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 23:57:22 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/23 23:42:40 | 000,000,366 | -HS- | C] () -- C:\WINDOWS\tasks\Ohbbhkzi.job
[2011/05/23 23:42:39 | 000,000,334 | -HS- | C] () -- C:\WINDOWS\tasks\Ztoku.job
[2011/05/23 23:42:39 | 000,000,326 | -HS- | C] () -- C:\WINDOWS\tasks\VUCOAAUJ.job
[2011/05/10 22:23:23 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/12 19:08:04 | 000,000,087 | ---- | C] () -- C:\WINDOWS\Efamtree.ini
[2011/04/10 15:47:40 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2011/04/08 16:33:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2011/04/01 14:53:48 | 000,007,432 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2011/03/19 18:08:44 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\˜113.›sys
[2011/03/11 16:56:59 | 000,000,048 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\tigersetting.dll
[2011/03/11 16:55:11 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\init.dll
[2011/03/11 16:55:11 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\SYSTEM32.dll
[2011/03/11 16:55:02 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\sound.dll
[2011/03/11 16:54:14 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/03/11 16:54:03 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2011/02/24 20:59:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\winscp.rnd
[2011/01/19 22:57:21 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/01/05 16:41:22 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/05 16:36:12 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/26 00:52:02 | 000,518,976 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/22 17:14:43 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Photobook Designer Prefs
[2010/12/16 15:13:06 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010/12/16 15:13:06 | 000,000,036 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2010/11/05 15:41:09 | 000,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini
[2010/09/25 22:16:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/11 17:45:55 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.HP_Administrator.ini
[2010/06/27 14:28:40 | 000,241,744 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2010/06/27 14:28:39 | 001,018,880 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2010/06/04 21:44:35 | 000,012,474 | ---- | C] () -- C:\WINDOWS\System32\wacom.dat
[2010/05/20 16:00:04 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ESCHER.INI
[2010/05/19 12:50:00 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\inst.exe
[2010/05/19 12:50:00 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.cat
[2010/05/19 12:50:00 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.inf
[2010/04/16 16:14:14 | 000,000,555 | ---- | C] () -- C:\WINDOWS\Tcd_a579b07e.ini
[2010/03/18 18:16:25 | 000,000,620 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2010/03/18 11:03:17 | 000,000,065 | ---- | C] () -- C:\WINDOWS\PODW.INI
[2010/03/18 10:58:33 | 000,000,058 | ---- | C] () -- C:\WINDOWS\presntr.ini
[2010/01/31 16:29:50 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/01/29 17:29:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/15 21:19:02 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/03 14:11:54 | 000,001,153 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2010/01/03 14:11:54 | 000,000,011 | ---- | C] () -- C:\WINDOWS\album.ini
[2010/01/02 20:31:45 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/12/29 14:47:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER310E.ini
[2009/12/27 19:17:00 | 000,000,872 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/11/26 18:48:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/11/26 18:48:00 | 000,000,578 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/11/26 18:47:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/11/26 18:47:51 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/11/26 18:47:51 | 000,456,304 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/26 18:47:51 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/11/26 18:47:51 | 000,075,210 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/26 18:47:51 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/11/26 18:47:51 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/11/26 18:47:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/11/26 18:47:49 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/11/26 18:47:49 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/11/26 18:47:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/11/26 18:47:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/11/26 11:55:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/26 11:54:10 | 001,829,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/26 09:03:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/26 01:19:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/11/26 01:06:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/26 01:02:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/27 08:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[1999/05/07 19:12:06 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[1999/03/22 11:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/12/29 20:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\A-PDF
[2010/08/07 15:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2011/01/14 16:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clarus
[2010/12/04 21:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2010/12/29 20:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fpp
[2011/03/30 22:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2008/11/26 01:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/11/20 17:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\S10 Software
[2010/06/10 17:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/01/14 18:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2011/05/25 17:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/12/29 14:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/04/10 15:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Web Page Maker
[2011/05/25 19:01:09 | 000,000,610 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
[2011/05/25 18:52:22 | 000,000,366 | -HS- | M] () -- C:\WINDOWS\Tasks\Ohbbhkzi.job
[2011/05/25 18:52:22 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\Tasks\VUCOAAUJ.job
[2011/05/25 18:52:22 | 000,000,334 | -HS- | M] () -- C:\WINDOWS\Tasks\Ztoku.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:2B11E0DF
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D74B6CF5
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:1DD7A762

< End of report >

and finally:

OTL Extras logfile created on: 25/05/2011 7:00:48 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads\My DAP Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1015.23 Mb Total Physical Memory | 313.23 Mb Available Physical Memory | 30.85% Memory free
2.38 Gb Paging File | 1.74 Gb Available in Paging File | 72.83% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 128.35 Gb Free Space | 92.17% Space Free | Partition Type: NTFS
Drive D: | 9.78 Gb Total Space | 6.29 Gb Free Space | 64.34% Space Free | Partition Type: NTFS

Computer Name: YOUR-4678038BAA | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Pro Plugin
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD SE
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AD84803D-ED53-44C9-8412-A87AAEB8E6DD}" = Eureka's Family Tree
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BBAB8CE2-6AE2-497C-A745-67A61134E72C}" = PIF DESIGNER2.1
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7 Ultra Edition
"{FE2FF182-7DB1-43FB-BFDE-7C44C26867AE}" = Pen Tablet
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adaptec UDF Reader" = Adaptec UDF Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo MyAutoplay Menu_is1" = Ashampoo MyAutoplay Menu 1.0.3
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR310 Reference Guide" = ESPR310 Reference Guide
"ESPR310 Software Guide" = ESPR310 Software Guide
"EZemailBackup_is1" = EZ eMail Backup 2.0
"Foxit Reader" = Foxit Reader
"FreeZip" = FreeZip
"HDMI" = Intel® Graphics Media Accelerator Driver
"huey_is1" = huey 1.0.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{FE2FF182-7DB1-43FB-BFDE-7C44C26867AE}" = Pen Tablet
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.7.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MRW!UninstallKey" = InCD EasyWrite Reader
"MyPublisher" = MyPublisher
"NIS" = Norton Internet Security
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PicaView32" = PicaView32
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/03/2011 2:00:28 AM | Computer Name = YOUR-4678038BAA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/03/2011 2:00:33 AM | Computer Name = YOUR-4678038BAA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/03/2011 8:45:44 AM | Computer Name = YOUR-4678038BAA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 24/03/2011 8:29:58 AM | Computer Name = YOUR-4678038BAA | Source = Application Error | ID = 1000
Description = Faulting application foxitr~1.exe, version 2.2.2007.2129, faulting
module foxitr~1.exe, version 2.2.2007.2129, fault address 0x0007060d.

Error - 29/03/2011 2:00:33 AM | Computer Name = YOUR-4678038BAA | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 12.0.4518.1014, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/03/2011 1:01:22 AM | Computer Name = YOUR-4678038BAA | Source = Application Error | ID = 1000
Description = Faulting application foxitr~1.exe, version 2.2.2007.2129, faulting
module foxitr~1.exe, version 2.2.2007.2129, fault address 0x002d6ecd.

Error - 30/03/2011 1:12:31 AM | Computer Name = YOUR-4678038BAA | Source = Application Error | ID = 1005
Description = Windows cannot access the file E:\acer.exe for one of the following
reasons: there is a problem with the network connection, the disk that the file
is stored on, or the storage drivers installed on this computer; or the disk is
missing. Windows closed the program Adobe Flash Player 9.0 r115 because of this
error. Program: Adobe Flash Player 9.0 r115 File: E:\acer.exe The error value is
listed in the Additional Data section. User Action 1. Open the file again. This situation
might be a temporary problem that corrects itself when the program runs again. 2.
If the file still cannot be accessed and - It is on the network, your network administrator
should verify that there is not a problem with the network and that the server
can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM,
verify that the disk is fully inserted into the computer. 3. Check and repair the
file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD,
and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4.
If the problem persists, restore the file from a backup copy. 5. Determine whether
other files on the same disk can be opened. If not, the disk might be damaged.
If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance. Additional Data Error value: C0000240 Disk type: 5

Error - 30/03/2011 1:15:56 AM | Computer Name = YOUR-4678038BAA | Source = Application Error | ID = 1000
Description = Faulting application acer.exe, version 9.0.115.0, faulting module
acer.exe, version 9.0.115.0, fault address 0x0011e4d0.

Error - 4/04/2011 1:37:15 AM | Computer Name = YOUR-4678038BAA | Source = MsiInstaller | ID = 11907
Description = Product: Microsoft Office Enterprise 2007 -- Error 1907.Could not
register font . Verify that you have sufficient permissions to install fonts, and
that the system supports this font.

Error - 5/04/2011 2:53:35 AM | Computer Name = YOUR-4678038BAA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module coieplg.dll, version 2011.5.0.55, fault address 0x0000fd06.

[ OSession Events ]
Error - 27/01/2010 7:25:44 AM | Computer Name = YOUR-4678038BAA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1602 seconds with 1440 seconds of active time. This session ended with a
crash.

Error - 1/02/2010 1:28:00 AM | Computer Name = YOUR-4678038BAA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 643 seconds with 600 seconds of active time. This session ended with a crash.

Error - 3/02/2010 7:31:51 AM | Computer Name = YOUR-4678038BAA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 148 seconds with 120 seconds of active time. This session ended with a crash.

Error - 7/02/2010 2:33:35 AM | Computer Name = YOUR-4678038BAA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 698 seconds with 660 seconds of active time. This session ended with a crash.

Error - 3/05/2010 10:46:10 PM | Computer Name = YOUR-4678038BAA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 94 seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 24/05/2011 11:10:20 AM | Computer Name = YOUR-4678038BAA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 24/05/2011 11:10:30 AM | Computer Name = YOUR-4678038BAA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 24/05/2011 11:10:41 AM | Computer Name = YOUR-4678038BAA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 24/05/2011 11:10:51 AM | Computer Name = YOUR-4678038BAA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 24/05/2011 11:11:02 AM | Computer Name = YOUR-4678038BAA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 24/05/2011 11:11:12 AM | Computer Name = YOUR-4678038BAA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 24/05/2011 11:11:12 AM | Computer Name = YOUR-4678038BAA | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 24/05/2011 11:11:13 AM | Computer Name = YOUR-4678038BAA | Source = PlugPlayManager | ID = 12
Description = The device 'TSSTcorp CDDVDW TS-H653N' (IDE\CdRomTSSTcorp_CDDVDW_TS-H653N________________0208____\5&204dc0f9&0&0.1.0)
disappeared from the system without first being prepared for removal.

Error - 24/05/2011 11:17:39 AM | Computer Name = YOUR-4678038BAA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NIS service.

Error - 24/05/2011 10:50:30 PM | Computer Name = YOUR-4678038BAA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NIS service.


< End of report >


However I still get directed and it took several goes to get to the Geeks to Go website. If I have done the tests the wrong way round I apologise.
Regards
  • 0

Advertisements

#2
Render
Posted 29 May 2011 - 05:12 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, Rickles! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.

Sorry for the delay. Please do the following:

Step 1

We need to run an OTL Fix

  • Please rigt click on Posted Image on your desktop and click on Run as administrator.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
[2011/05/25 18:52:22 | 000,000,366 | -HS- | M] () -- C:\WINDOWS\Tasks\Ohbbhkzi.job
[2011/05/25 18:52:22 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\Tasks\VUCOAAUJ.job
[2011/05/25 18:52:22 | 000,000,334 | -HS- | M] () -- C:\WINDOWS\Tasks\Ztoku.job
  	
:Files
C:\WINDOWS\Tasks\Ohbbhkzi.job
C:\WINDOWS\Tasks\VUCOAAUJ.job
C:\WINDOWS\Tasks\Ztoku.job

ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 3

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • aswMBR log
  • OTL scan log

  • 0

#3
Rickles
Posted 29 May 2011 - 06:45 AM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts
Hi Render,

I have copied the instructions and dowloaded both programs.

I will run them tomorrow(my time is Oz Eastern).

Regards
  • 0

#4
Render
Posted 29 May 2011 - 07:00 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK.
  • 0

#5
Rickles
Posted 29 May 2011 - 08:50 PM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts
Hi Render,

As per instructions:

All processes killed
Error: Unable to interpret <• :OTL > in the current context!
Error: Unable to interpret <• [2011/05/25 18:52:22 | 000,000,366 | -HS- | M] () -- C:\WINDOWS\Tasks\Ohbbhkzi.job > in the current context!
Error: Unable to interpret <• [2011/05/25 18:52:22 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\Tasks\VUCOAAUJ.job > in the current context!
Error: Unable to interpret <• [2011/05/25 18:52:22 | 000,000,334 | -HS- | M] () -- C:\WINDOWS\Tasks\Ztoku.job > in the current context!
Error: Unable to interpret <• > in the current context!
Error: Unable to interpret <• :Files > in the current context!
Error: Unable to interpret <• C:\WINDOWS\Tasks\Ohbbhkzi.job > in the current context!
Error: Unable to interpret <• C:\WINDOWS\Tasks\VUCOAAUJ.job > in the current context!
Error: Unable to interpret <• C:\WINDOWS\Tasks\Ztoku.job > in the current context!
Error: Unable to interpret <• > in the current context!
Error: Unable to interpret <• ipconfig /flushdns /c > in the current context!
Error: Unable to interpret <• > in the current context!
Error: Unable to interpret <• :Reg > in the current context!
Error: Unable to interpret <• > in the current context!
Error: Unable to interpret <• :Commands > in the current context!
Error: Unable to interpret <• [purity] > in the current context!
Error: Unable to interpret <• [resethosts] > in the current context!
Error: Unable to interpret <• [emptytemp] > in the current context!
Error: Unable to interpret <• [emptyflash] > in the current context!
Error: Unable to interpret <• [createrestorepoint] > in the current context!
Error: Unable to interpret <• [reboot]> in the current context!

OTL by OldTimer - Version 3.2.23.0 log created on 05302011_122251




aswMBR version 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-05-30 12:27:10
-----------------------------
12:27:10.359 OS Version: Windows 5.1.2600 Service Pack 3
12:27:10.359 Number of processors: 2 586 0x1C02
12:27:10.359 ComputerName: YOUR-4678038BAA UserName:
12:27:10.937 Initialize success
12:27:42.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
12:27:42.562 Disk 0 Vendor: SAMSUNG_HD161HJ JF100-22 Size: 152627MB BusType: 3
12:27:44.578 Disk 0 MBR read successfully
12:27:44.578 Disk 0 MBR scan
12:27:44.578 Disk 0 unknown MBR code
12:27:46.578 Disk 0 scanning sectors +312560640
12:27:46.609 Disk 0 scanning C:\WINDOWS\system32\drivers
12:27:50.968 Service scanning
12:27:51.968 Disk 0 trace - called modules:
12:27:51.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:27:51.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8657cab8]
12:27:51.984 3 CLASSPNP.SYS[f75c8fd7] -> nt!IofCallDriver -> \Device\00000064[0x86586f18]
12:27:51.984 5 ACPI.sys[f745f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86583d98]
12:27:59.796 Unsigned kernel modules:
12:28:00.312 0xf739a000 SYMDS.SYS
12:28:00.484 0xf72cd000 SYMEFA.SYS
12:28:00.640 0xf7a8c000 C:\WINDOWS\system32\drivers\penclass.sys
12:28:06.468 0xf7960000 C:\WINDOWS\System32\Drivers\incdrm.SYS
12:28:17.984 0xa86ce000 C:\WINDOWS\System32\Drivers\UdfReadr.SYS
12:28:26.062 Scan finished successfully
12:29:27.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\New Folder\MBR.dat"
12:29:27.859 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\New Folder\aswMBR.txt"


OTL logfile created on: 30/05/2011 12:32:00 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Shortcuts\Clean Ups\FixitCenter\FixitCenter
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1015.23 Mb Total Physical Memory | 514.66 Mb Available Physical Memory | 50.69% Memory free
2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.43% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 127.31 Gb Free Space | 91.43% Space Free | Partition Type: NTFS
Drive D: | 9.78 Gb Total Space | 6.29 Gb Free Space | 64.34% Space Free | Partition Type: NTFS

Computer Name: YOUR-4678038BAA | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\My Documents\Shortcuts\Clean Ups\FixitCenter\FixitCenter\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files\Acer Display\eDisplay Management\dthtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe (Clarus, Inc.)
PRC - C:\Program Files\Portrait Displays\Pivot Pro Plugin\Floater.exe ()
PRC - C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe ()
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe (Portrait Displays, Inc.)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Pantone\huey\hueyTray.exe (Pantone & GretagMacbeth)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I3F2.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\Wtablet\TabUserW.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Administrator\My Documents\Shortcuts\Clean Ups\FixitCenter\FixitCenter\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll (Symantec Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TabHook.dll (Wacom Technology, Corp.)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (SZASSIST) -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe (Clarus, Inc.)
SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110529.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110529.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110527.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (mvd22) -- C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys ()
DRV - (mdf16) -- C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys ()
DRV - (Pivot) -- C:\WINDOWS\system32\drivers\pivot.sys (Portrait Displays, Inc.)
DRV - (pivotmou) -- C:\WINDOWS\system32\drivers\pivotmou.sys (Portrait Displays, Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HSFHWBS3) -- C:\WINDOWS\system32\drivers\HSFHWBS3.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\incdrm.sys (Ahead Software AG)
DRV - (PenClass) -- C:\WINDOWS\system32\Drivers\penclass.sys (Wacom Technology Corporation)
DRV - (UdfReadr) -- C:\WINDOWS\System32\drivers\udfreadr.BAK (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\S-1-5-21-854546202-2644002386-3012357816-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tsninternet.com.au/
IE - HKU\S-1-5-21-854546202-2644002386-3012357816-1006\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - File not found
IE - HKU\S-1-5-21-854546202-2644002386-3012357816-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-854546202-2644002386-3012357816-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/05/11 14:57:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/05/10 18:03:29 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - File not found
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-854546202-2644002386-3012357816-1006\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-854546202-2644002386-3012357816-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-854546202-2644002386-3012357816-1006\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe ()
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-854546202-2644002386-3012357816-1006..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe (Pantone & GretagMacbeth)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854546202-2644002386-3012357816-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854546202-2644002386-3012357816-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854546202-2644002386-3012357816-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/26 01:04:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{597cf8c6-c14f-11df-b9b3-b2228a5d1292}\Shell - "" = AutoRun
O33 - MountPoints2\{597cf8c6-c14f-11df-b9b3-b2228a5d1292}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{597cf8c6-c14f-11df-b9b3-b2228a5d1292}\Shell\AutoRun\command - "" = H:\HPLauncher.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

• CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 12:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\New Folder
[2011/05/30 12:22:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/29 21:52:52 | 000,000,000 | -HSD | C] -- C:\BOOT
[2011/05/29 21:52:44 | 000,187,528 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudisk.sys
[2011/05/29 21:52:44 | 000,020,744 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eufs.sys
[2011/05/29 21:52:43 | 000,030,600 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys
[2011/05/29 21:52:43 | 000,014,216 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys
[2011/05/29 17:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\PriceGong
[2011/05/28 19:44:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\syncdb
[2011/05/28 19:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/05/28 19:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/05/28 19:18:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/05/26 22:42:14 | 000,128,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WimFltr.sys
[2011/05/25 18:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2011/05/02 22:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DisplayTune
[2010/05/19 12:50:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/05/30 12:24:39 | 000,012,474 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2011/05/30 12:24:35 | 000,000,366 | -HS- | M] () -- C:\WINDOWS\tasks\Ohbbhkzi.job
[2011/05/30 12:24:35 | 000,000,334 | -HS- | M] () -- C:\WINDOWS\tasks\Ztoku.job
[2011/05/30 12:24:35 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\tasks\VUCOAAUJ.job
[2011/05/30 12:24:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/29 22:18:42 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 21:53:52 | 000,456,612 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/29 21:53:52 | 000,075,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/29 19:08:11 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/29 19:02:19 | 000,000,610 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
[2011/05/29 16:14:39 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\default.pls
[2011/05/29 15:44:58 | 001,830,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/24 23:57:22 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/20 17:12:57 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2011/05/11 14:56:32 | 000,593,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/05/10 18:04:07 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/10 18:04:07 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/10 18:04:07 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/05/10 18:04:07 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/05/02 17:03:50 | 001,572,114 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp

========== Files Created - No Company Name ==========

[2011/05/29 21:52:42 | 000,035,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2011/05/29 16:09:29 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/24 23:57:22 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/23 23:42:40 | 000,000,366 | -HS- | C] () -- C:\WINDOWS\tasks\Ohbbhkzi.job
[2011/05/23 23:42:39 | 000,000,334 | -HS- | C] () -- C:\WINDOWS\tasks\Ztoku.job
[2011/05/23 23:42:39 | 000,000,326 | -HS- | C] () -- C:\WINDOWS\tasks\VUCOAAUJ.job
[2011/04/12 19:08:04 | 000,000,087 | ---- | C] () -- C:\WINDOWS\Efamtree.ini
[2011/04/10 15:47:40 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2011/04/08 16:33:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2011/04/01 14:53:48 | 000,007,432 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2011/03/19 18:08:44 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\˜113.›sys
[2011/03/11 16:56:59 | 000,000,048 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\tigersetting.dll
[2011/03/11 16:55:11 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\init.dll
[2011/03/11 16:55:11 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\SYSTEM32.dll
[2011/03/11 16:55:02 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\sound.dll
[2011/03/11 16:54:14 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/03/11 16:54:03 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2011/02/24 20:59:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\winscp.rnd
[2011/01/19 22:57:21 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/01/05 16:41:22 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/05 16:36:12 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/26 00:52:02 | 000,518,976 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/22 17:14:43 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Photobook Designer Prefs
[2010/12/16 15:13:06 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010/12/16 15:13:06 | 000,000,036 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2010/11/05 15:41:09 | 000,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini
[2010/09/25 22:16:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/11 17:45:55 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.HP_Administrator.ini
[2010/06/27 14:28:40 | 000,241,744 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2010/06/27 14:28:39 | 001,018,880 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2010/06/04 21:44:35 | 000,012,474 | ---- | C] () -- C:\WINDOWS\System32\wacom.dat
[2010/05/20 16:00:04 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ESCHER.INI
[2010/05/19 12:50:00 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\inst.exe
[2010/05/19 12:50:00 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.cat
[2010/05/19 12:50:00 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.inf
[2010/04/16 16:14:14 | 000,000,555 | ---- | C] () -- C:\WINDOWS\Tcd_a579b07e.ini
[2010/03/18 18:16:25 | 000,000,620 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2010/03/18 11:03:17 | 000,000,065 | ---- | C] () -- C:\WINDOWS\PODW.INI
[2010/03/18 10:58:33 | 000,000,058 | ---- | C] () -- C:\WINDOWS\presntr.ini
[2010/01/31 16:29:50 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/01/29 17:29:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/15 21:19:02 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/03 14:11:54 | 000,001,153 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2010/01/03 14:11:54 | 000,000,011 | ---- | C] () -- C:\WINDOWS\album.ini
[2010/01/02 20:31:45 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/12/29 14:47:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER310E.ini
[2009/12/27 19:17:00 | 000,000,872 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/11/26 18:48:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/11/26 18:48:00 | 000,000,578 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/11/26 18:47:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/11/26 18:47:51 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/11/26 18:47:51 | 000,456,612 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/26 18:47:51 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/11/26 18:47:51 | 000,075,326 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/26 18:47:51 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/11/26 18:47:51 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/11/26 18:47:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/11/26 18:47:49 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/11/26 18:47:49 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/11/26 18:47:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/11/26 18:47:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/11/26 11:55:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/26 11:54:10 | 001,830,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/26 09:03:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/26 01:19:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/11/26 01:06:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/26 01:02:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/27 08:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[1999/05/07 19:12:06 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[1999/03/22 11:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/12/29 20:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\A-PDF
[2011/01/14 16:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clarus
[2010/12/04 21:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/05/28 19:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/12/29 20:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fpp
[2011/03/30 22:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2008/11/26 01:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2011/05/28 19:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/11/20 17:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\S10 Software
[2010/06/10 17:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/01/14 18:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2011/05/29 22:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/12/29 14:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/04/10 15:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Web Page Maker
[2011/05/29 19:02:19 | 000,000,610 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
[2011/05/30 12:24:35 | 000,000,366 | -HS- | M] () -- C:\WINDOWS\Tasks\Ohbbhkzi.job
[2011/05/30 12:24:35 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\Tasks\VUCOAAUJ.job
[2011/05/30 12:24:35 | 000,000,334 | -HS- | M] () -- C:\WINDOWS\Tasks\Ztoku.job

========== Purity Check ==========



========== Custom Scans ==========


< • %SYSTEMDRIVE%\*.exe >


< • %systemroot%\*. /mp /s >

< • hklm\software\clients\startmenuinternet|command /rs >
• HKLM\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 21:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
• HKLM\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 21:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
• HKLM\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 21:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
• HKLM\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
• HKLM\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:2B11E0DF
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D74B6CF5
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:1DD7A762

< End of report >


Regards
  • 0

#6
Render
Posted 30 May 2011 - 04:09 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please repeat that step:

We need to run an OTL Fix

  • Please rigt click on Posted Image on your desktop and click on Run as administrator.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
    [2011/05/25 18:52:22 | 000,000,366 | -HS- | M] () -- C:\WINDOWS\Tasks\Ohbbhkzi.job
    [2011/05/25 18:52:22 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\Tasks\VUCOAAUJ.job
    [2011/05/25 18:52:22 | 000,000,334 | -HS- | M] () -- C:\WINDOWS\Tasks\Ztoku.job

    :Files
    C:\WINDOWS\Tasks\Ohbbhkzi.job
    C:\WINDOWS\Tasks\VUCOAAUJ.job
    C:\WINDOWS\Tasks\Ztoku.job
    ipconfig /flushdns /c

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

  • 0

#7
Rickles
Posted 30 May 2011 - 07:48 AM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts
Hi Render,

As instructed 30 05 11 23.45 EAT:

All processes killed
========== OTL ==========
C:\WINDOWS\Tasks\Ohbbhkzi.job moved successfully.
C:\WINDOWS\Tasks\VUCOAAUJ.job moved successfully.
C:\WINDOWS\Tasks\Ztoku.job moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\Tasks\Ohbbhkzi.job not found.
File\Folder C:\WINDOWS\Tasks\VUCOAAUJ.job not found.
File\Folder C:\WINDOWS\Tasks\Ztoku.job not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HP_Administrator\My Documents\Shortcuts\Clean Ups\FixitCenter\FixitCenter\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Administrator\My Documents\Shortcuts\Clean Ups\FixitCenter\FixitCenter\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: HP_Administrator
->Temp folder emptied: 36563114 bytes
->Temporary Internet Files folder emptied: 55158176 bytes
->Java cache emptied: 307458 bytes
->Flash cache emptied: 6941 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 88.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.23.0 log created on 05302011_234033

Files\Folders moved on Reboot...
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\8D1FFRDH\xd_proxy[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\5PLDPROI\like[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\5PLDPROI\page__pid__2015840[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_108.dat not found!

Registry entries deleted on Reboot...

Regards
  • 0

#8
Render
Posted 30 May 2011 - 08:37 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Now please do this:

Posted Image Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click on Check for Updates button.
  • Click on OK.
  • Select the Scanner tab.
  • Select Perform quick scan, then click on Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#9
Rickles
Posted 31 May 2011 - 06:55 AM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts
Hi Render,

As per instructions 31 05 11:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6729

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31/05/2011 7:43:51 PM
mbam-log-2011-05-31 (19-43-51).txt

Scan type: Quick scan
Objects scanned: 142786
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Regards
  • 0

#10
Render
Posted 31 May 2011 - 07:30 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Are you still getting the redirects?

Now do the following:

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
  • 0

Advertisements

#11
Rickles
Posted 01 June 2011 - 12:44 AM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts
Hi Render,

As per instruction:

RogueKiller V5.1.9 [05/29/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: HP_Administrator [Admin rights]
Mode: Scan -- Date : 06/01/2011 00:07:42

Bad processes: 0

Registry Entries: 3
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{AE6052AC-7EA7-48AB-B9F4-BFC0E18AC374} : NameServer (202.43.229.12,202.43.226.12) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{AE6052AC-7EA7-48AB-B9F4-BFC0E18AC374} : NameServer (202.43.229.12,202.43.226.12) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
ÿþ1

Finished : << RKreport[1].txt >>
RKreport[1].txt

I have not had any redirects (fingers crossed).

However when I went to download RogueKiller my anti virus, Norton Internet Security went ballistic and deleted the program. I had to switch it off whilst I downloaded and ran the program.

Regards
  • 0

#12
Render
Posted 01 June 2011 - 07:54 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Yes, some anti-virus programs detects our tools as malicious but it is false positive.

So your internet service provider is TSN Internet?

I cannot find their DNS IP's so please check if these domain name servers addresses are correct: 202.43.229.12, 202.43.226.12.
  • 0

#13
Rickles
Posted 01 June 2011 - 08:18 AM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts
Hi Render,

You will have to give me step by step instructions to find the settings for the DNS IP's and I will check them for you.

I have been with TSN almost from the begining.

Regards
  • 0

#14
Render
Posted 01 June 2011 - 08:55 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
You can go here and follow the instructions to check your DNS settings. If you have checked Obtain DNS server address automatically option then I think that everything is OK as these two IP's are inside your ISP's IP scope.

Now tell me please how is your computer running at the moment? Any problems?
  • 0

#15
Rickles
Posted 02 June 2011 - 06:43 AM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts
Hi Render,

The settings requested are:

Prefered DNS Server 202. 43. 229. 12

Alternate DNS Server 202. 43. 226. 12.

No redirects in the last 24 hours!

A buddy of mine said that he had the same problem starting from downloading and installing Ashampoo software. Although like me, he unchecked the box for their toolbar which uses Conduit Engine, but it installed itself anyway.

Any tie in with my computers problem? I have uninstalled the programs I had and then followed it up with Auslogics Registry Cleaner and ATF Cleaner.

Regards
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP