Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Having trouble just keeping my computer going [Solved]


  • This topic is locked This topic is locked

#1
lifeisgood

lifeisgood

    Member

  • Member
  • PipPip
  • 14 posts
Hi

My computer has been acting slow, getting slower, and I keep getting 'page unresponsive' messages. Today pages just started to disappear. I would open a browser window and it would close.

Here is what I got from OTL:


OTL logfile created on: 5/10/2012 2:51:47 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Lisa\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.01 Mb Total Physical Memory | 147.32 Mb Available Physical Memory | 19.21% Memory free
1.83 Gb Paging File | 0.58 Gb Available in Paging File | 31.69% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 7.18 Gb Free Space | 38.55% Space Free | Partition Type: NTFS

Computer Name: LISA-56DC7A10CB | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/10 14:43:43 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\My Documents\Downloads\OTL (3).exe
PRC - [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/09/06 12:48:42 | 000,643,240 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics BoostSpeed Special Edition\BoostSpeed.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/07/01 11:38:38 | 001,130,496 | ---- | M] (CyberArts Licensing LLC) -- C:\Program Files\PurePlay\Poker\PurePlayPoker.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/10 06:20:21 | 001,756,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12051000\algo.dll
MOD - [2012/04/27 22:07:01 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/27 22:06:59 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/27 22:05:34 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/27 22:05:33 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/27 22:05:32 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/04/27 21:09:18 | 008,743,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/06 12:48:40 | 000,348,328 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed Special Edition\madExcept_.bpl
MOD - [2010/09/06 12:48:40 | 000,182,440 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed Special Edition\madBasic_.bpl
MOD - [2010/09/06 12:48:40 | 000,048,808 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed Special Edition\madDisAsm_.bpl
MOD - [2007/09/18 08:53:40 | 000,872,448 | ---- | M] () -- C:\Program Files\PurePlay\Poker\libeay32.dll
MOD - [2007/09/18 08:53:40 | 000,159,744 | ---- | M] () -- C:\Program Files\PurePlay\Poker\ssleay32.dll
MOD - [2007/09/18 08:53:40 | 000,059,904 | ---- | M] () -- C:\Program Files\PurePlay\Poker\zlib1.dll
MOD - [2007/09/18 08:53:38 | 000,110,592 | ---- | M] () -- C:\Program Files\PurePlay\Poker\libpng.dll
MOD - [2007/08/21 14:32:44 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/02/23 12:11:24 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000065bde732a
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...F-2B6BDC86CF79
IE - HKCU\..\SearchScopes\{8BBCC9E0-8A6C-42E8-8CB0-D0175C956FBE}: "URL" = http://www.bing.com/...ms}&FORM=IE0006
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3007394
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.swagbucks.com/"
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/14 18:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/16 10:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/27 05:46:57 | 000,000,000 | ---D | M]

[2012/01/23 07:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Extensions
[2012/04/27 14:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\extensions
[2012/04/27 14:53:08 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/09 17:57:10 | 000,002,572 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\searchplugins\askcom.xml
[2012/01/22 18:47:14 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\searchplugins\conduit.xml
[2012/01/21 09:21:44 | 000,009,650 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\searchplugins\my-web-search.xml
[2012/01/23 00:56:56 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\searchplugins\Search_Results.xml
[2011/05/30 06:57:51 | 000,004,772 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\searchplugins\web-search.xml
[2012/02/11 03:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/24 12:15:58 | 000,000,000 | ---D | M] (BasicScan) -- C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
[2011/11/27 00:00:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/20 08:54:19 | 000,131,094 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H02KHY6X.DEFAULT\EXTENSIONS\[email protected]
[2012/04/16 10:26:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/19 14:58:16 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/01/29 09:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/23 00:56:56 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/01/29 09:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: &Search - http://tbedits.telev...BF&n=2012012101 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: capitalone.com ([servicing] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54717E12-DA42-4991-B83A-7572DE8E5106}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/15 11:41:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/10 14:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/05/02 11:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Application Data\DriverCure
[2012/05/02 11:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Application Data\ParetoLogic
[2012/05/02 11:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2012/05/02 11:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/26 13:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\PurePlay
[2012/04/12 14:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/04/12 14:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/01/21 19:06:45 | 000,693,648 | ---- | C] (MindSpark) -- C:\Program Files\64Uninstall TelevisionFanatic.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/10 15:05:07 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/10 14:42:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/10 07:16:19 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\1Cover Letter.rtf
[2012/05/09 22:42:01 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/09 06:10:38 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012/05/09 06:07:55 | 004,840,017 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\TD.rtf
[2012/05/09 06:03:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/09 06:03:53 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Special Edition Integrator Start On Windows Logon.job
[2012/05/09 03:22:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/09 03:22:44 | 804,339,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/09 03:22:44 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 03:03:55 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/08 18:13:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/06 19:05:28 | 000,000,977 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\Cover.rtf
[2012/05/03 20:20:48 | 000,009,465 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\lfrankelresumeS2012.rtf
[2012/05/01 21:54:18 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/05/01 10:39:47 | 000,009,306 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\lfrankelresume2011.rtf
[2012/04/27 20:34:52 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\egg recipe.rtf
[2012/04/26 13:50:40 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PurePlay Poker.lnk
[2012/04/12 14:27:37 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/06 19:05:28 | 000,000,977 | ---- | C] () -- C:\Documents and Settings\Lisa\My Documents\Cover.rtf
[2012/05/02 18:03:38 | 000,009,465 | ---- | C] () -- C:\Documents and Settings\Lisa\My Documents\lfrankelresumeS2012.rtf
[2012/04/27 20:34:51 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\Lisa\My Documents\egg recipe.rtf
[2012/04/26 13:50:40 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PurePlay Poker.lnk
[2012/04/26 13:50:40 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PurePlay Poker.lnk
[2012/04/23 22:53:15 | 004,840,017 | ---- | C] () -- C:\Documents and Settings\Lisa\My Documents\TD.rtf
[2012/04/12 14:27:37 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/02/16 02:09:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/24 12:10:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bc05731cef2e6f82d1f47ea716cadfa7_c
[2012/01/21 19:06:45 | 000,174,024 | ---- | C] () -- C:\Program Files\64res.dll
[2012/01/19 14:58:16 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/09/19 19:00:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/06/01 21:47:34 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/15 12:38:01 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/15 11:44:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/15 11:37:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/15 06:23:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/15 06:22:32 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/03/15 11:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/19 14:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/01/24 15:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/04/10 17:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2012/05/02 12:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/03/15 18:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PurePlay
[2012/05/10 15:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/09 20:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2012/01/05 00:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/28 00:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Auslogics
[2012/01/19 14:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Babylon
[2012/05/02 11:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\DriverCure
[2012/01/19 14:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\enchant
[2011/03/18 15:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\MSNInstaller
[2012/05/02 11:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\ParetoLogic
[2012/01/05 20:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\QuickScan
[2012/01/23 01:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\searchquband
[2012/02/12 12:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\SoftGrid Client
[2011/10/21 10:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\TP
[2012/05/09 06:03:53 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics BoostSpeed Special Edition Integrator Start On Windows Logon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAEDBDA6
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >

Thanks for your help,Lisa
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello lifeisgood, :wave:
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same.
Because of this, you must reply within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • All tools must be run from an account with Administrator privileges.
  • If I instruct you to download a specific tool which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, so you can check off each step as you complete it.
    Also, part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!
  • Do not do things I do not ask for, such as running a spyware scan on your computer, installing/uninstall programs, deleting files, modifying the registry or running any tools, unless instructed to do so. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date (if possible)!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

I am in the process of reviewing your logs. When you ran the OTL scan it should have also produced a Extras.txt file. I need you to post that please. It should be in the C:\Documents and Settings\Lisa\My Documents\Downloads folder.
And I want you to run one other diagnostic tool and post the results. Then we will see about clearing the nasties for you ;)


Step-1.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-2.

Things For Your Next Post:
1. The Extras.txt log
2. The aswMBR log
  • 0

#3
lifeisgood

lifeisgood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you so much for your help! Here is the first part you asked for:


OTL Extras logfile created on: 5/10/2012 2:51:47 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Lisa\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.01 Mb Total Physical Memory | 147.32 Mb Available Physical Memory | 19.21% Memory free
1.83 Gb Paging File | 0.58 Gb Available in Paging File | 31.69% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 7.18 Gb Free Space | 38.55% Space Free | Partition Type: NTFS

Computer Name: LISA-56DC7A10CB | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 30
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60EB76E2-DF31-477B-A28C-2303ADE6629D}" = PurePlay Poker
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed Special Edition
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C5AC39F1-001D-4338-84C6-35109525588A}" = TweetDeck
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AbiWord2" = AbiWord 2.8.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSNINST" = MSN
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Converter" = FoxTab PDF Converter

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2012 2:34:33 PM | Computer Name = LISA-56DC7A10CB | Source = Application Error | ID = 1000
Description = Faulting application avastui.exe, version 7.0.1426.0, faulting module
avastui.exe, version 7.0.1426.0, fault address 0x000d0b7c.

Error - 5/10/2012 2:42:56 PM | Computer Name = LISA-56DC7A10CB | Source = Application Hang | ID = 1002
Description = Hanging application OTL (2).exe, version 3.2.42.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/10/2012 2:47:31 PM | Computer Name = LISA-56DC7A10CB | Source = Application Hang | ID = 1002
Description = Hanging application OTL (3).exe, version 3.2.42.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/10/2012 2:48:39 PM | Computer Name = LISA-56DC7A10CB | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.42.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/10/2012 6:51:49 AM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 5/10/2012 6:51:49 AM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/10/2012 6:51:49 AM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 5/10/2012 6:51:49 AM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 5/10/2012 6:51:50 AM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/10/2012 6:51:50 AM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 5/10/2012 6:51:50 AM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 5/10/2012 6:51:56 AM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/10/2012 6:51:56 AM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 5/10/2012 6:51:56 AM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .


< End of report >
  • 0

#4
lifeisgood

lifeisgood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the second part. I really do appreciate your help!


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-11 11:55:52
-----------------------------
11:55:52.343 OS Version: Windows 5.1.2600 Service Pack 3
11:55:52.343 Number of processors: 1 586 0x204
11:55:52.359 ComputerName: LISA-56DC7A10CB UserName: Lisa
11:55:53.281 Initialize success
11:55:55.015 AVAST engine defs: 12051100
11:55:57.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:55:57.125 Disk 0 Vendor: ST320011A 3.75 Size: 19092MB BusType: 3
11:55:57.140 Disk 0 MBR read successfully
11:55:57.140 Disk 0 MBR scan
11:55:57.140 Disk 0 Windows XP default MBR code
11:55:57.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 19085 MB offset 63
11:55:57.140 Disk 0 scanning sectors +39086145
11:55:57.234 Disk 0 scanning C:\WINDOWS\system32\drivers
11:56:15.953 Service scanning
11:56:33.203 Modules scanning
11:56:46.109 Disk 0 trace - called modules:
11:56:46.125 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
11:56:46.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f87ab8]
11:56:46.609 3 CLASSPNP.SYS[f756ffd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fcab00]
11:56:46.984 AVAST engine scan C:\WINDOWS
11:56:50.140 AVAST engine scan C:\WINDOWS\system32
11:58:48.406 AVAST engine scan C:\WINDOWS\system32\drivers
11:59:01.875 AVAST engine scan C:\Documents and Settings\Lisa
12:01:55.937 AVAST engine scan C:\Documents and Settings\All Users
12:05:06.593 Scan finished successfully
12:05:25.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lisa\My Documents\Downloads\MBR.dat"
12:05:25.093 The log file has been saved successfully to "C:\Documents and Settings\Lisa\My Documents\Downloads\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-11 11:55:52
-----------------------------
11:55:52.343 OS Version: Windows 5.1.2600 Service Pack 3
11:55:52.343 Number of processors: 1 586 0x204
11:55:52.359 ComputerName: LISA-56DC7A10CB UserName: Lisa
11:55:53.281 Initialize success
11:55:55.015 AVAST engine defs: 12051100
11:55:57.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:55:57.125 Disk 0 Vendor: ST320011A 3.75 Size: 19092MB BusType: 3
11:55:57.140 Disk 0 MBR read successfully
11:55:57.140 Disk 0 MBR scan
11:55:57.140 Disk 0 Windows XP default MBR code
11:55:57.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 19085 MB offset 63
11:55:57.140 Disk 0 scanning sectors +39086145
11:55:57.234 Disk 0 scanning C:\WINDOWS\system32\drivers
11:56:15.953 Service scanning
11:56:33.203 Modules scanning
11:56:46.109 Disk 0 trace - called modules:
11:56:46.125 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
11:56:46.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f87ab8]
11:56:46.609 3 CLASSPNP.SYS[f756ffd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fcab00]
11:56:46.984 AVAST engine scan C:\WINDOWS
11:56:50.140 AVAST engine scan C:\WINDOWS\system32
11:58:48.406 AVAST engine scan C:\WINDOWS\system32\drivers
11:59:01.875 AVAST engine scan C:\Documents and Settings\Lisa
12:01:55.937 AVAST engine scan C:\Documents and Settings\All Users
12:05:06.593 Scan finished successfully
12:05:25.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lisa\My Documents\Downloads\MBR.dat"
12:05:25.093 The log file has been saved successfully to "C:\Documents and Settings\Lisa\My Documents\Downloads\aswMBR.txt"
12:05:46.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lisa\My Documents\Downloads\MBR.dat"
12:05:46.281 The log file has been saved successfully to "C:\Documents and Settings\Lisa\My Documents\Downloads\aswMBR.txt"
  • 0

#5
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the logs. I will be back to post some removal instructions after my instructor has signed off on them.
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi lifeisgood,

The aswMBR lod didn't show anything. That is good. Let's start killing what the OTL log shows.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:PROCESSES
killkallprocess

:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000065bde732a
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...F-2B6BDC86CF79
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3007394
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="
[2011/11/09 17:57:10 | 000,002,572 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\searchplugins\askcom.xml
[2012/01/22 18:47:14 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\searchplugins\conduit.xml
[2012/01/21 09:21:44 | 000,009,650 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\searchplugins\my-web-search.xml
[2012/01/24 12:15:58 | 000,000,000 | ---D | M] (BasicScan) -- C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
[2012/01/19 14:58:16 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - Reg Error: Value error. File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2012/01/24 12:10:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bc05731cef2e6f82d1f47ea716cadfa7_c
[2012/01/19 14:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/01/05 00:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/19 14:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Babylon
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAEDBDA6
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

:FILES
ipconfig /flushdns /c

:COMMANDS
[PURITY]
[CREATERESTOREPOINY]
[REBOOT]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer or Firefox for this.
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Program Files\64res.dll
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Please follow the above instructions for the following file(s):

C:\WINDOWS\System32\ezsidmv.dat


I want a new OTL log but first I want you to delete the OTL you have in downloads and downlosd a fresh copy to the desktop.

  • Open OTL
  • Click the Cleanup button at the top of the console.
This will remove OTL from the Downloads folder along with all files it created there.


Step-3.

Posted Image OTL Custom Scan


Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.


Step-4.

Things For Your Next Post:
1. The OTL fixes log
2. The results from the scans at Virscan
3. The new OTL.txt log

How is the computer running now? Are there any additional issues?
  • 0

#7
lifeisgood

lifeisgood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
STEP I

========== PROCESSES ==========
No active process named killkallprocess was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "http://dts.search-re...id=406&sr=0&q=" removed from keyword.URL
C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\searchplugins\askcom.xml moved successfully.
C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\searchplugins\conduit.xml moved successfully.
C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\searchplugins\my-web-search.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C} folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\All Users\Application Data\bc05731cef2e6f82d1f47ea716cadfa7_c moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\Documents and Settings\Lisa\Application Data\Babylon folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CAEDBDA6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Lisa\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Lisa\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
Error: Unable to interpret <[CREATERESTOREPOINY]> in the current context!

OTL by OldTimer - Version 3.2.42.3 log created on 05122012_184616


PART II
  • 0

#8
lifeisgood

lifeisgood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
STEP 2


VirSCAN.org Scanned Report :
Scanned time : 2012/05/12 17:58:22 (CDT)
Scanner results: 3% Scanner(s) (1/36) found malware!
File Name : 64res.dll
File Size : 174024 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 51c7ba3f7b72d9142d11497554d737ad
SHA1 : 7e9b6ffd133ea7566c8ca7773e706b66337591fe
Online report : http://r.virscan.org...2eb244f7f8d4e06

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120511110313 2012-05-11 0.31 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 1.94 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.00 -
Antiy 2.0.18 20120511.18774075 2012-05-11 0.00 -
Arcavir 2011 201205101406 2012-05-10 0.00 -
Authentium 5.1.1 201205111128 2012-05-11 0.00 -
AVAST! 4.7.4 120511-0 2012-05-11 0.00 -
AVG 12.0.1782 2425/4991 2012-05-11 0.00 -
BitDefender 7.90123.7161789 7.42234 2012-05-11 0.00 -
ClamAV 0.97.3 14911 2012-05-11 0.00 -
Comodo 5.1 12285 2012-05-10 2.41 -
CP Secure 1.3.0.5 2012.05.11 2012-05-11 0.00 -
Dr.Web 7.0.1.2210 2012.05.11 2012-05-11 0.00 -
F-Prot 4.6.2.117 20120511 2012-05-11 0.00 -
F-Secure 7.02.73807 2012.05.11.06 2012-05-11 0.00 -
Fortinet 4.3.392 15.519 2012-05-10 0.19 -
GData 22.4925 20120511 2012-05-11 5.20 -
ViRobot 20120512 2012.05.12 2012-05-12 0.40 -
Ikarus T3.1.32.20.0 2012.05.11.81165 2012-05-11 0.00 -
JiangMin 13.0.900 2012.05.10 2012-05-10 2.07 -
Kaspersky 5.5.10 2012.05.11 2012-05-11 0.00 -
KingSoft 2009.2.5.15 2012.5.11.18 2012-05-11 0.89 -
McAfee 5400.1158 6707 2012-05-10 0.00 -
Microsoft 1.8304 2012.05.11 2012-05-11 3.35 -
NOD32 3.0.21 7093 2012-04-28 0.00 -
Panda 9.05.01 2012.05.11 2012-05-11 2.47 -
Trend Micro 9.500-1005 8.990.03 2012-05-11 0.00 -
Quick Heal 11.00 2012.05.10 2012-05-10 1.10 -
Rising 20.0 24.09.03.01 2012-05-10 1.21 -
Sophos 3.31.1 4.77 2012-05-11 0.00 -
Sunbelt 3.9.2537.2 11901 2012-05-10 0.91 MyWebSearch.J (v) (not malicious)
Symantec 1.3.0.24 20120509.002 2012-05-09 0.00 -
nProtect 20120511.01 11263125 2012-05-11 1.23 -
The Hacker 6.8.0.0 v00006 2012-05-09 0.57 -
VBA32 3.12.16.4 20120511.1247 2012-05-11 0.00 -
VirusBuster 5.5.0.2 14.2.65.0/8713135 2012-05-11 0.00 -








VirSCAN.org Scanned Report :
Scanned time : 2012/05/12 18:27:56 (CDT)
Scanner results: Scanners did not find malware!
File Name : ezsidmv.dat
File Size : 56 byte
File Type : data
MD5 : bbeaf0041e2ee5f7fc865103e7f5dc70
SHA1 : 45f2ac46f5040e0a7a3898566ddc40e69b70475b
Online report : http://r.virscan.org...546a2089137f519

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120511110313 2012-05-11 0.32 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 2.81 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.00 -
Antiy 2.0.18 20120511.18774075 2012-05-11 0.00 -
Arcavir 2011 201205101406 2012-05-10 0.00 -
Authentium 5.1.1 201205111128 2012-05-11 0.00 -
AVAST! 4.7.4 120511-0 2012-05-11 0.00 -
AVG 12.0.1782 2425/4991 2012-05-11 0.00 -
BitDefender 7.90123.7161789 7.42234 2012-05-11 0.00 -
ClamAV 0.97.3 14911 2012-05-11 0.00 -
Comodo 5.1 12285 2012-05-10 2.35 -
CP Secure 1.3.0.5 2012.05.11 2012-05-11 0.00 -
Dr.Web 7.0.1.2210 2012.05.11 2012-05-11 0.00 -
F-Prot 4.6.2.117 20120511 2012-05-11 0.00 -
F-Secure 7.02.73807 2012.05.11.06 2012-05-11 0.00 -
Fortinet 4.3.392 15.519 2012-05-10 0.14 -
GData 22.4925 20120511 2012-05-11 5.08 -
ViRobot 20120512 2012.05.12 2012-05-12 0.40 -
Ikarus T3.1.32.20.0 2012.05.11.81165 2012-05-11 0.00 -
JiangMin 13.0.900 2012.05.10 2012-05-10 2.01 -
Kaspersky 5.5.10 2012.05.11 2012-05-11 0.00 -
KingSoft 2009.2.5.15 2012.5.11.18 2012-05-11 0.86 -
McAfee 5400.1158 6707 2012-05-10 0.00 -
Microsoft 1.8304 2012.05.11 2012-05-11 3.28 -
NOD32 3.0.21 7093 2012-04-28 0.00 -
Panda 9.05.01 2012.05.11 2012-05-11 2.44 -
Trend Micro 9.500-1005 8.990.03 2012-05-11 0.00 -
Quick Heal 11.00 2012.05.10 2012-05-10 0.95 -
Rising 20.0 24.09.03.01 2012-05-10 0.45 -
Sophos 3.31.1 4.77 2012-05-11 0.00 -
Sunbelt 3.9.2537.2 11901 2012-05-10 0.80 -
Symantec 1.3.0.24 20120509.002 2012-05-09 0.00 -
nProtect 20120511.01 11263125 2012-05-11 1.29 -
The Hacker 6.8.0.0 v00006 2012-05-09 0.55 -
VBA32 3.12.16.4 20120511.1247 2012-05-11 0.00 -
VirusBuster 5.5.0.2 14.2.65.0/8713135 2012-05-11 0.00 -
  • 0

#9
lifeisgood

lifeisgood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
STEP 3


OTL logfile created on: 5/12/2012 8:10:56 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Lisa\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.01 Mb Total Physical Memory | 323.75 Mb Available Physical Memory | 42.21% Memory free
1.83 Gb Paging File | 1.29 Gb Available in Paging File | 70.53% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 7.26 Gb Free Space | 38.96% Space Free | Partition Type: NTFS

Computer Name: LISA-56DC7A10CB | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/12 20:10:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
PRC - [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/09/06 12:48:42 | 000,643,240 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics BoostSpeed Special Edition\BoostSpeed.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/07/01 11:38:38 | 001,130,496 | ---- | M] (CyberArts Licensing LLC) -- C:\Program Files\PurePlay\Poker\PurePlayPoker.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/12 14:56:34 | 001,759,232 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12051201\algo.dll
MOD - [2012/04/27 22:07:01 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/27 22:06:59 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/27 22:05:34 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/27 22:05:33 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/27 22:05:32 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/02 13:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/09/06 12:48:40 | 000,348,328 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed Special Edition\madExcept_.bpl
MOD - [2010/09/06 12:48:40 | 000,182,440 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed Special Edition\madBasic_.bpl
MOD - [2010/09/06 12:48:40 | 000,048,808 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed Special Edition\madDisAsm_.bpl
MOD - [2007/09/18 08:53:40 | 000,872,448 | ---- | M] () -- C:\Program Files\PurePlay\Poker\libeay32.dll
MOD - [2007/09/18 08:53:40 | 000,159,744 | ---- | M] () -- C:\Program Files\PurePlay\Poker\ssleay32.dll
MOD - [2007/09/18 08:53:40 | 000,059,904 | ---- | M] () -- C:\Program Files\PurePlay\Poker\zlib1.dll
MOD - [2007/09/18 08:53:38 | 000,110,592 | ---- | M] () -- C:\Program Files\PurePlay\Poker\libpng.dll
MOD - [2007/08/21 14:32:44 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/02/23 12:11:24 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}


IE - HKU\.DEFAULT\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan...s={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan...s={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1220945662-1275210071-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKU\S-1-5-21-1220945662-1275210071-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1220945662-1275210071-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKU\S-1-5-21-1220945662-1275210071-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1220945662-1275210071-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1220945662-1275210071-725345543-1003\..\SearchScopes\{8BBCC9E0-8A6C-42E8-8CB0-D0175C956FBE}: "URL" = http://www.bing.com/...ms}&FORM=IE0006
IE - HKU\S-1-5-21-1220945662-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.swagbucks.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/14 18:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/16 10:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/27 05:46:57 | 000,000,000 | ---D | M]

[2012/01/23 07:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Extensions
[2012/05/12 19:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\extensions
[2012/04/27 14:53:08 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/01/23 00:56:56 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\searchplugins\Search_Results.xml
[2011/05/30 06:57:51 | 000,004,772 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\searchplugins\web-search.xml
[2012/02/11 03:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/27 00:00:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/20 08:54:19 | 000,131,094 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H02KHY6X.DEFAULT\EXTENSIONS\[email protected]
[2012/04/16 10:26:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/29 09:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/23 00:56:56 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/01/29 09:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Do Not Track Plus = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amkeiedlemmabfclbdkalidkolgdphij\2.1.3.418_0\
CHR - Extension: YouTube = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Do Not Track Plus = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.1.3.418_1\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Social Fixer = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\6.601_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Gmail = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\.DEFAULT..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 File not found
O4 - HKU\S-1-5-18..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: &Search - http://tbedits.telev...BF&n=2012012101 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-1220945662-1275210071-725345543-1003\..Trusted Domains: capitalone.com ([servicing] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54717E12-DA42-4991-B83A-7572DE8E5106}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/15 11:41:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/05/12 20:10:21 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
[2012/05/12 20:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Desktop\Having trouble just keeping my computer going - Geeks to Go Forums_files
[2012/05/10 14:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/05/02 11:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Application Data\DriverCure
[2012/05/02 11:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Application Data\ParetoLogic
[2012/05/02 11:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2012/05/02 11:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/26 13:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\PurePlay
[2012/01/21 19:06:45 | 000,693,648 | ---- | C] (MindSpark) -- C:\Program Files\64Uninstall TelevisionFanatic.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/12 20:10:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
[2012/05/12 20:09:12 | 000,251,298 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\Having trouble just keeping my computer going - Geeks to Go Forums.htm
[2012/05/12 19:57:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/12 19:57:04 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/12 19:57:03 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Special Edition Integrator Start On Windows Logon.job
[2012/05/12 19:56:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/12 19:56:36 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/12 19:56:35 | 804,339,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/12 19:48:19 | 000,009,263 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\downloadget.php
[2012/05/12 19:42:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/12 18:44:10 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/10 07:16:19 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\1Cover Letter.rtf
[2012/05/09 06:10:38 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012/05/09 06:07:55 | 004,840,017 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\TD.rtf
[2012/05/09 03:03:55 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/08 18:13:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/06 19:05:28 | 000,000,977 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\Cover.rtf
[2012/05/03 20:20:48 | 000,009,465 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\lfrankelresumeS2012.rtf
[2012/05/01 21:54:18 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/05/01 10:39:47 | 000,009,306 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\lfrankelresume2011.rtf
[2012/04/27 20:34:52 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\egg recipe.rtf
[2012/04/26 13:50:40 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PurePlay Poker.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/12 20:09:09 | 000,251,298 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\Having trouble just keeping my computer going - Geeks to Go Forums.htm
[2012/05/12 19:47:33 | 000,009,263 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\downloadget.php
[2012/05/06 19:05:28 | 000,000,977 | ---- | C] () -- C:\Documents and Settings\Lisa\My Documents\Cover.rtf
[2012/05/02 18:03:38 | 000,009,465 | ---- | C] () -- C:\Documents and Settings\Lisa\My Documents\lfrankelresumeS2012.rtf
[2012/04/27 20:34:51 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\Lisa\My Documents\egg recipe.rtf
[2012/04/26 13:50:40 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PurePlay Poker.lnk
[2012/04/26 13:50:40 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PurePlay Poker.lnk
[2012/04/23 22:53:15 | 004,840,017 | ---- | C] () -- C:\Documents and Settings\Lisa\My Documents\TD.rtf
[2012/02/16 02:09:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/21 19:06:45 | 000,174,024 | ---- | C] () -- C:\Program Files\64res.dll
[2012/01/19 14:58:16 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/09/19 19:00:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/06/01 21:47:34 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/15 12:38:01 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/15 11:44:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/15 11:37:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/15 06:23:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/15 06:22:32 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/03/15 11:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/24 15:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/04/10 17:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2012/05/02 12:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/03/15 18:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PurePlay
[2012/05/12 20:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/09 20:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2012/01/28 00:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Auslogics
[2012/05/02 11:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\DriverCure
[2012/01/19 14:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\enchant
[2011/03/18 15:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\MSNInstaller
[2012/05/02 11:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\ParetoLogic
[2012/01/05 20:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\QuickScan
[2012/01/23 01:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\searchquband
[2012/02/12 12:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\SoftGrid Client
[2011/10/21 10:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\TP
[2012/05/12 19:57:03 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics BoostSpeed Special Edition Integrator Start On Windows Logon.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{0D834B7E-D000-40F9-B7BB-80029EC3CC38}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{47BBDE93-48B5-4A5B-9F21-19E103D29D8A}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{4A78BCA4-755A-4F88-B31D-6D32FA03D412}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{54717E12-DA42-4991-B83A-7572DE8E5106}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 08:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/16 10:26:27 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/16 10:26:27 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/16 10:26:27 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/16 10:26:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/16 10:26:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/16 10:26:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/16 10:26:27 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/16 10:26:27 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/16 10:26:27 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/16 10:26:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/16 10:26:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/16 10:26:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST320011A
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 19.00GB
Starting Offset: 32256
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: LISA-56DC7A10CB
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D CD-ROM 0 B
Volume 1 C NTFS Partition 19 GB Healthy System

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAEDBDA6

< End of report >


thanks again!
  • 0

#10
lifeisgood

lifeisgood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL Extras logfile created on: 5/12/2012 8:10:56 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Lisa\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.01 Mb Total Physical Memory | 323.75 Mb Available Physical Memory | 42.21% Memory free
1.83 Gb Paging File | 1.29 Gb Available in Paging File | 70.53% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 7.26 Gb Free Space | 38.96% Space Free | Partition Type: NTFS

Computer Name: LISA-56DC7A10CB | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1220945662-1275210071-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 30
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60EB76E2-DF31-477B-A28C-2303ADE6629D}" = PurePlay Poker
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed Special Edition
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C5AC39F1-001D-4338-84C6-35109525588A}" = TweetDeck
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AbiWord2" = AbiWord 2.8.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSNINST" = MSN
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Converter" = FoxTab PDF Converter

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2012 2:34:33 PM | Computer Name = LISA-56DC7A10CB | Source = Application Error | ID = 1000
Description = Faulting application avastui.exe, version 7.0.1426.0, faulting module
avastui.exe, version 7.0.1426.0, fault address 0x000d0b7c.

Error - 5/10/2012 2:42:56 PM | Computer Name = LISA-56DC7A10CB | Source = Application Hang | ID = 1002
Description = Hanging application OTL (2).exe, version 3.2.42.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/10/2012 2:47:31 PM | Computer Name = LISA-56DC7A10CB | Source = Application Hang | ID = 1002
Description = Hanging application OTL (3).exe, version 3.2.42.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/10/2012 2:48:39 PM | Computer Name = LISA-56DC7A10CB | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.42.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/10/2012 2:49:58 PM | Computer Name = LISA-56DC7A10CB | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.42.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/11/2012 10:51:43 AM | Computer Name = LISA-56DC7A10CB | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 10.5.2.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/11/2012 11:54:35 AM | Computer Name = LISA-56DC7A10CB | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 18.0.1025.168, faulting module
unknown, version 0.0.0.0, fault address 0x08e04900.

Error - 5/12/2012 7:53:21 PM | Computer Name = LISA-56DC7A10CB | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.42.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/12/2012 7:54:13 PM | Computer Name = LISA-56DC7A10CB | Source = Application Error | ID = 1000
Description = Faulting application avastui.exe, version 7.0.1426.0, faulting module
avastui.exe, version 7.0.1426.0, fault address 0x000d0b7c.

[ System Events ]
Error - 5/12/2012 7:57:27 PM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 5/12/2012 7:57:27 PM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/12/2012 7:57:27 PM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 5/12/2012 7:57:27 PM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 5/12/2012 7:57:31 PM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/12/2012 7:57:31 PM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 5/12/2012 7:57:31 PM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 5/12/2012 7:57:31 PM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/12/2012 7:57:31 PM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 5/12/2012 7:57:31 PM | Computer Name = LISA-56DC7A10CB | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .


< End of report >
  • 0

Advertisements


#11
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi lifeisgood,

Very good. OTL killed some stull and that revealed a few more things that we will deal with now. Then we're gonna check for malware orphans and remnants and check the security of some programs.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:OTL
IE - HKU\.DEFAULT\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan...s={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan...s={searchTerms}
[2012/01/21 19:06:45 | 000,174,024 | ---- | C] () -- C:\Program Files\64res.dll
[2012/01/23 01:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\searchquband

:COMMANDS
[EMPTYTEMP]
[CREATERESTOREPOINT]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer.

Double Click the mbam-setup.exe file to install the application. (Windows Vista/7 users will need to right click on the file and click Run As Administrator, then click the Continue button on the UAC window.)
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
  • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.<---VERY IMPORTANT
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-3.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-4.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step-5.

OTL Quick Scan

  • Open OTL on the desktop.
  • Click the Posted Image button. Post the log it produces in your next reply.



Step-6.

Things For Your Next Post:
1. The OTL fixes log
2. The MalwareBytes log
3. The ESET online scan log
4. The checkup.txt log
5. The new OTL.txt log
6. How is the computer running now?
  • 0

#12
lifeisgood

lifeisgood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
STEP 1


All processes killed
========== OTL ==========
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
C:\Program Files\64res.dll moved successfully.
C:\Documents and Settings\Lisa\Application Data\searchquband folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Lisa
->Temp folder emptied: 1746962 bytes
->Temporary Internet Files folder emptied: 7557465 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54952267 bytes
->Google Chrome cache emptied: 246745246 bytes
->Flash cache emptied: 777 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1810673 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82780 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1058 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1450370 bytes

Total Files Cleaned = 302.00 mb

Unable to start System Restore Service. Error code 1056

OTL by OldTimer - Version 3.2.42.3 log created on 05142012_122823


STEP 2


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.14.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lisa :: LISA-56DC7A10CB [administrator]

5/14/2012 12:43:24 PM
mbam-log-2012-05-14 (12-43-24).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209705
Time elapsed: 1 hour(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Converter (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 19
C:\Documents and Settings\Lisa\My Documents\Downloads\Calc_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lisa\My Documents\Downloads\eMuleSetup(1).exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lisa\My Documents\Downloads\quatro(2).exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lisa\My Documents\Downloads\quatro.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lisa\My Documents\Downloads\PDFConverterSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lisa\My Documents\Downloads\AbiWord_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Program Files\64Uninstall TelevisionFanatic.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06D3CC28-2176-4EB1-9AFD-4E54ACE1D7F7}\RP448\A0089924.exe (PUP.Casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06D3CC28-2176-4EB1-9AFD-4E54ACE1D7F7}\RP448\A0089925.exe (PUP.Casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06D3CC28-2176-4EB1-9AFD-4E54ACE1D7F7}\RP448\A0089926.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06D3CC28-2176-4EB1-9AFD-4E54ACE1D7F7}\RP448\A0089936.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06D3CC28-2176-4EB1-9AFD-4E54ACE1D7F7}\RP448\A0089939.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06D3CC28-2176-4EB1-9AFD-4E54ACE1D7F7}\RP448\A0089940.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06D3CC28-2176-4EB1-9AFD-4E54ACE1D7F7}\RP448\A0089941.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06D3CC28-2176-4EB1-9AFD-4E54ACE1D7F7}\RP448\A0089942.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06D3CC28-2176-4EB1-9AFD-4E54ACE1D7F7}\RP448\A0089943.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06D3CC28-2176-4EB1-9AFD-4E54ACE1D7F7}\RP448\A0089944.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{06D3CC28-2176-4EB1-9AFD-4E54ACE1D7F7}\RP448\A0089945.exe (Adware.Agent) -> Quarantined and deleted successfully.

(end)
  • 0

#13
lifeisgood

lifeisgood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
STEP 3

There wasn't a log file - there were no results to log.

STEP 4

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Java version out of date!
Adobe Flash Player 10.3.183.5 Flash Player out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````


STEP 5

OTL logfile created on: 5/14/2012 3:45:01 PM - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Lisa\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.01 Mb Total Physical Memory | 257.03 Mb Available Physical Memory | 33.51% Memory free
1.83 Gb Paging File | 1.20 Gb Available in Paging File | 65.58% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 7.52 Gb Free Space | 40.33% Space Free | Partition Type: NTFS

Computer Name: LISA-56DC7A10CB | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/12 20:10:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
PRC - [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/09/06 12:48:42 | 000,643,240 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics BoostSpeed Special Edition\BoostSpeed.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/14 03:31:05 | 001,759,232 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12051400\algo.dll
MOD - [2012/04/27 22:07:01 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/27 22:06:59 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/27 22:05:34 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/27 22:05:33 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/27 22:05:32 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/06 12:48:40 | 000,348,328 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed Special Edition\madExcept_.bpl
MOD - [2010/09/06 12:48:40 | 000,182,440 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed Special Edition\madBasic_.bpl
MOD - [2010/09/06 12:48:40 | 000,048,808 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed Special Edition\madDisAsm_.bpl
MOD - [2007/08/21 14:32:44 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/14 14:08:30 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/02/23 12:11:24 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8BBCC9E0-8A6C-42E8-8CB0-D0175C956FBE}: "URL" = http://www.bing.com/...ms}&FORM=IE0006
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.swagbucks.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/14 18:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/16 10:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/27 05:46:57 | 000,000,000 | ---D | M]

[2012/01/23 07:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Extensions
[2012/05/12 19:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\extensions
[2012/04/27 14:53:08 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/01/23 00:56:56 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\searchplugins\Search_Results.xml
[2011/05/30 06:57:51 | 000,004,772 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\h02khy6x.default\searchplugins\web-search.xml
[2012/02/11 03:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/27 00:00:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/20 08:54:19 | 000,131,094 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H02KHY6X.DEFAULT\EXTENSIONS\[email protected]
[2012/04/16 10:26:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/29 09:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/23 00:56:56 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/01/29 09:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Do Not Track Plus = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amkeiedlemmabfclbdkalidkolgdphij\2.1.3.418_0\
CHR - Extension: YouTube = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Do Not Track Plus = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.1.3.418_1\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Social Fixer = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\6.601_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Gmail = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: &Search - http://tbedits.telev...BF&n=2012012101 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: capitalone.com ([servicing] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54717E12-DA42-4991-B83A-7572DE8E5106}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/15 11:41:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/14 14:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/14 14:08:30 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/14 12:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/14 12:41:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/14 12:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/14 12:36:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Application Data\Malwarebytes
[2012/05/14 12:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/14 12:28:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/12 20:10:21 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
[2012/05/10 14:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/05/02 11:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Application Data\DriverCure
[2012/05/02 11:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Application Data\ParetoLogic
[2012/05/02 11:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2012/05/02 11:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/26 13:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\PurePlay

========== Files - Modified Within 30 Days ==========

[2012/05/14 15:42:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 14:08:30 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/14 14:04:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/14 14:04:16 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 14:04:15 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Special Edition Integrator Start On Windows Logon.job
[2012/05/14 14:04:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/14 14:04:01 | 804,339,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 12:41:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 19:52:30 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/12 20:10:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
[2012/05/12 19:56:36 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/12 19:48:19 | 000,009,263 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\downloadget.php
[2012/05/10 07:16:19 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\1Cover Letter.rtf
[2012/05/09 06:10:38 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012/05/09 03:03:55 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/08 18:13:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/06 19:05:28 | 000,000,977 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\Cover.rtf
[2012/05/03 20:20:48 | 000,009,465 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\lfrankelresumeS2012.rtf
[2012/05/01 21:54:18 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/05/01 10:39:47 | 000,009,306 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\lfrankelresume2011.rtf
[2012/04/27 20:34:52 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\egg recipe.rtf
[2012/04/26 13:50:40 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PurePlay Poker.lnk

========== Files Created - No Company Name ==========

[2012/05/14 12:41:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/12 19:47:33 | 000,009,263 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\downloadget.php
[2012/05/06 19:05:28 | 000,000,977 | ---- | C] () -- C:\Documents and Settings\Lisa\My Documents\Cover.rtf
[2012/05/02 18:03:38 | 000,009,465 | ---- | C] () -- C:\Documents and Settings\Lisa\My Documents\lfrankelresumeS2012.rtf
[2012/04/27 20:34:51 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\Lisa\My Documents\egg recipe.rtf
[2012/04/26 13:50:40 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PurePlay Poker.lnk
[2012/04/26 13:50:40 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PurePlay Poker.lnk
[2012/02/16 02:09:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/19 14:58:16 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/09/19 19:00:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/06/01 21:47:34 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/15 12:38:01 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/15 11:44:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/15 11:37:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/15 06:23:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/15 06:22:32 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/03/15 11:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/24 15:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/04/10 17:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2012/05/02 12:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/03/15 18:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PurePlay
[2012/05/14 15:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/09 20:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2012/01/28 00:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Auslogics
[2012/05/02 11:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\DriverCure
[2012/01/19 14:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\enchant
[2011/03/18 15:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\MSNInstaller
[2012/05/02 11:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\ParetoLogic
[2012/01/05 20:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\QuickScan
[2012/02/12 12:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\SoftGrid Client
[2011/10/21 10:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\TP
[2012/05/14 14:04:15 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics BoostSpeed Special Edition Integrator Start On Windows Logon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAEDBDA6
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAEDBDA6

< End of report >


My computer seems to be running so much faster now! Godawg, thank you so much for the time you put into this.
Do you take donations to keep your site running? If you do, please let me know how to do that.

Thank you so very much, :thumbsup:
Lisa (lifeisgood)


  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi lifeisgood,

My computer seems to be running so much faster now! Godawg, thank you so much for the time you put into this.
Do you take donations to keep your site running? If you do, please let me know how to do that.

Thank you so very much, :thumbsup:
Lisa (lifeisgood)

On behalf of the Staff and students at GeeksToGo....Thank you for the kind words and you are very welcome.
Donations to the site can be made through the link here (If it's still working)

Well OTL and MalwareBytes did their jobs and the fact that the ESET scan didn't show anything tells us that there aren't any malware remnants left. Good Job!!

The only thing I can see left to tackle is the System Restore. OTL has not been able to start the System Restore service.

If you turned System Restore off and don't want it turned back on don't do any of the following steps and just let me know.

If you didn't turn System Restore off and want it back on:

I want you to check and see if System Restore is turned on. If it is I want you to turn it off then reboot and turn it on again.


Step-1.

Check System Restore

  • Click Start, right-click My Computer, and then click Properties.
  • In the System Properties dialog box, click the System Restore tab.

    If there is a check mark in the box next to Turn off System Restore or Turn off System Restore on all drives, click the box to remove the check mark.
  • Click OK

    After a few moments, the System Properties dialog box closes.
  • Reboot the system and see if you can create a Restore point. If you can, stop here and inform me.

    If there isn't a check mark in the box beside Turn off System Restore or Turn off System Restore on all drives:
  • Click the box beside Turn off System Restore Or Turn off System Restore on all drives
  • Click OK.

    When you receive the following message, click Yes to confirm that you want to turn off System Restore:
    "You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer".

    "Do you want to turn off System Restore?"


    After a few moments, the System Properties dialog box closes.
  • Reboot the system and repeat steps 1 thru 4.
If you were able to create a system restore point don't go any farther and inform me that the restore point was created and we'll be ready to wrap this puppy up.

If you weren't able to to create a restore point go to the next step.


Step-2

Run Farbar's Service Scanner

Please download Farbar Service Scanner to the desktop and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step-3.

Check Running Services

  • Click Start then Run. A Run window will open.
  • In the Open box type cmd and click OK. A black command window will open.
  • At the blinking cursor in the command window type or copy and past the following:

    net start >> %userprofile%\desktop\services.txt
  • Back at the blinking cursor type Exit and press the Enter key. This will close the command window.
  • There will be a file on the desktop named Services.txt Copy and paste the contents of the file in your next reply.


Step-4.

Things For Your Next Post:
1. Let me know if you were able to create a restore point.

If you couldn't create a restore point:

2. The FSS.txt log
2. The Services.txt log
  • 0

#15
lifeisgood

lifeisgood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
STEP 2

Farbar Service Scanner Version: 17-05-2012
Ran by Lisa (administrator) on 17-05-2012 at 22:21:29
Running from "C:\Documents and Settings\Lisa\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP