Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to use Windows Update since Dec 10!


  • This topic is locked This topic is locked

#1
Richard Ingham

Richard Ingham

    Member

  • Member
  • PipPip
  • 23 posts
I am writing on behalf of my father-in-law who has been unable to perform a Windows Update since December 2010, the last install being 27/11/10. He is running Norton 360 Premier Edition which seems fine, but when you click on Windows Update it starts the green bar across the screen but never finds anything no matter how long you leave it searching. Im guessing it cannot connect. A google search led me to this forum, please help guys. I'll try and follow your instructions as quickly as possible but it might take me a few days to follow your commands. Alladvice very gratefully recieved.
  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi and welcome to Geeks to Go. :)

A few questions for your good self as follows...

1 - Any reason particular reason your father-in-law did not join the forum himself and request assistance?

2 - Does the machine in question have Internet access, as in can it be connected online?

3 - Which Operating System is in use on the machine?

Answer the above please and we will go from there, thank you.
  • 0

#3
Richard Ingham

Richard Ingham

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
1) He is very easily confused and not the most computer literate, he probably wouldnt even be able to follow the very straight forward and helpful advice you guys provide. He gets confused adding an attachment to an email for example.

2)Yes it is internet connected.

3) Vista Premier Home Edition.


Thanks for the reply.
  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

1) He is very easily confused and not the most computer literate, he probably wouldnt even be able to follow the very straight forward and helpful advice you guys provide. He gets confused adding an attachment to an email for example.

OK, fair play and not a problem at all I assure you.

Thanks for the reply.

You're welcome!

The below pertains to your father-in-law's machine, as instructions to be carried out on it etc...Please take note of the below:

  • I will start working on the Malware issues, this may or may not, solve other issues you have with the machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Vista Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your father-in-law's computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your father-in-law's computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Scan with OTL:

Please download OTL and save it to the Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is the computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#5
Richard Ingham

Richard Ingham

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Dakeyras,

It seems ok, nothing unusual happening that I can tell. Emails are still sending and receiving and web browsing seems fine.

OTL logfile created on: 17/08/2011 20:11:41 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\David Elliott\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

893.76 Mb Total Physical Memory | 109.20 Mb Available Physical Memory | 12.22% Memory free
2.00 Gb Paging File | 0.79 Gb Available in Paging File | 39.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.43 Gb Total Space | 84.62 Gb Free Space | 60.69% Space Free | Partition Type: NTFS
Drive D: | 9.62 Gb Total Space | 3.90 Gb Free Space | 40.51% Space Free | Partition Type: NTFS

Computer Name: DAVIDELLIOTT-PC | User Name: David Elliott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\David Elliott\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\p2phost.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\ModPS2Key.exe (Chicony)
PRC - C:\Windows\zHotkey.exe ()
PRC - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll ()
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Windows\zHotkey.exe ()


========== Win32 Services (SafeList) ==========

SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (N360) -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxcy_device) -- C:\Windows\System32\lxcycoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110817.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110817.002\NAVENG.SYS (Symantec Corporation)
DRV - (RapportCerberus_29574) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys ()
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110816.030\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110812.001\BHDrvx86.sys (Symantec Corporation)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (stppp) -- C:\Windows\System32\drivers\stppp.sys (THOMSON Telecom Belgium)
DRV - (ST330) -- C:\Windows\System32\drivers\st330.sys (THOMSON Telecom Belgium)
DRV - (STBUS) -- C:\Windows\System32\drivers\stbus.sys (THOMSON Telecom Belgium)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NETw2v32) Intel® -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\Windows\System32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\Windows\System32\drivers\alcaudsl.sys (THOMSON)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...Sys=DTP&M=E4252
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=E4252
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...Sys=DTP&M=E4252


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...Sys=DTP&M=E4252
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=E4252
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...Sys=DTP&M=E4252
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=E4252
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-1370036104-811610254-1484745332-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...Sys=DTP&M=E4252
IE - HKU\S-1-5-21-1370036104-811610254-1484745332-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.virgin.net/ie/search
IE - HKU\S-1-5-21-1370036104-811610254-1484745332-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1370036104-811610254-1484745332-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.instituteofcarpenters.com/
IE - HKU\S-1-5-21-1370036104-811610254-1484745332-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1370036104-811610254-1484745332-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1370036104-811610254-1484745332-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.102: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2011/07/21 03:13:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn_2010_9_0_6 [2011/08/17 19:38:16 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\S-1-5-21-1370036104-811610254-1484745332-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1370036104-811610254-1484745332-1000..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1370036104-811610254-1484745332-1000..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1370036104-811610254-1484745332-1000..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\David Elliott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1370036104-811610254-1484745332-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1370036104-811610254-1484745332-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.vir...tainstaller.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\David Elliott\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\David Elliott\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 10:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/17 20:08:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/17 20:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/17 20:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/08/09 21:42:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/08/09 19:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/08/09 18:26:33 | 000,000,000 | ---D | C] -- C:\Users\David Elliott\AppData\Roaming\Sammsoft
[2011/08/09 18:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARO 2011
[2011/08/09 18:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/07/19 20:12:24 | 000,000,000 | ---D | C] -- C:\Users\David Elliott\AppData\Local\Solid State Networks
[2009/06/07 22:19:02 | 000,106,496 | ---- | C] ( ) -- C:\Windows\System32\VM_1.dll
[2006/02/20 20:44:44 | 001,183,744 | ---- | C] ( ) -- C:\Windows\System32\lxcyserv.dll
[2006/02/20 20:36:06 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcycomm.dll
[2006/02/20 20:35:54 | 000,385,024 | ---- | C] ( ) -- C:\Windows\System32\lxcycfg.exe
[2006/02/20 20:24:42 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\lxcyih.exe
[2006/02/20 20:24:30 | 000,536,576 | ---- | C] ( ) -- C:\Windows\System32\lxcylmpm.dll
[2006/02/20 20:23:16 | 000,114,688 | ---- | C] ( ) -- C:\Windows\System32\lxcypplc.dll
[2006/02/20 20:23:08 | 000,495,616 | ---- | C] ( ) -- C:\Windows\System32\lxcycoms.exe
[2006/02/20 20:22:16 | 000,610,304 | ---- | C] ( ) -- C:\Windows\System32\lxcycomc.dll
[2006/02/20 20:21:22 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcyprox.dll
[2006/02/20 20:21:12 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcyhbn3.dll
[2006/02/20 20:15:16 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcyusb1.dll
[2006/02/20 20:06:52 | 000,393,216 | ---- | C] ( ) -- C:\Windows\System32\lxcyiesc.dll
[2006/02/20 20:03:02 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxcyinpa.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\David Elliott\Desktop\Documents\*.tmp files -> C:\Users\David Elliott\Desktop\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/17 20:07:50 | 000,000,913 | ---- | M] () -- C:\Users\David Elliott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/17 20:07:43 | 000,000,733 | ---- | M] () -- C:\Users\David Elliott\Desktop\NTREGOPT.lnk
[2011/08/17 20:07:43 | 000,000,714 | ---- | M] () -- C:\Users\David Elliott\Desktop\ERUNT.lnk
[2011/08/17 19:37:27 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/17 19:37:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 19:37:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 19:37:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/17 19:37:08 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/16 14:25:07 | 000,106,136 | ---- | M] () -- C:\Users\David Elliott\Desktop\Documents\Fw_ IOC Structure Chart.eml
[2011/08/10 20:07:07 | 000,001,653 | ---- | M] () -- C:\Users\David Elliott\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/08/10 20:07:05 | 000,001,647 | ---- | M] () -- C:\Users\David Elliott\Desktop\Check PC For Errors.lnk
[2011/08/06 13:29:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/06 12:42:20 | 000,000,004 | ---- | M] () -- C:\Users\David Elliott\AppData\Roaming\wklnhst.dat
[2011/08/06 11:34:37 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/05 20:48:25 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\David Elliott\Desktop\Documents\*.tmp files -> C:\Users\David Elliott\Desktop\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/17 20:07:50 | 000,000,913 | ---- | C] () -- C:\Users\David Elliott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/17 20:07:43 | 000,000,733 | ---- | C] () -- C:\Users\David Elliott\Desktop\NTREGOPT.lnk
[2011/08/17 20:07:42 | 000,000,714 | ---- | C] () -- C:\Users\David Elliott\Desktop\ERUNT.lnk
[2011/08/16 14:25:05 | 000,106,136 | ---- | C] () -- C:\Users\David Elliott\Desktop\Documents\Fw_ IOC Structure Chart.eml
[2011/08/10 20:07:05 | 000,001,653 | ---- | C] () -- C:\Users\David Elliott\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/08/10 20:07:05 | 000,001,647 | ---- | C] () -- C:\Users\David Elliott\Desktop\Check PC For Errors.lnk
[2011/08/05 20:48:24 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/05 20:48:24 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/20 10:51:38 | 000,001,940 | ---- | C] () -- C:\Users\David Elliott\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/01/08 19:10:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/08 19:10:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/17 22:48:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/13 14:50:27 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2008/01/26 20:11:11 | 000,000,004 | ---- | C] () -- C:\Users\David Elliott\AppData\Roaming\wklnhst.dat
[2008/01/16 10:21:27 | 000,026,340 | ---- | C] () -- C:\Users\David Elliott\AppData\Roaming\UserTile.png
[2007/12/29 14:11:25 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2007/12/29 14:11:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/12/29 14:11:24 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2007/12/29 14:11:24 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2007/12/29 14:11:24 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2007/12/29 14:11:24 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2007/12/29 14:11:24 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2007/12/29 14:11:24 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2007/12/29 14:11:24 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2007/12/29 14:11:24 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2007/12/29 14:11:24 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2007/12/29 14:11:24 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2007/12/29 14:11:24 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2007/12/29 14:11:24 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2007/12/29 14:11:24 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2007/12/29 14:11:24 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2007/12/29 14:11:24 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2007/12/29 14:11:24 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2007/12/29 14:11:24 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2007/12/27 14:39:38 | 000,005,606 | ---- | C] () -- C:\Windows\System32\stci.dll
[2007/12/27 14:24:29 | 000,303,104 | ---- | C] () -- C:\Windows\System32\lxcycoin.dll
[2007/12/27 14:17:42 | 000,018,944 | ---- | C] () -- C:\Users\David Elliott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/06 11:03:48 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
[2007/09/06 11:03:48 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2007/09/06 11:03:48 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2007/09/06 11:03:48 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2006/11/22 22:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 18:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,295,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,599,942 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,105,448 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/12 01:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2006/01/25 23:11:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcycnv4.dll
[2006/01/25 17:05:24 | 000,684,032 | ---- | C] () -- C:\Windows\System32\lxcydrs.dll
[2006/01/23 07:47:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcycaps.dll
[2005/07/08 09:11:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcyvs.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 933 bytes -> C:\Users\David Elliott\Desktop\Documents\Order Id_OWW01342380.eml:OECustomProperty
@Alternate Data Stream - 817 bytes -> C:\Users\David Elliott\Desktop\Documents\Fw_ IOC Structure Chart.eml:OECustomProperty
@Alternate Data Stream - 764 bytes -> C:\Users\David Elliott\Desktop\Documents\an irish blessing.eml:OECustomProperty

< End of report >
  • 0

#6
Richard Ingham

Richard Ingham

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
And here is the second file as requested.

OTL Extras logfile created on: 17/08/2011 20:11:41 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\David Elliott\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

893.76 Mb Total Physical Memory | 109.20 Mb Available Physical Memory | 12.22% Memory free
2.00 Gb Paging File | 0.79 Gb Available in Paging File | 39.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.43 Gb Total Space | 84.62 Gb Free Space | 60.69% Space Free | Partition Type: NTFS
Drive D: | 9.62 Gb Total Space | 3.90 Gb Free Space | 40.51% Space Free | Partition Type: NTFS

Computer Name: DAVIDELLIOTT-PC | User Name: David Elliott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{122C7CB9-5497-46CF-A400-57E8BFF5A47D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{1680252D-BAEA-467C-83B9-BB47C87B0AA9}" = rport=5357 | protocol=6 | dir=out | app=system |
"{1CC8E6DD-332D-4F72-81D1-3C1E5E4093D7}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{1DFA91AF-F62E-4292-A328-25B4AD6917E6}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{2F1FFBAB-EC76-4C1C-8BE3-0E22A18C5DEC}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{31184B71-0508-42FF-8E9A-5799A35E17A3}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{32A32F08-D1F7-4165-BE7D-89AF7109E2E4}" = lport=5358 | protocol=6 | dir=in | app=system |
"{350A6031-8B69-4CA3-93F0-961019A2F2C6}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{405620F0-C48C-4582-94D3-C50EC305828B}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{4D585361-E192-4B2A-A89B-4C4FA1D5EDE3}" = rport=5358 | protocol=6 | dir=out | app=system |
"{526334A2-CA79-4C36-9C7E-4281A64C4452}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{57272FC7-3E15-42DF-8178-B836DC1EE8C6}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{6EB16010-4362-410E-92D0-E6FBFADEFD74}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{77F9EECD-B0BF-4D91-A27B-FCFD97F8C01B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{8EE89A32-AEE2-47A2-8CA9-2705B7901407}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{904A9E4D-A611-4BD7-B50F-09C8228349AB}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{9DABE184-C070-4088-9E22-4351A40A5A32}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{A12ABEE1-402A-4D11-A500-766A0D3D192F}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{A2D6A863-5DE6-49A5-BBAD-357C250C2B57}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A52E4834-823F-4BFD-B7CD-09B9E5DB9559}" = lport=5357 | protocol=6 | dir=in | app=system |
"{A9A52991-CDD7-49FA-8450-2AC4B968DB1F}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{AD0992B7-FA67-4E97-90AB-F2F0BDD65BE0}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{BCA25116-8492-43A5-B531-E4B722C6B431}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{BCE0B381-BBD9-459A-8879-312A27FDA9A8}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{C36706F0-0DDE-4707-8DFF-FB039EDD0E06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C547BA76-FAD5-40D6-98ED-7D7BF08CCE43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D98CBC81-AC79-4605-8131-68273C1526F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF90D1C9-D5F1-4AB9-A7CB-444F44FD14FF}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{079F723E-B76D-4FCE-A648-3BC99395218A}" = protocol=6 | dir=in | app=c:\program files\thomson\st330\service\st330service.exe |
"{21FC66FF-704B-4E2E-BED9-D0EF136EA6D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{25A2B1B8-AE64-49CA-AFBA-D7058EC9AF7B}" = protocol=17 | dir=in | app=c:\users\david elliott\appdata\local\temp\installer.exe |
"{40F97B99-612C-452C-8A43-AEA6CB29AF4D}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{529B733D-6FDA-4D97-94C5-F070DD637F57}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{594B558A-407F-471C-9194-5F52B8470906}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{68FAD6EF-3113-4F3D-8E27-4C85DFFC5D4A}" = protocol=17 | dir=in | app=c:\program files\thomson\st330\service\st330service.exe |
"{6D8DABC4-8480-404C-A2BF-1D8D73111623}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{6EE66DAD-C519-4AD5-9052-E15E37B4DCD4}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{75DEED11-602F-455C-8268-0EBB4756962E}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{902E6F62-A597-415C-89FC-FF3AA2E2FF94}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{95E8CB26-2952-4A9E-85DD-41C3C6C7583E}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{980F5BEB-9C54-4FA8-A862-D8DD0C5F5AC1}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{BA6FA50D-671F-4CF1-8248-E8C3FEC13BE0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{BC2301D1-C883-455B-9D8E-389D6E654E58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C36233BE-5059-453F-8C98-F4A36E610A4B}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{C57F7E98-14F5-47A1-9110-53093F051231}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D550BCFA-D684-4CFE-92AA-4C1F064C2E94}" = protocol=6 | dir=in | app=c:\users\david elliott\appdata\local\temp\installer.exe |
"{D6B048AF-024C-4C57-9ED9-0139D75D733D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{D7CC035C-2DC4-4D9E-B27E-79DF93D45EB4}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{DC54BFD0-22B2-4CE8-B7A3-E5D186CCE734}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F1995048-EAAE-4FBC-844C-D3EA6F2130D1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F3BFE204-FD28-4232-965B-B7130B727CBF}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{FF761BB1-CF16-4582-A2AB-D9BFA6501D29}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"TCP Query User{398BA877-986B-4A23-B4FA-C3DDBFBB0779}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe |
"TCP Query User{FB5ACFED-3DF3-40F2-852E-8D503BC8667D}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe |
"UDP Query User{1FCE1C33-9D18-4B53-BA5A-E1DF0983D6AF}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe |
"UDP Query User{F8541B43-2B17-4661-B07C-5182864AB68C}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7CEA10-4694-4FC3-B761-9DBFD50B8F2A}" = Client Settings Tool
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ARO 2011_is1" = ARO 2011
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX125 Series Manual" = EPSON SX125 Series Manual
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"N360" = Norton 360 Premier Edition
"NVIDIA Drivers" = NVIDIA Drivers
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/08/2010 07:43:57 | Computer Name = DavidElliott-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/08/2010 07:43:58 | Computer Name = DavidElliott-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/08/2010 07:45:06 | Computer Name = DavidElliott-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/08/2010 07:45:07 | Computer Name = DavidElliott-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/08/2010 07:45:16 | Computer Name = DavidElliott-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/08/2010 07:45:17 | Computer Name = DavidElliott-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/08/2010 07:45:18 | Computer Name = DavidElliott-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/08/2010 07:45:19 | Computer Name = DavidElliott-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/08/2010 07:46:52 | Computer Name = DavidElliott-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/08/2010 07:46:52 | Computer Name = DavidElliott-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ OSession Events ]
Error - 13/07/2010 04:07:07 | Computer Name = DavidElliott-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 168
seconds with 120 seconds of active time. This session ended with a crash.

Error - 06/08/2010 06:31:26 | Computer Name = DavidElliott-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 460
seconds with 420 seconds of active time. This session ended with a crash.

Error - 16/08/2011 09:28:44 | Computer Name = DavidElliott-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 17/08/2011 15:18:02 | Computer Name = DavidElliott-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 17/08/2011 15:18:32 | Computer Name = DavidElliott-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 17/08/2011 15:19:02 | Computer Name = DavidElliott-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 17/08/2011 15:19:32 | Computer Name = DavidElliott-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 17/08/2011 15:20:03 | Computer Name = DavidElliott-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 17/08/2011 15:20:33 | Computer Name = DavidElliott-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 17/08/2011 15:21:03 | Computer Name = DavidElliott-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 17/08/2011 15:21:36 | Computer Name = DavidElliott-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 17/08/2011 15:22:06 | Computer Name = DavidElliott-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 17/08/2011 15:22:36 | Computer Name = DavidElliott-PC | Source = Service Control Manager | ID = 7023
Description =


< End of report >
  • 0

#7
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

It seems ok, nothing unusual happening that I can tell. Emails are still sending and receiving and web browsing seems fine.

OK and thanks for the update.

Please move the executable for OTL to the desktop, it is currently residing here:-

C:\Users\David Elliott\Downloads\OTL.exe

Reset Vista SP2 Firewall:

Click on Start(Vista Orb) >> Run... and cut/paste in the following and click on OK

firewall.cpl
Or Start(Vista Orb) >> Control Panel >> Windows Firewall

Click on the Change Settings >> Advanced >> Restore Defaults >> At the prompt click on Yes >> OK

Now click back on Change Settings again >> General >> and select Off(not recommended) >> Apply >> OK.

Note: No need for it to be active after the reset because the installed Norton 360 Premier Edition has a firewall component.

Advised Optional Advice:

Windows Defender at present is active in system memory and there is a chance it will cause a conflict with the installed Norton 360 Premier Edition.

Plus the possibility it may lesson overall online protection. Also it will hinder the actual Malware Removal process.

However it cannot be uninstalled because it is a integral part of the Vista operating system.

My best advice would be to disable this completely. A graphical tutorial explaining how to correctly can be viewed here and or follow the instructions below.

  • Launch Windows Defender and go to Tools >> Options.
  • There will be a list of configuration options.
  • Scroll down to the end of the list to Administrator options.
  • Deselect the Use Windows Defender box and press the Save button.
  • Now you will receive a notification saying that Windows Defender is turned off.
  • Click on Save then Close on the Notification that appears.
Next:

Now please go to Start >> Control Panel >> Programs and Features and remove the following (if present):

ARO 2011 <-- Registry cleaning applications do little good and have the capicity to render a machine little more than a expensive doorstop!
Browser Address Error Redirector <-- Has undesirable characteristics.
Java™ SE Runtime Environment 6 Update 1 <-- We will update this in due course.
Rapport <-- Is causing a security conflict with Norton 360 Premier Edition.

To do so click once on each of the above to highlight then click on Uninstall/Change and follow the prompts.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
IE - HKU\S-1-5-21-1370036104-811610254-1484745332-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\David Elliott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O15 - HKU\S-1-5-21-1370036104-811610254-1484745332-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1370036104-811610254-1484745332-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.vir...tainstaller.cab (Reg Error: Key error.)
[2011/08/09 18:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\David Elliott\Desktop\Documents\*.tmp files -> C:\Users\David Elliott\Desktop\Documents\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Right-click on mbam-setup.exe and select Run as Administrator then follow the prompts to install the program.
Note: The feel trial offered for the Protection Module is optional. Though I advise activate this when we've finished, if you so wish.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:

  • Launch Malwarebytes' Anti-Malware
  • Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is the computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Do you still require assistance?

I appreciate the circumstances but I cannot leave this topic open indefinitely. :)
  • 0

#9
Richard Ingham

Richard Ingham

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Sorry I have been away and havent had chance to get around to my f-i-l's to respond to your last reply. I will be there on Friday to sort it so please leave this open.
  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
OK fair play and thank you for the clarification. :)
  • 0

Advertisements


#11
Richard Ingham

Richard Ingham

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ok I think we are getting there. I wasnt sure about how to create the shortcut for OTL on the desktop but I think it has worked.

Apart from the stuff that is normally at the bottom now appearing on the right hand side of the screen and stubbornly refusing to move everything seems fine.

OTL Log:

All processes killed
========== OTL ==========
HKU\S-1-5-21-1370036104-811610254-1484745332-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
C:\Windows\System32\BAE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Launcher deleted successfully.
C:\Windows\SMINST\Launcher.exe moved successfully.
C:\Users\David Elliott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk moved successfully.
C:\Program Files\ERUNT\AUTOBACK.EXE moved successfully.
Registry key HKEY_USERS\S-1-5-21-1370036104-811610254-1484745332-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1370036104-811610254-1484745332-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {FD0EBBED-0C42-4D0F-82DA-44399B5C420A}
C:\Windows\Downloaded Program Files\tb_download.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
Folder C:\Program Files\ARO 2011\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\David Elliott\Desktop\Documents\~WRL0003.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\David Elliott\Downloads\cmd.bat deleted successfully.
C:\Users\David Elliott\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: David Elliott
->Flash cache emptied: 7692 bytes

User: Default
->Flash cache emptied: 56466 bytes

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7576

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

26/08/2011 12:38:03
mbam-log-2011-08-26 (12-38-03).txt

Scan type: Quick scan
Objects scanned: 159193
Time elapsed: 8 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)
  • 0

#12
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

ok I think we are getting there. I wasnt sure about how to create the shortcut for OTL on the desktop but I think it has worked.

For future reference to move a file/or folder with Vista:-

Click once on the file to highlight >> click on the Alt key >> Edit >> Move To Folder... >> click on/navigate to the new location you wish to move the file/folder to >> click on Move

Apart from the stuff that is normally at the bottom now appearing on the right hand side of the screen and stubbornly refusing to move

If you mean the taskbar, try hovering the mouse over the edge and dragging back into position etc.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...Click on Scan Now

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#13
Richard Ingham

Richard Ingham

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
However much I try to drag the toolbar it will not budge.



The only logfile I could find was this:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

There is no log file saved as C:\Program Files\ESET\EsetOnlineScanner\log.txt.

The scan took over 2 hours and scanned something like 170,000files!!!
  • 0

#14
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

However much I try to drag the toolbar it will not budge.

OK try clicking within a unused area of the toolbar and then you should be able to drag it back into position.

The only logfile I could find was this:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

There is no log file saved as C:\Program Files\ESET\EsetOnlineScanner\log.txt.

The scan took over 2 hours and scanned something like 170,000files!!!

Was anything at all detected by the scan? With regard to the amount of files scanned that would vary from machine to machine as any one computer is different due to the software installed for example.
  • 0

#15
Richard Ingham

Richard Ingham

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
We have tried all over the toolbar, next to and well away from the icons, nothing will get it to move.

No, the scan did not find anything.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP