Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

slow laptop and popups popping up...

Started by I-W , Aug 01 2012 04:40 PM

  • Please log in to reply

#1
I-W
Posted 01 August 2012 - 04:40 PM

I-W

    Member

  • Member
  • PipPip
  • 56 posts
i think i just need to clean out the pc. it has been
a while since it has had a good cleaning. I know it is
running slower than normal. and popups are popping up.

i have posted a OTL log to show whats in he system.

i have an old Laptop D600


OTL logfile created on: 8/1/2012 6:18:53 PM - Run 4
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\MegaSquirtNspark\My Documents\Fight_The_Bugs\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 61.42 Mb Available Physical Memory | 6.00% Memory free
1.66 Gb Paging File | 0.40 Gb Available in Paging File | 23.93% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.09 Gb Free Space | 40.50% Space Free | Partition Type: NTFS
Drive Z: | 931.48 Gb Total Space | 860.48 Gb Free Space | 92.38% Space Free | Partition Type: NTFS

Computer Name: MEGASQUIRT | User Name: MegaSquirtNspark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 18:17:11 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MegaSquirtNspark\My Documents\Fight_The_Bugs\OTL\OTL.exe
PRC - [2011/08/19 05:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/31 05:39:02 | 000,123,392 | ---- | M] () -- C:\WINDOWS\system32\fastsrch.dll
MOD - [2012/03/03 02:59:10 | 001,327,104 | ---- | M] () -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Skype\olpdmnhx.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/19 05:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/08/19 05:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/08/19 05:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/08/19 05:26:34 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/03/30 02:22:30 | 001,034,240 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AE2500xp.sys -- (Linksys_adapter_H)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/12/15 22:53:00 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2007/11/06 15:22:06 | 000,034,064 | R--- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/26 03:52:50 | 001,320,960 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\csco21.sys -- (CSCO21)
DRV - [2007/01/29 07:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006/05/10 16:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/11/10 23:49:24 | 001,406,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/21 22:58:38 | 000,092,550 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (OZSCR)
DRV - [2004/11/15 16:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {D4286749-BDD9-4EDC-B2B6-2BBF78649F56}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D4286749-BDD9-4EDC-B2B6-2BBF78649F56}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{42227233-46C7-4529-9F95-A410B06E025B}: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\{42227233-46C7-4529-9F95-A410B06E025B} [2010/08/15 10:04:27 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/06/05 13:01:11 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Reg Error: Value error.) - {C53395A3-82B9-4C9D-A79E-E84C015A439F} - C:\WINDOWS\system32\fastsrch.dll ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [Skype] C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Skype\olpdmnhx.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.69.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F658D60D-A9E9-4233-BADB-94AF9FF491C8}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.69.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/02 12:38:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{07105860-f3f4-11dd-a2b7-004096b5f899}\Shell - "" = AutoRun
O33 - MountPoints2\{07105860-f3f4-11dd-a2b7-004096b5f899}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07105860-f3f4-11dd-a2b7-004096b5f899}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{07105861-f3f4-11dd-a2b7-004096b5f899}\Shell\AutoRun\command - "" = F:\umenu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/31 05:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Skype
[2012/07/17 20:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MegaSquirtNspark\My Documents\VCEM
[2012/07/12 16:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MegaSquirtNspark\Desktop\1111-1111

========== Files - Modified Within 30 Days ==========

[2012/08/01 17:54:29 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B3A35FC7-FC71-4C5C-BD72-66A326627530}.job
[2012/08/01 17:49:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/01 17:38:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003UA.job
[2012/08/01 16:38:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003Core.job
[2012/08/01 16:20:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/31 05:39:02 | 000,123,392 | ---- | M] () -- C:\WINDOWS\System32\fastsrch.dll
[2012/07/12 16:38:22 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\MegaSquirtNspark\Desktop\Google Chrome.lnk
[2012/07/12 16:38:22 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/07/31 05:39:02 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\fastsrch.dll
[2011/10/08 14:56:41 | 000,053,299 | R--- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/11/09 22:45:32 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/11/09 22:45:30 | 010,898,456 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/09 22:45:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/11/09 22:31:42 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/22 08:48:53 | 000,000,484 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\tsUser.properties
[2010/08/22 08:48:52 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\tsMS.reg
[2010/08/13 19:20:23 | 000,002,908 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\mlvUser.properties
[2010/08/06 18:10:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/05 18:38:16 | 000,011,264 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2010/05/21 21:16:06 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\housecall.guid.cache
[2010/02/25 07:15:14 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/17 13:55:36 | 000,300,848 | ---- | C] ( ) -- C:\Documents and Settings\All Users\dcmsvcsetup.exe
[2009/07/17 13:55:34 | 000,009,960 | ---- | C] () -- C:\Documents and Settings\All Users\invokesi.exe
[2009/02/27 23:24:57 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\.recently-used.xbel

========== LOP Check ==========

[2008/04/22 17:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Aironet
[2011/07/21 19:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/08/10 21:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/16 18:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2009/07/03 19:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\gtk-2.0
[2011/10/08 15:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Leadertech
[2012/03/02 20:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\redsn0w
[2012/05/23 22:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Spotify
[2009/05/10 17:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Windows Desktop Search
[2009/06/05 21:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Windows Search
[2012/08/01 17:54:29 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3A35FC7-FC71-4C5C-BD72-66A326627530}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
  • 0

Advertisements

#2
I-W
Posted 01 August 2012 - 06:48 PM

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
on a side note, when i close IExplore there are 2 processes
of IEXPLORE.EXE still running in the Windows task manager.
there is nothing open at all.

possible google redirector issues?
  • 0

#3
I-W
Posted 02 August 2012 - 07:07 PM

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
can some one please take a look. i need to get this resolved.

Thanks for your time.
  • 0

#4
I-W
Posted 04 August 2012 - 06:09 AM

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\MegaSquirtNspark\My Documents\Fight_The_Bugs\OTM\cmd.bat deleted successfully.
C:\Documents and Settings\MegaSquirtNspark\My Documents\Fight_The_Bugs\OTM\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MegaSquirtNspark
->Temp folder emptied: 206345 bytes
->Temporary Internet Files folder emptied: 1531782610 bytes
->Java cache emptied: 1727569 bytes
->Google Chrome cache emptied: 267637720 bytes
->Flash cache emptied: 14659 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,718.00 mb

Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: MegaSquirtNspark
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 08042012_073354

Files moved on Reboot...
File C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\XXNNIERU\BebasNeue-webfont[1].eot not found!
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\XXNNIERU\fpi[2].htm moved successfully.
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\XXNNIERU\fpi[3].htm moved successfully.
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\XUI0N65G\engine[1].htm moved successfully.
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\XUI0N65G\pixel[1].htm moved successfully.
File C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\XUI0N65G\xd_arbiter[1].htm not found!
File C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\XTH4NH0U\cms-2-frame[1].htm not found!
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\XTH4NH0U\pixel[1].htm moved successfully.
File C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\WJLXLTQE\si[1].htm not found!
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\SDNM4JD5\pixel[1].htm moved successfully.
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\SDNM4JD5\rubicon_sync[1].htm moved successfully.
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\PUDJ7HFX\engine[1].htm moved successfully.
File C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\PLTD3W65\incite_160x600[1].html not found!
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\PLTD3W65\pixel[4].htm moved successfully.
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\PLTD3W65\pixel[5].htm moved successfully.
File C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\P8P9FJCL\ads[1].htm not found!
File C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\LXX6CCOT\beacon[2].htm not found!
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\LXX6CCOT\pixel[1].htm moved successfully.
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\LPHS28FR\ddc[1].htm moved successfully.
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\LPHS28FR\ddc[2].htm moved successfully.
File C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temporary Internet Files\Content.IE5\LPHS28FR\xd_arbiter[1].htm not found!

Registry entries deleted on Reboot...
  • 0

#5
I-W
Posted 06 August 2012 - 06:18 PM

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
hello please i could use some help!

Thanks.
  • 0

#6
I-W
Posted 07 August 2012 - 09:36 PM

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
i hope i didnt post this in the wrong place.

Edited by I-W, 07 August 2012 - 09:38 PM.

  • 0

#7
I-W
Posted 09 August 2012 - 06:20 PM

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
TTT
  • 0

#8
Gammo
Posted 13 August 2012 - 07:31 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
If you don't receive help within 3 days in the future, please follow these instructions: http://www.geekstogo...t-getting-help/ instead of replying to your own topic (bumping). :thumbsup:




Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#9
I-W
Posted 13 August 2012 - 06:40 PM

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Thanks for the help. I have made a post in the "Waiting Room" i am sorry for not following the rules. I have had great success here and want to thank you all for the help.

I-W

Edited by I-W, 13 August 2012 - 06:41 PM.

  • 0

#10
Gammo
Posted 14 August 2012 - 08:11 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

  • 0

Advertisements

#11
I-W
Posted 15 August 2012 - 05:02 PM

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
OTL logfile created on: 8/15/2012 6:21:33 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\MegaSquirtNspark\My Documents\Fight_The_Bugs\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 673.43 Mb Available Physical Memory | 65.81% Memory free
1.66 Gb Paging File | 1.38 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 16.38 Gb Free Space | 43.96% Space Free | Partition Type: NTFS

Computer Name: MEGASQUIRT | User Name: MegaSquirtNspark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 18:20:35 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MegaSquirtNspark\My Documents\Fight_The_Bugs\OTL\OTL.exe
PRC - [2011/08/19 05:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/03 02:59:10 | 001,327,104 | ---- | M] () -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Skype\olpdmnhx.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/19 05:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/08/19 05:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/08/19 05:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/08/19 05:26:34 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/03/30 02:22:30 | 001,034,240 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AE2500xp.sys -- (Linksys_adapter_H)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/12/15 22:53:00 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2007/11/06 15:22:06 | 000,034,064 | R--- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/26 03:52:50 | 001,320,960 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\csco21.sys -- (CSCO21)
DRV - [2007/01/29 07:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006/05/10 16:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/11/10 23:49:24 | 001,406,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/21 22:58:38 | 000,092,550 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (OZSCR)
DRV - [2004/11/15 16:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-515967899-746137067-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-515967899-746137067-1060284298-1003\..\SearchScopes,DefaultScope = {D4286749-BDD9-4EDC-B2B6-2BBF78649F56}
IE - HKU\S-1-5-21-515967899-746137067-1060284298-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-515967899-746137067-1060284298-1003\..\SearchScopes\{D4286749-BDD9-4EDC-B2B6-2BBF78649F56}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-515967899-746137067-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/04 07:33:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Reg Error: Value error.) - {C53395A3-82B9-4C9D-A79E-E84C015A439F} - C:\WINDOWS\system32\fastsrch.dll ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-515967899-746137067-1060284298-1003..\Run: [Skype] C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Skype\olpdmnhx.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-746137067-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-515967899-746137067-1060284298-1003\..Trusted Domains: microsoft.com ([windowsupdate] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.69.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F658D60D-A9E9-4233-BADB-94AF9FF491C8}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.69.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-515967899-746137067-1060284298-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/02 12:38:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{07105860-f3f4-11dd-a2b7-004096b5f899}\Shell - "" = AutoRun
O33 - MountPoints2\{07105860-f3f4-11dd-a2b7-004096b5f899}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07105860-f3f4-11dd-a2b7-004096b5f899}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{07105861-f3f4-11dd-a2b7-004096b5f899}\Shell\AutoRun\command - "" = F:\umenu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/04 08:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MegaSquirtNspark\Desktop\GooredFix Backups
[2012/08/04 07:33:54 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/07/31 05:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Skype
[2012/07/17 20:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MegaSquirtNspark\My Documents\VCEM

========== Files - Modified Within 30 Days ==========

[2012/08/15 17:38:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003UA.job
[2012/08/15 16:43:52 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\MegaSquirtNspark\Desktop\Google Chrome.lnk
[2012/08/15 16:43:52 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/15 16:38:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003Core.job
[2012/08/15 15:59:47 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B3A35FC7-FC71-4C5C-BD72-66A326627530}.job
[2012/08/15 15:55:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/15 15:55:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/04 07:33:56 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/08/01 18:54:07 | 000,134,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/31 05:39:02 | 000,123,392 | ---- | M] () -- C:\WINDOWS\System32\fastsrch.dll

========== Files Created - No Company Name ==========

[2012/07/31 05:39:02 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\fastsrch.dll
[2011/10/08 14:56:41 | 000,053,299 | R--- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/11/09 22:45:32 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/11/09 22:45:30 | 010,898,456 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/09 22:45:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/11/09 22:31:42 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/22 08:48:53 | 000,000,484 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\tsUser.properties
[2010/08/22 08:48:52 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\tsMS.reg
[2010/08/13 19:20:23 | 000,002,908 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\mlvUser.properties
[2010/05/21 21:16:06 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\housecall.guid.cache
[2010/02/25 07:15:14 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/17 13:55:36 | 000,300,848 | ---- | C] ( ) -- C:\Documents and Settings\All Users\dcmsvcsetup.exe
[2009/07/17 13:55:34 | 000,009,960 | ---- | C] () -- C:\Documents and Settings\All Users\invokesi.exe
[2009/02/27 23:24:57 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\.recently-used.xbel

========== LOP Check ==========

[2010/01/27 19:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2008/04/22 17:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Aironet
[2011/07/21 19:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/08/10 21:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/16 18:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2009/07/03 19:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\gtk-2.0
[2011/10/08 15:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Leadertech
[2012/03/02 20:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\redsn0w
[2012/05/23 22:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Spotify
[2009/05/10 17:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Windows Desktop Search
[2009/06/05 21:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Windows Search
[2012/08/15 15:59:47 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3A35FC7-FC71-4C5C-BD72-66A326627530}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
  • 0

#12
I-W
Posted 15 August 2012 - 05:03 PM

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
OTL Extras logfile created on: 8/15/2012 6:21:33 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\MegaSquirtNspark\My Documents\Fight_The_Bugs\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 673.43 Mb Available Physical Memory | 65.81% Memory free
1.66 Gb Paging File | 1.38 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 16.38 Gb Free Space | 43.96% Space Free | Partition Type: NTFS

Computer Name: MEGASQUIRT | User Name: MegaSquirtNspark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\MegaSquirtNspark\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\MegaSquirtNspark\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16994070-EF3D-486D-9C26-5D5A76481726}_is1" = TunerStudio MS 0.999.7
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{5B34EEAF-2BD6-4323-B7C2-FB8968755ACC}" = Cisco Aironet Installation Program
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8628749E-CAD6-4FC6-B723-564C1EEBC6D7}" = MegaLogViewer
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Cisco Connect" = Cisco Connect
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DIYAutoTune's Tuning Software Package - MT225P3_is1" = DIYAutoTune's Tuning Software Package - MT225P3 061208
"Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.12.9-2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
"Logitech Vid" = Logitech Vid HD
"LogWorks" = LogWorks
"LogWorks3" = LogWorks3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MegaTunix_is1" = MegaTunix v. 0.9.17-win2K_XP
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ST6UNST #1" = MSTweak3000
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-515967899-746137067-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/23/2012 10:02:19 PM | Computer Name = MEGASQUIRT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19019, fault address 0x00067978.

Error - 6/23/2012 10:53:53 AM | Computer Name = MEGASQUIRT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19019, fault address 0x00067978.

Error - 6/23/2012 10:58:38 AM | Computer Name = MEGASQUIRT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19019, fault address 0x00067978.

Error - 6/23/2012 11:02:08 AM | Computer Name = MEGASQUIRT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19019, fault address 0x00067978.

Error - 6/25/2012 4:43:09 PM | Computer Name = MEGASQUIRT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2012 5:48:44 AM | Computer Name = MEGASQUIRT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2012 8:36:36 AM | Computer Name = MEGASQUIRT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19019, fault address 0x000a755f.

Error - 8/7/2012 11:33:40 PM | Computer Name = MEGASQUIRT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x039b01e1.

Error - 8/9/2012 8:19:26 PM | Computer Name = MEGASQUIRT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19019, fault address 0x000a755f.

Error - 8/11/2012 3:10:03 PM | Computer Name = MEGASQUIRT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19019, fault address 0x000a755f.

[ System Events ]
Error - 7/24/2012 5:49:03 AM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7034
Description = The Smart Card service terminated unexpectedly. It has done this
1 time(s).

Error - 7/24/2012 5:49:10 AM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 8/4/2012 7:33:55 AM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/4/2012 7:33:55 AM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7034
Description = The UMVPFSrv service terminated unexpectedly. It has done this 1
time(s).


< End of report >
  • 0

#13
Gammo
Posted 15 August 2012 - 05:35 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O2 - BHO: (Reg Error: Value error.) - {C53395A3-82B9-4C9D-A79E-E84C015A439F} - C:\WINDOWS\system32\fastsrch.dll ()
O4 - HKU\S-1-5-21-515967899-746137067-1060284298-1003..\Run: [Skype] C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Skype\olpdmnhx.dll ()
O20 - HKU\S-1-5-21-515967899-746137067-1060284298-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
[2012/07/31 05:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Skype
[2012/07/31 05:39:02 | 000,123,392 | ---- | M] () -- C:\WINDOWS\System32\fastsrch.dll

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done




Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.





Please also tell me how your PC is running now. :thumbsup:
  • 0

#14
I-W
Posted 16 August 2012 - 05:13 PM

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C53395A3-82B9-4C9D-A79E-E84C015A439F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C53395A3-82B9-4C9D-A79E-E84C015A439F}\ deleted successfully.
C:\WINDOWS\system32\fastsrch.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-515967899-746137067-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Skype\olpdmnhx.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-515967899-746137067-1060284298-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:Explorer.exe deleted successfully.
C:\WINDOWS\explorer.exe moved successfully.
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Skype folder moved successfully.
File C:\WINDOWS\System32\fastsrch.dll not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\MegaSquirtNspark\My Documents\Fight_The_Bugs\OTL\cmd.bat deleted successfully.
C:\Documents and Settings\MegaSquirtNspark\My Documents\Fight_The_Bugs\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MegaSquirtNspark
->Temp folder emptied: 514374 bytes
->Temporary Internet Files folder emptied: 284364654 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 9867915 bytes
->Flash cache emptied: 1350 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 281.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: MegaSquirtNspark
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.57.0 log created on 08152012_194525

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\~DF3CFC.tmp not found!
File\Folder C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\~DF3D09.tmp not found!
File\Folder C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\~DF3D63.tmp not found!
File\Folder C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\~DF3D70.tmp not found!
File\Folder C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\~DF3DAD.tmp not found!
File\Folder C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\~DF3DBA.tmp not found!

PendingFileRenameOperations files...
File C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\~DF3CFC.tmp not found!
File C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\~DF3D09.tmp not found!
File C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\~DF3D63.tmp not found!
File C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\~DF3D70.tmp not found!
File C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\~DF3DAD.tmp not found!
File C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\~DF3DBA.tmp not found!

Registry entries deleted on Reboot...
  • 0

#15
I-W
Posted 16 August 2012 - 05:50 PM

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MegaSquirtNspark :: MEGASQUIRT [administrator]

8/16/2012 7:22:48 PM
mbam-log-2012-08-16 (19-22-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195622
Time elapsed: 6 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\ldo.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP