Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Firefox not responding, pages hanging,unable to start antivirus [Close


  • This topic is locked This topic is locked

#1
saltash

saltash

    Member

  • Member
  • PipPip
  • 55 posts
Hi any help is greatly appreciated.
I am running windows xp with firefox as my browser. I keep getting " not responding " messages, also pages hang and take ages to load. I have Panda Cloud anti virus which for some reason will not start.
I have attached my OTL logs and look forward to hearing from you.
Thanks in advance
OTL logfile created on: 05/02/2012 16:29:01 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User.USER-BCBE98E29B\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

255.53 Mb Total Physical Memory | 25.24 Mb Available Physical Memory | 9.88% Memory free
618.97 Mb Paging File | 100.09 Mb Available in Paging File | 16.17% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 18.80 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
Drive D: | 3.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: USER-BCBE98E29B | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/05 16:28:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User.USER-BCBE98E29B\Desktop\OTL.exe
PRC - [2012/02/05 06:03:47 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/01/10 19:26:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/06 10:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/08/18 21:36:04 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2011/04/07 13:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2011/01/24 12:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008/04/14 11:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/05 06:05:28 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/02/05 06:05:28 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/01/12 19:31:18 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/01/10 19:26:39 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/04 21:08:49 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/04 21:08:42 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2011/08/18 21:36:04 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2011/01/24 12:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)


========== Driver Services (SafeList) ==========

DRV - [2011/08/01 11:23:20 | 000,143,752 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/28 13:57:57 | 000,112,456 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2011/04/28 13:57:38 | 000,129,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2011/04/28 13:57:38 | 000,111,688 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2011/04/28 13:57:38 | 000,097,096 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2011/03/02 11:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/01/17 08:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/17 07:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2011/01/12 09:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/07/08 07:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 07:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/02/26 15:22:48 | 000,010,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvmpu401.sys -- (nvmpu401) Service for NVIDIA® nForce™
DRV - [2003/08/07 16:42:30 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)
DRV - [2001/12/17 11:25:58 | 000,015,417 | R--- | M] (Scientific Atlanta) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WebSTAR.sys -- (WebSTARNdis)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/10 19:26:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 09:17:50 | 000,000,000 | ---D | M]

[2012/01/03 21:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Extensions
[2012/01/07 08:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions
[2011/12/03 23:02:56 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/12/03 23:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions
[2011/12/03 23:02:53 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/01/03 21:20:10 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\searchplugins\Search_Results.xml
[2012/01/03 21:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER.USER-BCBE98E29B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L34NQ7FM.DEFAULT\EXTENSIONS\{1CED4832-F06E-413F-AA14-9EB63AD40ACE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER.USER-BCBE98E29B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L34NQ7FM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER.USER-BCBE98E29B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L34NQ7FM.DEFAULT\EXTENSIONS\[email protected]
[2012/01/10 19:26:47 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/17 15:53:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/10 19:26:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/03 21:20:10 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/01/10 19:26:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/21 02:06:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD53D902-2763-4B83-B3C7-1EC5960E0516}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msencarta {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\MSREF.DLL ()
O18 - Protocol\Handler\msero {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\msero.dll ()
O18 - Protocol\Handler\msref {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\MSREF.DLL ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/22 11:38:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/05/31 11:02:06 | 000,000,055 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2000/11/30 01:36:42 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/05 16:27:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User.USER-BCBE98E29B\Desktop\OTL.exe
[2012/02/04 19:46:39 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/03 16:27:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User.USER-BCBE98E29B\Recent

========== Files - Modified Within 30 Days ==========

[2012/02/05 16:28:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User.USER-BCBE98E29B\Desktop\OTL.exe
[2012/02/04 22:46:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/04 22:46:54 | 268,013,568 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/04 20:03:12 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2012/02/04 17:55:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/31 22:21:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/10 22:54:56 | 000,516,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/10 22:54:56 | 000,092,398 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/01/31 22:21:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/03 22:58:57 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/09/22 21:50:39 | 000,000,112 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/06/12 10:40:55 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/01 18:30:57 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/12/23 12:56:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2010/12/04 14:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avoffice.INI
[2010/12/04 13:04:39 | 000,000,111 | ---- | C] () -- C:\WINDOWS\magix.ini
[2010/12/04 12:30:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/29 17:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/22 11:40:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/22 11:35:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/22 11:24:58 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/11/22 11:24:58 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/11/22 11:24:58 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/11/22 11:24:58 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/11/22 11:18:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/22 10:42:10 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/11/22 10:42:08 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2010/11/22 10:42:02 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2010/11/22 10:15:49 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 11:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 11:00:00 | 000,516,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 11:00:00 | 000,092,398 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 11:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/10 11:09:54 | 000,000,160 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/04/10 10:09:53 | 000,000,160 | ---- | C] () -- C:\WINDOWS\oeminfo.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/08/07 16:42:30 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2000/08/15 15:16:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\clcd32.dll
[2000/08/15 15:16:00 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\clcd16.dll
[2000/08/07 13:42:52 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LTDLL.DLL

========== LOP Check ==========

[2011/08/04 20:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2010/11/23 09:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/12/03 16:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/12/10 18:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/12/31 12:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2011/01/30 12:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/12/03 22:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/02/04 22:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/11 12:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/03 21:43:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318}
[2011/05/30 10:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\CyberMatrix
[2011/05/27 16:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\GetRightToGo
[2011/12/04 18:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Panda Security
[2011/12/07 20:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\pandasecuritytb
[2011/05/20 17:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\PCToolsFirewallPlus
[2011/05/20 19:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Windows Desktop Search
[2011/05/20 19:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Windows Search

========== Purity Check ==========


OTL Extras logfile created on: 05/02/2012 16:29:02 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User.USER-BCBE98E29B\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

255.53 Mb Total Physical Memory | 25.24 Mb Available Physical Memory | 9.88% Memory free
618.97 Mb Paging File | 100.09 Mb Available in Paging File | 16.17% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 18.80 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
Drive D: | 3.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: USER-BCBE98E29B | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{02400202-5D65-445A-B3B4-3DCE72BA0C6C}" = Microsoft Encarta World Atlas 2001 - WE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15D9EB74-998E-4A04-B468-51C2E7B32182}" = Microsoft Picture It! Publishing 2001
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D719053-5593-11D3-8F25-0060085C1758}" = Microsoft AutoRoute 2001
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}" = Microsoft Money 2001
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ESET Online Scanner" = ESET Online Scanner v3
"FoneSync" = FoneSync
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"ie8" = Windows Internet Explorer 8
"MAGIX @udio & video office OEM" = MAGIX @udio & video office OEM
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Drivers" = NVIDIA Drivers
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0
"Recuva" = Recuva
"SB_ClipboardPath" = ClipboardPath
"Shockwave" = Shockwave
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebSTAR Uninstall" = WebSTAR DPX USB Cable Modem Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/11/2011 17:03:08 | Computer Name = USER-BCBE98E29B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 02/11/2011 17:06:42 | Computer Name = USER-BCBE98E29B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 23/11/2011 05:43:32 | Computer Name = USER-BCBE98E29B | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 05/12/2011 17:00:09 | Computer Name = USER-BCBE98E29B | Source = MsiInstaller | ID = 1023
Description = Product: Panda Cloud Antivirus - Update '{1C58D052-1739-48F5-BF3F-DB461BED6297}'
could not be installed. Error code 1642. Additional information is available in
the log file C:\WINDOWS\TEMP\PSLogs\Panda Cloud Antivirus_MSI_B.Log.

Error - 05/12/2011 17:00:10 | Computer Name = USER-BCBE98E29B | Source = MsiInstaller | ID = 1023
Description = Product: Panda Cloud Antivirus - Update '{B35E8B29-555F-4E2E-9DB2-D107A525F136}'
could not be installed. Error code 1642. Additional information is available in
the log file C:\WINDOWS\TEMP\PSLogs\Panda Cloud Antivirus_MSI_C.Log.

Error - 11/01/2012 14:53:15 | Computer Name = USER-BCBE98E29B | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ Application Events ]
Error - 02/11/2011 17:03:08 | Computer Name = USER-BCBE98E29B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 02/11/2011 17:06:42 | Computer Name = USER-BCBE98E29B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 23/11/2011 05:43:32 | Computer Name = USER-BCBE98E29B | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 05/12/2011 17:00:09 | Computer Name = USER-BCBE98E29B | Source = MsiInstaller | ID = 1023
Description = Product: Panda Cloud Antivirus - Update '{1C58D052-1739-48F5-BF3F-DB461BED6297}'
could not be installed. Error code 1642. Additional information is available in
the log file C:\WINDOWS\TEMP\PSLogs\Panda Cloud Antivirus_MSI_B.Log.

Error - 05/12/2011 17:00:10 | Computer Name = USER-BCBE98E29B | Source = MsiInstaller | ID = 1023
Description = Product: Panda Cloud Antivirus - Update '{B35E8B29-555F-4E2E-9DB2-D107A525F136}'
could not be installed. Error code 1642. Additional information is available in
the log file C:\WINDOWS\TEMP\PSLogs\Panda Cloud Antivirus_MSI_C.Log.

Error - 11/01/2012 14:53:15 | Computer Name = USER-BCBE98E29B | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ Application Events ]
Error - 02/11/2011 17:03:08 | Computer Name = USER-BCBE98E29B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 02/11/2011 17:06:42 | Computer Name = USER-BCBE98E29B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 23/11/2011 05:43:32 | Computer Name = USER-BCBE98E29B | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 05/12/2011 17:00:09 | Computer Name = USER-BCBE98E29B | Source = MsiInstaller | ID = 1023
Description = Product: Panda Cloud Antivirus - Update '{1C58D052-1739-48F5-BF3F-DB461BED6297}'
could not be installed. Error code 1642. Additional information is available in
the log file C:\WINDOWS\TEMP\PSLogs\Panda Cloud Antivirus_MSI_B.Log.

Error - 05/12/2011 17:00:10 | Computer Name = USER-BCBE98E29B | Source = MsiInstaller | ID = 1023
Description = Product: Panda Cloud Antivirus - Update '{B35E8B29-555F-4E2E-9DB2-D107A525F136}'
could not be installed. Error code 1642. Additional information is available in
the log file C:\WINDOWS\TEMP\PSLogs\Panda Cloud Antivirus_MSI_C.Log.

Error - 11/01/2012 14:53:15 | Computer Name = USER-BCBE98E29B | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ System Events ]
Error - 04/02/2012 17:10:16 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Scheduler service failed to start due to the following
error: %%3

Error - 04/02/2012 17:10:16 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%3

Error - 04/02/2012 17:10:16 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 04/02/2012 17:10:48 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avipbb

Error - 04/02/2012 18:43:25 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7034
Description = The Panda Cloud Antivirus Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 04/02/2012 18:48:13 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error: %%2

Error - 04/02/2012 18:48:13 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Scheduler service failed to start due to the following
error: %%3

Error - 04/02/2012 18:48:13 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%3

Error - 04/02/2012 18:48:13 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 04/02/2012 18:48:57 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avipbb

[ System Events ]
Error - 04/02/2012 17:10:16 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Scheduler service failed to start due to the following
error: %%3

Error - 04/02/2012 17:10:16 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%3

Error - 04/02/2012 17:10:16 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 04/02/2012 17:10:48 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avipbb

Error - 04/02/2012 18:43:25 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7034
Description = The Panda Cloud Antivirus Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 04/02/2012 18:48:13 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error: %%2

Error - 04/02/2012 18:48:13 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Scheduler service failed to start due to the following
error: %%3

Error - 04/02/2012 18:48:13 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%3

Error - 04/02/2012 18:48:13 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 04/02/2012 18:48:57 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avipbb


< End of report >
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, saltash! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.


Step 1.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    c:|Bandoo;true;true;true; /FP
    c:|Searchqu;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


Step 3.

Please post:

OTL.txt
Extras.txt
aswMBR log


Give me any updates on issues with your computer
  • 0

#3
saltash

saltash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi CompCav firstly may I thank you for your assistance. Since I posted my problem I have uninstalled Panda Cloud Anti Virus and installed Avast which seems to be working fine.
I ran OTL twice with the items you asked to be scanned and each time it only gave me one set of logs (OTL Notepad) there wasn't a log of Extras Txt ?????.
The computer has been behaving very erratically with programmes hanging and me having to close the pc manually.
Here are the logs requested.
OTL logfile created on: 06/02/2012 21:08:47 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User.USER-BCBE98E29B\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

255.53 Mb Total Physical Memory | 65.89 Mb Available Physical Memory | 25.79% Memory free
618.91 Mb Paging File | 281.30 Mb Available in Paging File | 45.45% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 18.31 Gb Free Space | 49.14% Space Free | Partition Type: NTFS
Drive D: | 3.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: USER-BCBE98E29B | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/05 16:28:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User.USER-BCBE98E29B\Desktop\OTL.exe
PRC - [2011/12/06 10:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/11/28 18:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/18 21:36:04 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/04/07 13:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2011/01/24 12:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008/04/14 11:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/06 19:19:14 | 001,690,112 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12020601\algo.dll
MOD - [2012/02/06 09:09:01 | 001,689,600 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12020600\algo.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/18 21:36:04 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/01/24 12:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 17:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 17:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 17:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 17:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 17:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 17:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 17:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/02 11:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/01/17 08:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/17 07:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2011/01/12 09:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/07/08 07:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 07:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/02/26 15:22:48 | 000,010,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvmpu401.sys -- (nvmpu401) Service for NVIDIA® nForce™
DRV - [2003/08/07 16:42:30 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)
DRV - [2001/12/17 11:25:58 | 000,015,417 | R--- | M] (Scientific Atlanta) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WebSTAR.sys -- (WebSTARNdis)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/05 17:54:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/10 19:26:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 09:17:50 | 000,000,000 | ---D | M]

[2012/01/03 21:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Extensions
[2012/01/07 08:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions
[2011/12/03 23:02:56 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/12/03 23:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions
[2011/12/03 23:02:53 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/01/03 21:20:10 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\searchplugins\Search_Results.xml
[2012/01/03 21:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER.USER-BCBE98E29B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L34NQ7FM.DEFAULT\EXTENSIONS\{1CED4832-F06E-413F-AA14-9EB63AD40ACE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER.USER-BCBE98E29B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L34NQ7FM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER.USER-BCBE98E29B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L34NQ7FM.DEFAULT\EXTENSIONS\[email protected]
[2012/01/10 19:26:47 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/17 15:53:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/10 19:26:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/03 21:20:10 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/01/10 19:26:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/11/21 02:06:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD53D902-2763-4B83-B3C7-1EC5960E0516}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msencarta {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\MSREF.DLL ()
O18 - Protocol\Handler\msero {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\msero.dll ()
O18 - Protocol\Handler\msref {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\MSREF.DLL ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/22 11:38:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/05/31 11:02:06 | 000,000,055 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2000/11/30 01:36:42 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/05 18:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/02/05 18:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/02/05 18:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\Application Data\Google
[2012/02/05 18:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/02/05 18:00:31 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/02/05 18:00:30 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/02/05 18:00:20 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/02/05 18:00:19 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/02/05 18:00:15 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/02/05 18:00:13 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/02/05 18:00:13 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/02/05 18:00:11 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/02/05 17:53:49 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/02/05 17:53:41 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/02/05 17:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/05 17:24:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/05 16:27:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User.USER-BCBE98E29B\Desktop\OTL.exe
[2012/02/04 19:46:39 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/03 16:27:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User.USER-BCBE98E29B\Recent

========== Files - Modified Within 30 Days ==========

[2012/02/06 21:19:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/06 20:47:44 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/06 20:46:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/06 20:46:47 | 268,013,568 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/06 18:30:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/05 18:36:37 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/05 18:10:40 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/02/05 18:00:52 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/02/05 18:00:15 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/02/05 16:28:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User.USER-BCBE98E29B\Desktop\OTL.exe
[2012/01/31 22:21:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 19:31:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/10 22:54:56 | 000,516,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/10 22:54:56 | 000,092,398 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/02/05 18:10:41 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/05 18:10:40 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/02/05 18:02:34 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/05 18:02:29 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/05 18:00:52 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/01/31 22:21:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/09/22 21:50:39 | 000,000,112 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/06/12 10:40:55 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/01 18:30:57 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/12/23 12:56:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2010/12/04 14:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avoffice.INI
[2010/12/04 13:04:39 | 000,000,111 | ---- | C] () -- C:\WINDOWS\magix.ini
[2010/12/04 12:30:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/29 17:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/22 11:40:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/22 11:35:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/22 11:24:58 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/11/22 11:24:58 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/11/22 11:24:58 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/11/22 11:24:58 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/11/22 11:18:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/22 10:42:10 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/11/22 10:42:08 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2010/11/22 10:42:02 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2010/11/22 10:15:49 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 11:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 11:00:00 | 000,516,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 11:00:00 | 000,092,398 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 11:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/10 11:09:54 | 000,000,160 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/04/10 10:09:53 | 000,000,160 | ---- | C] () -- C:\WINDOWS\oeminfo.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/08/07 16:42:30 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2000/08/15 15:16:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\clcd32.dll
[2000/08/15 15:16:00 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\clcd16.dll
[2000/08/07 13:42:52 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LTDLL.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchqu;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >
[2012/01/03 21:42:38 | 000,000,000 | ---D | M] -- c:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\Application Data\Ilivid Player
[2012/01/03 21:25:04 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar
[2012/01/03 21:23:03 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar\Datamngr


< MD5 for: EXPLORER.EXE >
[2008/04/14 11:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 11:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 11:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 11:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 11:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 11:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 11:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 11:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 11:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 11:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 11:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/14 11:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{0BB1DDA3-9BCA-4DB7-BD79-D401393FC1FB}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{4B7AC461-6E4F-41E6-B494-79040386D61A}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{721AC912-B5C9-40D8-B4EA-A23375B8270E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{AD53D902-2763-4B83-B3C7-1EC5960E0516}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{D5A17C1C-D7A2-405B-99E8-93F182C420D4}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/14 11:00:00 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2008/04/14 11:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-06 21:46:00
-----------------------------
21:46:00.671 OS Version: Windows 5.1.2600 Service Pack 3
21:46:00.671 Number of processors: 1 586 0x204
21:46:00.687 ComputerName: USER-BCBE98E29B UserName: User
21:47:53.578 Initialize success
21:47:57.859 AVAST engine defs: 12020601
21:49:31.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:49:31.609 Disk 0 Vendor: ST340015A 3.01 Size: 38166MB BusType: 3
21:49:31.640 Disk 0 MBR read successfully
21:49:31.640 Disk 0 MBR scan
21:49:31.953 Disk 0 Windows XP default MBR code
21:49:31.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
21:49:32.046 Disk 0 scanning sectors +78140160
21:49:32.437 Disk 0 scanning C:\WINDOWS\system32\drivers
21:50:02.437 Service scanning
21:50:09.078 Modules scanning
21:51:34.921 Disk 0 trace - called modules:
21:51:35.015 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
21:51:35.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82784030]
21:51:35.078 3 CLASSPNP.SYS[f99f1fd7] -> nt!IofCallDriver -> \Device\0000005f[0x82786f18]
21:51:35.078 5 ACPI.sys[f9968620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x827d24e0]
21:51:39.234 AVAST engine scan C:\WINDOWS
21:51:57.218 AVAST engine scan C:\WINDOWS\system32
21:59:10.265 AVAST engine scan C:\WINDOWS\system32\drivers
21:59:32.906 AVAST engine scan C:\Documents and Settings\User.USER-BCBE98E29B
22:07:47.953 AVAST engine scan C:\Documents and Settings\All Users
22:09:26.093 Scan finished successfully
22:15:35.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User.USER-BCBE98E29B\Desktop\MBR.dat"
22:15:36.375 The log file has been saved successfully to "C:\Documents and Settings\User.USER-BCBE98E29B\Desktop\aswMBR.txt"
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
OK please re run OTL.

This time click all users

And under Extra Registry place a dot next to Use SafeList
Then click Scan

Two logs will be produced, OTL.txt and Extras.txt
Please post the Extras.txt only
  • 0

#5
saltash

saltash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi CompCav I did as you suggested but still not getting an Extras log. I tried 3 times and it only gives me OTL.Txt. Notepad.
The computer is behaving really erratically with multiple windows opening but not being able to close them. Pages take ages to load ,its slower than dial up speed at the moment.
Any suggestions please?
  • 0

#6
saltash

saltash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi CompCav I tried again and this time it worked, so as requested.
OTL Extras logfile created on: 07/02/2012 21:33:19 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User.USER-BCBE98E29B\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

255.53 Mb Total Physical Memory | 52.47 Mb Available Physical Memory | 20.53% Memory free
618.91 Mb Paging File | 315.39 Mb Available in Paging File | 50.96% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 18.24 Gb Free Space | 48.96% Space Free | Partition Type: NTFS
Drive D: | 3.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: USER-BCBE98E29B | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1409082233-1417001333-1644491937-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{02400202-5D65-445A-B3B4-3DCE72BA0C6C}" = Microsoft Encarta World Atlas 2001 - WE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15D9EB74-998E-4A04-B468-51C2E7B32182}" = Microsoft Picture It! Publishing 2001
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D719053-5593-11D3-8F25-0060085C1758}" = Microsoft AutoRoute 2001
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}" = Microsoft Money 2001
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"FoneSync" = FoneSync
"Google Chrome" = Google Chrome
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"ie8" = Windows Internet Explorer 8
"MAGIX @udio & video office OEM" = MAGIX @udio & video office OEM
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Drivers" = NVIDIA Drivers
"PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0
"Recuva" = Recuva
"SB_ClipboardPath" = ClipboardPath
"Shockwave" = Shockwave
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebSTAR Uninstall" = WebSTAR DPX USB Cable Modem Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/11/2011 17:03:08 | Computer Name = USER-BCBE98E29B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 02/11/2011 17:06:42 | Computer Name = USER-BCBE98E29B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 23/11/2011 05:43:32 | Computer Name = USER-BCBE98E29B | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 05/12/2011 17:00:09 | Computer Name = USER-BCBE98E29B | Source = MsiInstaller | ID = 1023
Description = Product: Panda Cloud Antivirus - Update '{1C58D052-1739-48F5-BF3F-DB461BED6297}'
could not be installed. Error code 1642. Additional information is available in
the log file C:\WINDOWS\TEMP\PSLogs\Panda Cloud Antivirus_MSI_B.Log.

Error - 05/12/2011 17:00:10 | Computer Name = USER-BCBE98E29B | Source = MsiInstaller | ID = 1023
Description = Product: Panda Cloud Antivirus - Update '{B35E8B29-555F-4E2E-9DB2-D107A525F136}'
could not be installed. Error code 1642. Additional information is available in
the log file C:\WINDOWS\TEMP\PSLogs\Panda Cloud Antivirus_MSI_C.Log.

Error - 11/01/2012 14:53:15 | Computer Name = USER-BCBE98E29B | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ Application Events ]
Error - 02/11/2011 17:03:08 | Computer Name = USER-BCBE98E29B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 02/11/2011 17:06:42 | Computer Name = USER-BCBE98E29B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 23/11/2011 05:43:32 | Computer Name = USER-BCBE98E29B | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 05/12/2011 17:00:09 | Computer Name = USER-BCBE98E29B | Source = MsiInstaller | ID = 1023
Description = Product: Panda Cloud Antivirus - Update '{1C58D052-1739-48F5-BF3F-DB461BED6297}'
could not be installed. Error code 1642. Additional information is available in
the log file C:\WINDOWS\TEMP\PSLogs\Panda Cloud Antivirus_MSI_B.Log.

Error - 05/12/2011 17:00:10 | Computer Name = USER-BCBE98E29B | Source = MsiInstaller | ID = 1023
Description = Product: Panda Cloud Antivirus - Update '{B35E8B29-555F-4E2E-9DB2-D107A525F136}'
could not be installed. Error code 1642. Additional information is available in
the log file C:\WINDOWS\TEMP\PSLogs\Panda Cloud Antivirus_MSI_C.Log.

Error - 11/01/2012 14:53:15 | Computer Name = USER-BCBE98E29B | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ Application Events ]
Error - 02/11/2011 17:03:08 | Computer Name = USER-BCBE98E29B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 02/11/2011 17:06:42 | Computer Name = USER-BCBE98E29B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 23/11/2011 05:43:32 | Computer Name = USER-BCBE98E29B | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 05/12/2011 17:00:09 | Computer Name = USER-BCBE98E29B | Source = MsiInstaller | ID = 1023
Description = Product: Panda Cloud Antivirus - Update '{1C58D052-1739-48F5-BF3F-DB461BED6297}'
could not be installed. Error code 1642. Additional information is available in
the log file C:\WINDOWS\TEMP\PSLogs\Panda Cloud Antivirus_MSI_B.Log.

Error - 05/12/2011 17:00:10 | Computer Name = USER-BCBE98E29B | Source = MsiInstaller | ID = 1023
Description = Product: Panda Cloud Antivirus - Update '{B35E8B29-555F-4E2E-9DB2-D107A525F136}'
could not be installed. Error code 1642. Additional information is available in
the log file C:\WINDOWS\TEMP\PSLogs\Panda Cloud Antivirus_MSI_C.Log.

Error - 11/01/2012 14:53:15 | Computer Name = USER-BCBE98E29B | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ System Events ]
Error - 07/02/2012 14:38:43 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 07/02/2012 14:39:31 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avipbb

Error - 07/02/2012 16:21:19 | Computer Name = USER-BCBE98E29B | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000009A'
while processing the file 'FWSettings.ini' on the volume 'HarddiskVolume1'. It
has stopped monitoring the volume.

Error - 07/02/2012 16:40:06 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error: %%2

Error - 07/02/2012 16:40:06 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Scheduler service failed to start due to the following
error: %%3

Error - 07/02/2012 16:40:06 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%3

Error - 07/02/2012 16:40:06 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 07/02/2012 16:41:50 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avipbb

Error - 07/02/2012 16:42:25 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 07/02/2012 16:42:25 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

[ System Events ]
Error - 07/02/2012 14:38:43 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 07/02/2012 14:39:31 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avipbb

Error - 07/02/2012 16:21:19 | Computer Name = USER-BCBE98E29B | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000009A'
while processing the file 'FWSettings.ini' on the volume 'HarddiskVolume1'. It
has stopped monitoring the volume.

Error - 07/02/2012 16:40:06 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error: %%2

Error - 07/02/2012 16:40:06 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Scheduler service failed to start due to the following
error: %%3

Error - 07/02/2012 16:40:06 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%3

Error - 07/02/2012 16:40:06 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 07/02/2012 16:41:50 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avipbb

Error - 07/02/2012 16:42:25 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 07/02/2012 16:42:25 | Computer Name = USER-BCBE98E29B | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053


< End of report >
  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Please uninstall iLivid
Start >> Control Panel >> Add/Remove Programs. Select iLivid and uninstall it.

and

Your error log shows issues with Avira (due to incomplete uninstall that is typical of many if not all antivirus programs), we need to clean up Avira remnants from your system.
Please download the Avira registrycleaner here. to your desktop.
Run it and reboot before going to the next step.

Since you have uninstalled Panda Security and installed Avast! free. We need to address the leftovers for Panda as well.
Panda security is difficult to uninstall and when it is not completely off your machine it can cause problems like you are describing. After doing a standard uninstall from the control panel add/remove programs it is necessary to clean it completely off your computer.
Therefore we need to run the uninstaller on this page.
You will see the file, uninstaller.exe to download and run. You will need to watch the short video to make sure you understand all the steps numbered 1 to 6.


Step 2.

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it this fix hangs again, then completely uninstall MalwareBytes' and run the fix again.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    PRC - [2011/12/06 10:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
    SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
    SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    [2011/12/03 23:02:56 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [2011/12/03 23:02:53 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [2012/01/03 21:20:10 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\searchplugins\Search_Results.xml
    [2011/06/17 15:53:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/01/03 21:20:10 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
    O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
    O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    [2012/01/03 21:42:38 | 000,000,000 | ---D | M] -- c:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\Application Data\Ilivid Player
    [2012/01/03 21:25:04 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar
    [2012/01/03 21:23:03 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar\Datamngr
    [2010/11/23 09:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = DWORD:2
    
    
    
    :Files
    C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
    
    
    
    
    :Commands
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


Step 3.

Download TDSSKiller here and save to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 4.

Posted ImagePlease download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 5.

Please download Farbar Service Scanner and run it on the computer with the issue.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step 6.

Please post:

OTL fix log
TDSSKiller log
mbam log
FSS.txt


Please note any change in your computer in your next reply.
  • 0

#8
saltash

saltash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi Compcav I have been doing as requested, I deleted iLivid weeks ago and there is no entry in "Add and Remove".
I uninstalled Avira but it was unable to remove 4 files.
I ran OTL as requested but I am unable to locate the log file, i have used "Search" but it came up with nothing after running for more than 20 minutes.
I ran Kaspersky TDSS killer which came up with 3 suspicious items.
As the PC is running so slowly (its taken nearly 4 hours to get to this stage) I will continue tomorrow.
Thanks for your assistance.
TDSS log22:30:17.0421 3228 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
22:30:19.0437 3228 ============================================================
22:30:19.0437 3228 Current date / time: 2012/02/08 22:30:19.0437
22:30:19.0437 3228 SystemInfo:
22:30:19.0437 3228
22:30:19.0437 3228 OS Version: 5.1.2600 ServicePack: 3.0
22:30:19.0437 3228 Product type: Workstation
22:30:19.0437 3228 ComputerName: USER-BCBE98E29B
22:30:19.0437 3228 UserName: User
22:30:19.0437 3228 Windows directory: C:\WINDOWS
22:30:19.0437 3228 System windows directory: C:\WINDOWS
22:30:19.0437 3228 Processor architecture: Intel x86
22:30:19.0437 3228 Number of processors: 1
22:30:19.0437 3228 Page size: 0x1000
22:30:19.0437 3228 Boot type: Normal boot
22:30:19.0437 3228 ============================================================
22:31:44.0671 3228 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
22:31:44.0984 3228 \Device\Harddisk0\DR0:
22:31:45.0015 3228 MBR used
22:31:45.0015 3228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
22:31:45.0281 3228 Initialize success
22:31:45.0281 3228 ============================================================
22:33:06.0500 3844 ============================================================
22:33:06.0515 3844 Scan started
22:33:06.0515 3844 Mode: Manual; SigCheck; TDLFS;
22:33:06.0515 3844 ============================================================
22:33:07.0718 3844 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:33:10.0578 3844 Aavmker4 - ok
22:33:10.0859 3844 Abiosdsk - ok
22:33:11.0031 3844 abp480n5 - ok
22:33:12.0812 3844 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:33:16.0078 3844 ACPI - ok
22:33:16.0437 3844 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:33:16.0671 3844 ACPIEC - ok
22:33:16.0890 3844 adpu160m - ok
22:33:17.0171 3844 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
22:33:17.0453 3844 aeaudio - ok
22:33:17.0828 3844 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:33:18.0046 3844 aec - ok
22:33:18.0531 3844 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:33:18.0718 3844 AFD - ok
22:33:19.0093 3844 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:33:19.0312 3844 agp440 - ok
22:33:19.0500 3844 Aha154x - ok
22:33:19.0671 3844 aic78u2 - ok
22:33:19.0875 3844 aic78xx - ok
22:33:20.0078 3844 AliIde - ok
22:33:20.0234 3844 amsint - ok
22:33:20.0656 3844 asc - ok
22:33:20.0875 3844 asc3350p - ok
22:33:21.0078 3844 asc3550 - ok
22:33:21.0328 3844 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:33:21.0359 3844 aswFsBlk - ok
22:33:21.0734 3844 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
22:33:21.0796 3844 aswMon2 - ok
22:33:22.0062 3844 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
22:33:22.0093 3844 aswRdr - ok
22:33:22.0593 3844 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
22:33:22.0812 3844 aswSnx - ok
22:33:23.0109 3844 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
22:33:23.0234 3844 aswSP - ok
22:33:23.0625 3844 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
22:33:23.0656 3844 aswTdi - ok
22:33:23.0906 3844 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:33:24.0140 3844 AsyncMac - ok
22:33:24.0531 3844 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:33:24.0750 3844 atapi - ok
22:33:24.0937 3844 Atdisk - ok
22:33:25.0171 3844 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:33:25.0421 3844 Atmarpc - ok
22:33:25.0843 3844 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:33:26.0093 3844 audstub - ok
22:33:26.0609 3844 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:33:26.0828 3844 Beep - ok
22:33:27.0125 3844 catchme - ok
22:33:27.0406 3844 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:33:27.0859 3844 cbidf2k - ok
22:33:28.0140 3844 cd20xrnt - ok
22:33:28.0375 3844 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:33:28.0578 3844 Cdaudio - ok
22:33:28.0921 3844 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:33:29.0140 3844 Cdfs - ok
22:33:29.0640 3844 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:33:29.0859 3844 Cdrom - ok
22:33:30.0140 3844 Changer - ok
22:33:30.0640 3844 CmdIde - ok
22:33:30.0906 3844 Cpqarray - ok
22:33:31.0109 3844 dac2w2k - ok
22:33:31.0265 3844 dac960nt - ok
22:33:32.0000 3844 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:33:32.0281 3844 Disk - ok
22:33:32.0890 3844 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:33:33.0500 3844 dmboot - ok
22:33:33.0906 3844 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:33:34.0203 3844 dmio - ok
22:33:34.0593 3844 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:33:34.0796 3844 dmload - ok
22:33:35.0062 3844 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:33:35.0265 3844 DMusic - ok
22:33:35.0625 3844 dpti2o - ok
22:33:35.0859 3844 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:33:36.0156 3844 drmkaud - ok
22:33:36.0531 3844 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:33:36.0593 3844 E100B - ok
22:33:37.0031 3844 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:33:37.0328 3844 Fastfat - ok
22:33:37.0734 3844 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:33:37.0968 3844 Fdc - ok
22:33:38.0375 3844 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:33:38.0625 3844 Fips - ok
22:33:38.0890 3844 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:33:39.0125 3844 Flpydisk - ok
22:33:39.0421 3844 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:33:39.0718 3844 FltMgr - ok
22:33:40.0093 3844 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:33:40.0312 3844 Fs_Rec - ok
22:33:40.0656 3844 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:33:40.0921 3844 Ftdisk - ok
22:33:41.0296 3844 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:33:41.0546 3844 gameenum - ok
22:33:41.0984 3844 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:33:42.0078 3844 GEARAspiWDM - ok
22:33:42.0437 3844 genmcmnUSB (c791d0c9178baf98a5886175ffcda1bf) C:\WINDOWS\system32\DRIVERS\gflmouhid.sys
22:33:42.0656 3844 genmcmnUSB - ok
22:33:43.0000 3844 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:33:43.0234 3844 Gpc - ok
22:33:43.0734 3844 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:33:44.0000 3844 HidUsb - ok
22:33:44.0343 3844 hpn - ok
22:33:44.0625 3844 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:33:44.0906 3844 HTTP - ok
22:33:45.0203 3844 i2omgmt - ok
22:33:45.0359 3844 i2omp - ok
22:33:45.0625 3844 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:33:45.0890 3844 i8042prt - ok
22:33:46.0171 3844 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:33:46.0437 3844 Imapi - ok
22:33:46.0718 3844 ini910u - ok
22:33:46.0984 3844 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:33:47.0187 3844 IntelIde - ok
22:33:47.0468 3844 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:33:47.0687 3844 intelppm - ok
22:33:48.0109 3844 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:33:48.0359 3844 Ip6Fw - ok
22:33:48.0781 3844 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:33:48.0968 3844 IpFilterDriver - ok
22:33:49.0390 3844 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:33:49.0703 3844 IpInIp - ok
22:33:50.0187 3844 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:33:50.0453 3844 IpNat - ok
22:33:50.0906 3844 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:33:51.0125 3844 IPSec - ok
22:33:51.0500 3844 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:33:51.0593 3844 IRENUM - ok
22:33:51.0812 3844 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:33:52.0015 3844 isapnp - ok
22:33:52.0437 3844 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:33:52.0656 3844 Kbdclass - ok
22:33:53.0015 3844 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:33:53.0234 3844 kbdhid - ok
22:33:53.0781 3844 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:33:54.0093 3844 kmixer - ok
22:33:54.0500 3844 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:33:55.0218 3844 KSecDD - ok
22:33:55.0546 3844 lbrtfdc - ok
22:33:56.0062 3844 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:33:56.0296 3844 mnmdd - ok
22:33:56.0703 3844 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:33:56.0968 3844 Modem - ok
22:33:57.0375 3844 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:33:57.0593 3844 Mouclass - ok
22:33:57.0765 3844 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:33:57.0984 3844 mouhid - ok
22:33:58.0250 3844 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:33:58.0500 3844 MountMgr - ok
22:33:58.0843 3844 mraid35x - ok
22:33:59.0140 3844 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:33:59.0437 3844 MRxDAV - ok
22:33:59.0937 3844 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:34:00.0265 3844 MRxSmb - ok
22:34:00.0671 3844 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:34:00.0890 3844 Msfs - ok
22:34:01.0156 3844 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:34:01.0390 3844 MSKSSRV - ok
22:34:01.0656 3844 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:34:01.0890 3844 MSPCLOCK - ok
22:34:02.0296 3844 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:34:02.0531 3844 MSPQM - ok
22:34:02.0921 3844 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:34:03.0171 3844 mssmbios - ok
22:34:03.0578 3844 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:34:03.0718 3844 Mup - ok
22:34:04.0156 3844 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:34:04.0406 3844 NDIS - ok
22:34:04.0781 3844 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:34:04.0906 3844 NdisTapi - ok
22:34:05.0281 3844 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:34:05.0484 3844 Ndisuio - ok
22:34:05.0859 3844 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:34:06.0078 3844 NdisWan - ok
22:34:06.0375 3844 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:34:06.0500 3844 NDProxy - ok
22:34:06.0875 3844 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:34:07.0093 3844 NetBIOS - ok
22:34:07.0312 3844 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:34:07.0578 3844 NetBT - ok
22:34:08.0078 3844 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:34:08.0312 3844 Npfs - ok
22:34:08.0859 3844 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:34:09.0328 3844 Ntfs - ok
22:34:10.0000 3844 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
22:34:10.0062 3844 NuidFltr - ok
22:34:10.0437 3844 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:34:10.0687 3844 Null - ok
22:34:11.0359 3844 nv (1685a86ce8dc5a70d307dca625fb50e7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:34:14.0531 3844 nv - ok
22:34:14.0859 3844 nvmpu401 (d509ef6e99d1b55887fdc0cb61fd5a42) C:\WINDOWS\system32\drivers\nvmpu401.sys
22:34:14.0921 3844 nvmpu401 - ok
22:34:15.0281 3844 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:34:15.0531 3844 NwlnkFlt - ok
22:34:15.0906 3844 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:34:16.0171 3844 NwlnkFwd - ok
22:34:16.0531 3844 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:34:16.0781 3844 Parport - ok
22:34:17.0140 3844 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:34:17.0359 3844 PartMgr - ok
22:34:17.0750 3844 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:34:17.0968 3844 ParVdm - ok
22:34:18.0375 3844 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:34:18.0593 3844 PCI - ok
22:34:18.0828 3844 PCIDump - ok
22:34:18.0984 3844 PCIIde - ok
22:34:19.0250 3844 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:34:19.0484 3844 Pcmcia - ok
22:34:19.0812 3844 PCTAppEvent (7ea0ebd6e5aa687e116eb185a7cfb667) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
22:34:19.0921 3844 PCTAppEvent - ok
22:34:20.0296 3844 PCTFW-PacketFilter (60af5fa418efe284fb81dbbf5a0391fb) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
22:34:20.0390 3844 PCTFW-PacketFilter - ok
22:34:20.0796 3844 pctgntdi (5be722c8c9bba995693c8cd524d83b27) C:\WINDOWS\system32\drivers\pctgntdi.sys
22:34:20.0890 3844 pctgntdi - ok
22:34:21.0281 3844 pctNdis (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
22:34:21.0343 3844 pctNdis - ok
22:34:21.0390 3844 pctNdisMP (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
22:34:21.0406 3844 pctNdisMP - ok
22:34:21.0828 3844 pctplfw (fe6803af91ddb32ff8edf5d6c0d370af) C:\WINDOWS\system32\drivers\pctplfw.sys
22:34:21.0890 3844 pctplfw - ok
22:34:22.0234 3844 PDCOMP - ok
22:34:22.0406 3844 PDFRAME - ok
22:34:22.0562 3844 PDRELI - ok
22:34:23.0281 3844 PDRFRAME - ok
22:34:23.0484 3844 perc2 - ok
22:34:23.0640 3844 perc2hib - ok
22:34:23.0968 3844 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:34:24.0187 3844 PptpMiniport - ok
22:34:24.0453 3844 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:34:24.0671 3844 Ptilink - ok
22:34:24.0890 3844 ql1080 - ok
22:34:25.0046 3844 Ql10wnt - ok
22:34:25.0234 3844 ql12160 - ok
22:34:25.0437 3844 ql1240 - ok
22:34:25.0593 3844 ql1280 - ok
22:34:25.0843 3844 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:34:26.0046 3844 RasAcd - ok
22:34:26.0468 3844 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:34:26.0718 3844 Rasl2tp - ok
22:34:27.0093 3844 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:34:27.0343 3844 RasPppoe - ok
22:34:27.0671 3844 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:34:27.0921 3844 Raspti - ok
22:34:28.0281 3844 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:34:28.0578 3844 Rdbss - ok
22:34:29.0109 3844 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:34:29.0343 3844 RDPCDD - ok
22:34:29.0921 3844 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:34:30.0062 3844 RDPWD - ok
22:34:30.0421 3844 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:34:30.0640 3844 redbook - ok
22:34:30.0906 3844 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:34:30.0921 3844 SASDIFSV - ok
22:34:30.0984 3844 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:34:31.0062 3844 SASKUTIL - ok
22:34:31.0390 3844 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:34:31.0531 3844 Secdrv - ok
22:34:31.0968 3844 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:34:32.0187 3844 serenum - ok
22:34:32.0484 3844 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:34:32.0750 3844 Serial - ok
22:34:33.0046 3844 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:34:33.0265 3844 Sfloppy - ok
22:34:33.0468 3844 Simbad - ok
22:34:33.0859 3844 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
22:34:34.0187 3844 smwdm - ok
22:34:34.0468 3844 Sparrow - ok
22:34:34.0875 3844 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:34:35.0062 3844 splitter - ok
22:34:35.0484 3844 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:34:35.0609 3844 sr - ok
22:34:36.0062 3844 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:34:36.0406 3844 Srv - ok
22:34:36.0796 3844 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:34:37.0031 3844 swenum - ok
22:34:37.0421 3844 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:34:37.0656 3844 swmidi - ok
22:34:37.0828 3844 symc810 - ok
22:34:37.0984 3844 symc8xx - ok
22:34:38.0187 3844 sym_hi - ok
22:34:38.0359 3844 sym_u3 - ok
22:34:38.0593 3844 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:34:38.0828 3844 sysaudio - ok
22:34:39.0187 3844 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:34:39.0562 3844 Tcpip - ok
22:34:39.0921 3844 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:34:40.0156 3844 TDPIPE - ok
22:34:40.0515 3844 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:34:40.0765 3844 TDTCP - ok
22:34:41.0156 3844 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:34:41.0375 3844 TermDD - ok
22:34:41.0718 3844 TosIde - ok
22:34:42.0000 3844 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:34:42.0218 3844 Udfs - ok
22:34:42.0421 3844 ultra - ok
22:34:42.0765 3844 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:34:43.0125 3844 Update - ok
22:34:43.0531 3844 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:34:43.0734 3844 usbccgp - ok
22:34:43.0968 3844 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:34:44.0218 3844 usbehci - ok
22:34:44.0562 3844 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:34:44.0828 3844 usbhub - ok
22:34:45.0078 3844 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:34:45.0265 3844 usbprint - ok
22:34:45.0531 3844 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:34:45.0796 3844 USBSTOR - ok
22:34:46.0234 3844 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:34:46.0421 3844 usbuhci - ok
22:34:46.0656 3844 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:34:46.0890 3844 VgaSave - ok
22:34:47.0093 3844 ViaIde - ok
22:34:47.0328 3844 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:34:47.0546 3844 VolSnap - ok
22:34:47.0781 3844 vulfnths (c0f55cc0903cfdc819f6d857402b697c) C:\WINDOWS\System32\Drivers\vulfnth.sys
22:34:47.0859 3844 vulfnths ( UnsignedFile.Multi.Generic ) - warning
22:34:47.0875 3844 vulfnths - detected UnsignedFile.Multi.Generic (1)
22:34:48.0218 3844 vulfntrs (545d98a7f61af1c7c4ad38b8f333e0b7) C:\WINDOWS\System32\Drivers\vulfntr.sys
22:34:48.0265 3844 vulfntrs ( UnsignedFile.Multi.Generic ) - warning
22:34:48.0265 3844 vulfntrs - detected UnsignedFile.Multi.Generic (1)
22:34:48.0656 3844 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:34:48.0906 3844 Wanarp - ok
22:34:49.0296 3844 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:34:49.0562 3844 Wdf01000 - ok
22:34:49.0906 3844 WDICA - ok
22:34:50.0203 3844 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:34:50.0468 3844 wdmaud - ok
22:34:51.0031 3844 WebSTARNdis (a0a2082f983d05e2ca2435ec3429edea) C:\WINDOWS\system32\DRIVERS\WebSTAR.sys
22:34:51.0078 3844 WebSTARNdis ( UnsignedFile.Multi.Generic ) - warning
22:34:51.0078 3844 WebSTARNdis - detected UnsignedFile.Multi.Generic (1)
22:34:51.0578 3844 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:34:51.0843 3844 WS2IFSL - ok
22:34:52.0234 3844 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:34:52.0328 3844 WudfPf - ok
22:34:52.0703 3844 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:34:52.0765 3844 WudfRd - ok
22:34:52.0875 3844 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:34:53.0406 3844 \Device\Harddisk0\DR0 - ok
22:34:53.0437 3844 Boot (0x1200) (e9ae3880479233a85e65e3eabb2837a5) \Device\Harddisk0\DR0\Partition0
22:34:53.0484 3844 \Device\Harddisk0\DR0\Partition0 - ok
22:34:53.0484 3844 ============================================================
22:34:53.0484 3844 Scan finished
22:34:53.0484 3844 ============================================================
22:34:53.0687 2648 Detected object count: 3
22:34:53.0687 2648 Actual detected object count: 3
22:36:00.0171 2648 vulfnths ( UnsignedFile.Multi.Generic ) - skipped by user
22:36:00.0171 2648 vulfnths ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:36:00.0171 2648 vulfntrs ( UnsignedFile.Multi.Generic ) - skipped by user
22:36:00.0171 2648 vulfntrs ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:36:00.0171 2648 WebSTARNdis ( UnsignedFile.Multi.Generic ) - skipped by user
22:36:00.0171 2648 WebSTARNdis ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:36:45.0218 3224 Deinitialize success
  • 0

#9
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Did you download and run the Avira registry cleaner and did you download and run the Panda uninstaller?
  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
The OTL fix file is located here:

If the machine reboots, the OTL fix log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


So look on your C:\ drive and you will see a folder named _OTL do not miss the underline in front of the OTL.
  • 0

Advertisements


#11
saltash

saltash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Yes all done, I will continue with the other requests later. Thanks for your time
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Glad to help! :happy:
  • 0

#13
saltash

saltash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Found it Compcav, Avast was opening OTL in a sandbox and not saving anything when closing.

========== OTL ==========
No active process named datamngrUI.exe was found!
Error: No service named AntiVirService was found to stop!
Service\Driver key AntiVirService not found.
Error: No service named AntiVirSchedulerService was found to stop!
Service\Driver key AntiVirSchedulerService not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$_OUTDIR\Setup\ADA folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$_OUTDIR\Setup folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$_OUTDIR folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} folder moved successfully.
Folder move failed. C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56] scheduled to be moved on reboot.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[34] folder moved successfully.
Folder move failed. C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin scheduled to be moved on reboot.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\ADA folder moved successfully.
Folder move failed. C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup scheduled to be moved on reboot.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\uwa folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\panels\images folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\panels\default folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\panels\css folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\panels folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\locale\toolbar folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\locale\lib folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\locale folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\data\search folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\data folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\content\widgets\net.vmn.www.ToolbarCleaner folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\content\widgets\net.vmn.www.BrowserDataCleaner folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\content\widgets\keypad folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\content\widgets folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\content\modules folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\content\lib folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\content folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome folder moved successfully.
Folder move failed. C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} scheduled to be moved on reboot.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} folder moved successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\searchplugins\Search_Results.xml moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\ deleted successfully.
C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\ not found.
File C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
c:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\Application Data\Ilivid Player folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr folder moved successfully.
c:\Program Files\Windows iLivid Toolbar folder moved successfully.
Folder c:\Program Files\Windows iLivid Toolbar\Datamngr\ not found.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\\"DisableSR" | DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr\\"Start" | DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService\\"Start" | DWORD:2 /E : value set successfully!

OTL by OldTimer - Version 3.2.31.0 log created on 02092012_195933
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
PLease re run this it did not run right. When sandbox comes up select to allow OTL to be excluded from automatic sandboxing.



Carefully copy and paste the text into the box. Make sure when you paste it in the Posted Image textbox that it begins with :OTL and ends with [emptytemp]. Also push the correct button Posted Image


Step 2.

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it this fix hangs again, then completely uninstall MalwareBytes' and run the fix again.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    PRC - [2011/12/06 10:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
    SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
    SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    [2011/12/03 23:02:56 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [2011/12/03 23:02:53 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [2012/01/03 21:20:10 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\User.USER-BCBE98E29B\Application Data\Mozilla\Firefox\Profiles\l34nq7fm.default\searchplugins\Search_Results.xml
    [2011/06/17 15:53:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/01/03 21:20:10 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
    O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
    O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    [2012/01/03 21:42:38 | 000,000,000 | ---D | M] -- c:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\Application Data\Ilivid Player
    [2012/01/03 21:25:04 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar
    [2012/01/03 21:23:03 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar\Datamngr
    [2010/11/23 09:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = DWORD:2
    
    
    
    :Files
    C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
    
    
    
    
    :Commands
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.




Then post this OTL fix log.
  • 0

#15
saltash

saltash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
CompCav here is my Malwarebytes log, I will re-run OTL and post tomorrow. Once again thanks for your time.
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-BCBE98E29B [administrator]

09/02/2012 20:41:10
mbam-log-2012-02-09 (20-41-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250830
Time elapsed: 1 hour(s), 1 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\temp\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User.USER-BCBE98E29B\Local Settings\temp\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP