Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help ! [Solved]


  • This topic is locked This topic is locked

#1
fastfred28

fastfred28

    New Member

  • Member
  • Pip
  • 3 posts
When trying to open google chrome i get startnow.com in my search bar and it wont open chrome I get an error that says startnow cant be found i have ran otl here is the log. Please help me!
OTL logfile created on: 9/26/2012 7:44:25 PM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = M:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 97.65 Mb Available Physical Memory | 19.15% Memory free
1.09 Gb Paging File | 0.69 Gb Available in Paging File | 62.89% Paging File free
Paging file location(s): C:\pagefile.sys 640 640 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = P:\
Drive C: | 6.01 Gb Total Space | 2.51 Gb Free Space | 41.78% Space Free | Partition Type: NTFS
Drive F: | 976.13 Mb Total Space | 412.45 Mb Free Space | 42.25% Space Free | Partition Type: FAT
Drive M: | 100.00 Gb Total Space | 98.23 Gb Free Space | 98.23% Space Free | Partition Type: NTFS
Drive P: | 40.00 Gb Total Space | 38.69 Gb Free Space | 96.71% Space Free | Partition Type: NTFS

Computer Name: DIMENSIONB110 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/26 19:43:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- M:\Downloads\OTL.exe
PRC - [2012/09/25 04:43:01 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- P:\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- P:\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- P:\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/04 00:28:07 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- P:\Lexmark 3600-4600 Series\ezprint.exe
PRC - [2010/02/04 00:27:55 | 000,672,424 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2009/10/16 12:10:34 | 000,589,824 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdxcoms.exe
PRC - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- P:\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- P:\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/04/24 02:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- P:\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2006/10/05 19:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/25 04:42:58 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
MOD - [2012/09/25 04:42:57 | 012,278,808 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012/09/25 04:42:55 | 004,005,912 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012/09/25 04:41:27 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012/09/25 04:41:26 | 000,275,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012/09/25 04:41:24 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2010/02/04 00:27:55 | 000,672,424 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxmon.exe
MOD - [2010/02/03 23:41:38 | 000,081,920 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxcaps.dll
MOD - [2010/02/03 23:41:23 | 000,380,928 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxscw.dll
MOD - [2010/02/03 23:41:20 | 000,782,336 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxdrs.dll
MOD - [2010/02/03 23:39:11 | 000,364,544 | ---- | M] () -- P:\Lexmark 3600-4600 Series\iptk.dll
MOD - [2010/02/03 23:28:27 | 000,589,824 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxdatr.dll
MOD - [2010/02/03 23:28:15 | 000,069,632 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxcnv4.dll
MOD - [2009/10/16 12:12:44 | 000,147,968 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdxdrpp.dll
MOD - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- P:\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
MOD - [2009/08/19 08:06:21 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\lxdxcaps.dll
MOD - [2009/08/19 08:06:11 | 000,782,336 | ---- | M] () -- C:\WINDOWS\system32\lxdxdrs.dll
MOD - [2009/08/19 08:00:12 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxdxcnv4.dll
MOD - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- P:\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
MOD - [2008/04/14 02:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 02:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/09/06 04:11:34 | 000,151,552 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxptp.dll
MOD - [2006/10/05 19:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe


========== Services (SafeList) ==========

SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- P:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- P:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/10/16 12:10:34 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxdxcoms.exe -- (lxdx_device)
SRV - [2009/10/16 12:00:50 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- P:\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- P:\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2007/08/24 02:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/26 19:28:14 | 000,097,440 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SMR311.SYS -- (SMR311)
DRV - [2012/09/26 14:48:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2006/09/07 16:19:24 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rccrawler/forum.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {ABD93EAF-D775-BC54-E63B-2804F22FD156}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-09-26 18:29:33&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = http://search.startn...eferrer:source}
IE - HKCU\..\SearchScopes\{EB7DB293-EF0E-1B68-3751-120934CB891A}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: P:\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://search.startn...ion=5.1-x86-SP3
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = https://isearch.avg....q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding}
CHR - homepage: http://search.startn...ion=5.1-x86-SP3
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = P:\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/07/29 07:00:00 | 000,442,025 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 .impresionesweb.com
O1 - Hosts: 127.0.0.1 .banners.publipagos.com
O1 - Hosts: 127.0.0.1 .publipagos.com
O1 - Hosts: 127.0.0.1 v3.publipagos.com
O1 - Hosts: 127.0.0.1 red.as-eu.falkag.net
O1 - Hosts: 127.0.0.1 .googlesyndication.com
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 pagead1.googlesyndication.com
O1 - Hosts: 127.0.0.1 morannon.fok.nl
O1 - Hosts: 127.0.0.1 ad.firstadsolution.com
O1 - Hosts: 127.0.0.1 .clicktorrent.info
O1 - Hosts: 127.0.0.1 .75tz.com
O1 - Hosts: 127.0.0.1 .aavc.com
O1 - Hosts: 127.0.0.1 .acjp.com
O1 - Hosts: 127.0.0.1 .count.cc
O1 - Hosts: 127.0.0.1 .ebav.com
O1 - Hosts: 127.0.0.1 .ebaw.com
O1 - Hosts: 127.0.0.1 .ebch.com
O1 - Hosts: 127.0.0.1 .ebdv.com
O1 - Hosts: 127.0.0.1 .ebdw.com
O1 - Hosts: 127.0.0.1 .ebgo.com
O1 - Hosts: 127.0.0.1 .ebjp.com
O1 - Hosts: 127.0.0.1 .ebkb.com
O1 - Hosts: 127.0.0.1 .ebkn.com
O1 - Hosts: 14783 more lines...
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - P:\xfin_portal\comcastdx.dll ()
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - P:\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - P:\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - P:\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - P:\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - P:\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [EzPrint] P:\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [lxdxmon.exe] P:\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "P:\\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_ROC_NT] "P:\\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "P:\\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe ()
O4 - HKCU..\Run: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO File not found
O4 - HKCU..\Run: [ComcastAntispyClient] P:\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [StartNow Search Protect] "P:\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{361C16EB-6685-42F1-BDAA-D7B643CA0539}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/21 21:01:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/26 19:28:14 | 000,097,440 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR311.SYS
[2012/09/26 18:37:46 | 000,000,000 | -HSD | C] -- P:\Config.Msi
[2012/09/26 18:33:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/09/26 17:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
[2012/09/26 17:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/09/26 14:47:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/09/26 14:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/09/26 14:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/26 14:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/26 14:45:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/26 14:45:37 | 000,000,000 | ---D | C] -- P:\Malwarebytes' Anti-Malware
[2012/09/20 15:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/09/18 19:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\StartNow
[2012/09/11 09:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/09/04 07:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/26 19:44:11 | 000,000,447 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe.lnk
[2012/09/26 19:28:16 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\drivers\SMR311.dat
[2012/09/26 19:28:14 | 000,097,440 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR311.SYS
[2012/09/26 19:01:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/26 18:52:06 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2012/09/26 18:16:24 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2012/09/26 18:05:30 | 000,002,339 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/26 18:05:29 | 000,002,361 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/09/26 14:48:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/09/26 14:45:40 | 000,000,558 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/25 16:51:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/20 15:07:36 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/26 19:44:11 | 000,000,447 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe.lnk
[2012/09/26 19:28:14 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\drivers\SMR311.dat
[2012/09/26 14:45:40 | 000,000,558 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 15:07:36 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/06/27 18:14:18 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/28 16:19:19 | 000,003,350 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/04/28 16:19:19 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D071F5C676.sys
[2011/04/27 17:29:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
[2011/04/27 17:29:10 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcoin.dll
[2011/04/27 17:28:56 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
[2011/04/27 17:28:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
[2011/04/27 17:28:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
[2011/04/27 17:28:30 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
[2011/04/27 17:28:30 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
[2011/04/27 17:28:30 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
[2011/04/27 17:28:30 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
[2011/04/27 17:28:30 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
[2011/04/27 17:28:30 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
[2011/04/27 17:28:30 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
[2011/04/27 17:28:29 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
[2011/04/27 17:28:29 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
[2011/04/27 17:28:29 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
[2011/04/27 17:28:29 | 000,589,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcoms.exe
[2011/04/27 17:28:29 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
[2011/04/27 17:28:29 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
[2011/04/27 17:28:29 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcfg.exe
[2011/04/27 17:28:29 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxih.exe
[2011/04/27 17:28:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
[2010/09/23 17:38:34 | 069,706,877 | ---- | C] () -- P:\Nero Express 9.exe
[2010/09/21 21:05:50 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== ZeroAccess Check ==========

[2010/09/21 21:03:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 02:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 02:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello fastfred28,

Welcome to Geekstogo.

Now

Download AdwCleaner from here to your desktop
  • Click on the green downward facing arrow on the right to commence download.
  • Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

Next

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

After that

  • Close all windows and open OTL again.
  • under the Extra Registry heading please check Use SafeList
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    /md5start
    services.*
    wbemess.dill
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    consrv.dll
    qmgr.dll
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %USERPROFILE%\..|smtmp;true;true;true /FP 
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
So when you return please post
  • AdwCleaner log
  • aswMBR.log
  • OTL.txt and Extras.txt

  • 0

#3
fastfred28

fastfred28

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Ok I did what you listed here are the results.

# AdwCleaner v2.003 - Logfile created 09/26/2012 at 21:15:12
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - DIMENSIONB110
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Uninstall.exe
Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\[email protected]
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : P:\\Ask.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.rccrawler/forum.com --> hxxp://www.google.com

-\\ Google Chrome v22.0.1229.79

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.16] : homepage = "hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120919&user_guid=974C81EAEDFB401DB8FBC86759B1402F&machine_id=5fa59d49ff8dd4f8ef6cb0e16cbb9cb8&browser=CR&os=win&os_version=5.1-x86-SP3",
Deleted [l.20] : urls_to_restore_on_startup = [ "hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120919&user_guid=974C81EAEDFB401DB8FBC86759B1402F&machine_id=5fa59d49ff8dd4f8ef6cb0e16cbb9cb8&browser=CR&os=win&os_version=5.1-x86-SP3" ]
Deleted [l.62] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Deleted [l.65] : keyword = "isearch.avg.com",
Deleted [l.68] : search_url = "hxxps://isearch.avg.com/search?cid={68EEB427-099C-41DF-B085-14801CFE26C6}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}",
Deleted [l.1246] : homepage = "hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120919&user_guid=974C81EAEDFB401DB8FBC86759B1402F&machine_id=5fa59d49ff8dd4f8ef6cb0e16cbb9cb8&browser=CR&os=win&os_version=5.1-x86-SP3",
Deleted [l.1483] : urls_to_restore_on_startup = [ "hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120919&user_guid=974C81EAEDFB401DB8FBC86759B1402F&machine_id=5fa59d49ff8dd4f8ef6cb0e16cbb9cb8&browser=CR&os=win&os_version=5.1-x86-SP3" ]

*************************

AdwCleaner[S1].txt - [7030 octets] - [26/09/2012 21:15:12]

########## EOF - C:\AdwCleaner[S1].txt - [7090 octets] ##########






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-26 21:33:27
-----------------------------
21:33:27.625 OS Version: Windows 5.1.2600 Service Pack 3
21:33:27.625 Number of processors: 1 586 0x401
21:33:27.625 ComputerName: DIMENSIONB110 UserName: Administrator
21:33:27.906 Initialize success
21:33:59.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:33:59.203 Disk 0 Vendor: WDC_WD1600JB-75GVC0 08.02D08 Size: 152587MB BusType: 3
21:33:59.203 Disk 0 MBR read successfully
21:33:59.203 Disk 0 MBR scan
21:33:59.203 Disk 0 Windows XP default MBR code
21:33:59.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 6149 MB offset 63
21:33:59.218 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 40962 MB offset 12594960
21:33:59.234 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 102398 MB offset 96486390
21:33:59.250 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 3074 MB offset 306198900
21:33:59.265 Disk 0 scanning sectors +312496380
21:33:59.312 Disk 0 scanning C:\WINDOWS\system32\drivers
21:34:01.640 Service scanning
21:34:06.062 Modules scanning
21:34:10.578 Disk 0 trace - called modules:
21:34:11.078 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
21:34:11.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81f66ab8]
21:34:11.078 3 CLASSPNP.SYS[f8577fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81f60b00]
21:34:11.093 Scan finished successfully
21:35:21.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
21:35:21.718 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"



OTL logfile created on: 9/26/2012 9:39:57 PM - Run 2
OTL by OldTimer - Version 3.2.68.0 Folder = M:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 160.45 Mb Available Physical Memory | 31.46% Memory free
1.09 Gb Paging File | 0.79 Gb Available in Paging File | 71.90% Paging File free
Paging file location(s): C:\pagefile.sys 640 640 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = P:\
Drive C: | 6.01 Gb Total Space | 2.51 Gb Free Space | 41.82% Space Free | Partition Type: NTFS
Drive F: | 976.13 Mb Total Space | 412.45 Mb Free Space | 42.25% Space Free | Partition Type: FAT
Drive M: | 100.00 Gb Total Space | 98.23 Gb Free Space | 98.23% Space Free | Partition Type: NTFS
Drive P: | 40.00 Gb Total Space | 38.69 Gb Free Space | 96.71% Space Free | Partition Type: NTFS

Computer Name: DIMENSIONB110 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/26 19:43:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- M:\Downloads\OTL.exe
PRC - [2012/09/25 04:43:01 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- P:\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- P:\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- P:\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/04 00:28:07 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- P:\Lexmark 3600-4600 Series\ezprint.exe
PRC - [2010/02/04 00:27:55 | 000,672,424 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2009/10/16 12:10:34 | 000,589,824 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdxcoms.exe
PRC - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- P:\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- P:\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/04/24 02:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- P:\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2006/10/05 19:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/04 00:27:55 | 000,672,424 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxmon.exe
MOD - [2010/02/03 23:41:38 | 000,081,920 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxcaps.dll
MOD - [2010/02/03 23:41:23 | 000,380,928 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxscw.dll
MOD - [2010/02/03 23:41:20 | 000,782,336 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxdrs.dll
MOD - [2010/02/03 23:39:11 | 000,364,544 | ---- | M] () -- P:\Lexmark 3600-4600 Series\iptk.dll
MOD - [2010/02/03 23:28:27 | 000,589,824 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxdatr.dll
MOD - [2010/02/03 23:28:15 | 000,069,632 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxcnv4.dll
MOD - [2009/10/16 12:12:44 | 000,147,968 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdxdrpp.dll
MOD - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- P:\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
MOD - [2009/08/19 08:06:21 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\lxdxcaps.dll
MOD - [2009/08/19 08:06:11 | 000,782,336 | ---- | M] () -- C:\WINDOWS\system32\lxdxdrs.dll
MOD - [2009/08/19 08:00:12 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxdxcnv4.dll
MOD - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- P:\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
MOD - [2007/09/06 04:11:34 | 000,151,552 | ---- | M] () -- P:\Lexmark 3600-4600 Series\lxdxptp.dll
MOD - [2006/10/05 19:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe


========== Services (SafeList) ==========

SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- P:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- P:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/10/16 12:10:34 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxdxcoms.exe -- (lxdx_device)
SRV - [2009/10/16 12:00:50 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- P:\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- P:\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2007/08/24 02:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/09/26 14:48:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2006/09/07 16:19:24 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = http://search.startn...eferrer:source}
IE - HKCU\..\SearchScopes\{EB7DB293-EF0E-1B68-3751-120934CB891A}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: P:\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = https://isearch.avg....q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = P:\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2006/07/29 07:00:00 | 000,442,025 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 .impresionesweb.com
O1 - Hosts: 127.0.0.1 .banners.publipagos.com
O1 - Hosts: 127.0.0.1 .publipagos.com
O1 - Hosts: 127.0.0.1 v3.publipagos.com
O1 - Hosts: 127.0.0.1 red.as-eu.falkag.net
O1 - Hosts: 127.0.0.1 .googlesyndication.com
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 pagead1.googlesyndication.com
O1 - Hosts: 127.0.0.1 morannon.fok.nl
O1 - Hosts: 127.0.0.1 ad.firstadsolution.com
O1 - Hosts: 127.0.0.1 .clicktorrent.info
O1 - Hosts: 127.0.0.1 .75tz.com
O1 - Hosts: 127.0.0.1 .aavc.com
O1 - Hosts: 127.0.0.1 .acjp.com
O1 - Hosts: 127.0.0.1 .count.cc
O1 - Hosts: 127.0.0.1 .ebav.com
O1 - Hosts: 127.0.0.1 .ebaw.com
O1 - Hosts: 127.0.0.1 .ebch.com
O1 - Hosts: 127.0.0.1 .ebdv.com
O1 - Hosts: 127.0.0.1 .ebdw.com
O1 - Hosts: 127.0.0.1 .ebgo.com
O1 - Hosts: 127.0.0.1 .ebjp.com
O1 - Hosts: 127.0.0.1 .ebkb.com
O1 - Hosts: 127.0.0.1 .ebkn.com
O1 - Hosts: 14783 more lines...
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - P:\xfin_portal\comcastdx.dll ()
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - P:\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - P:\xfin_portal\comcastdx.dll ()
O4 - HKLM..\Run: [EzPrint] P:\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [lxdxmon.exe] P:\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "P:\\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_ROC_NT] "P:\\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "P:\\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe ()
O4 - HKCU..\Run: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO File not found
O4 - HKCU..\Run: [ComcastAntispyClient] P:\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [StartNow Search Protect] "P:\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{361C16EB-6685-42F1-BDAA-D7B643CA0539}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/21 21:01:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/26 18:37:46 | 000,000,000 | -HSD | C] -- P:\Config.Msi
[2012/09/26 18:33:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/09/26 17:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
[2012/09/26 17:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/09/26 14:47:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/09/26 14:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/09/26 14:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/26 14:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/26 14:45:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/26 14:45:37 | 000,000,000 | ---D | C] -- P:\Malwarebytes' Anti-Malware
[2012/09/20 15:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/09/18 19:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\StartNow
[2012/09/11 09:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/09/04 07:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/26 21:35:21 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/09/26 21:16:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/26 21:14:34 | 000,513,501 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2012/09/26 19:44:11 | 000,000,447 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe.lnk
[2012/09/26 18:52:06 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2012/09/26 18:16:24 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2012/09/26 18:05:30 | 000,002,339 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/26 18:05:29 | 000,002,361 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/09/26 14:48:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/09/26 14:45:40 | 000,000,558 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/25 16:51:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/20 15:07:36 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/26 21:35:21 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/09/26 21:14:34 | 000,513,501 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2012/09/26 19:44:11 | 000,000,447 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe.lnk
[2012/09/26 14:45:40 | 000,000,558 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 15:07:36 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/06/27 18:14:18 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/28 16:19:19 | 000,003,350 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/04/28 16:19:19 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D071F5C676.sys
[2011/04/27 17:29:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
[2011/04/27 17:29:10 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcoin.dll
[2011/04/27 17:28:56 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
[2011/04/27 17:28:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
[2011/04/27 17:28:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
[2011/04/27 17:28:30 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
[2011/04/27 17:28:30 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
[2011/04/27 17:28:30 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
[2011/04/27 17:28:30 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
[2011/04/27 17:28:30 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
[2011/04/27 17:28:30 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
[2011/04/27 17:28:30 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
[2011/04/27 17:28:29 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
[2011/04/27 17:28:29 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
[2011/04/27 17:28:29 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
[2011/04/27 17:28:29 | 000,589,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcoms.exe
[2011/04/27 17:28:29 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
[2011/04/27 17:28:29 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
[2011/04/27 17:28:29 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcfg.exe
[2011/04/27 17:28:29 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxih.exe
[2011/04/27 17:28:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
[2010/09/23 17:38:34 | 069,706,877 | ---- | C] () -- P:\Nero Express 9.exe
[2010/09/21 21:05:50 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== ZeroAccess Check ==========

[2010/09/21 21:03:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 02:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 02:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/09/26 21:15:18 | 000,007,159 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2010/09/21 21:01:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/09/26 18:16:24 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2010/09/21 21:01:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/21 21:01:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/21 21:01:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 02:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 02:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/09/26 21:16:16 | 671,088,640 | -HS- | M] () -- C:\pagefile.sys
[2011/04/28 16:16:12 | 000,487,996 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: QMGR.DLL >
[2008/04/14 02:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2008/04/14 02:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2008/04/14 02:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2010/09/21 21:01:53 | 000,001,602 | ---- | M] () MD5=47F5A2A5C53D78AF9B3FA48595104790 -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008/04/14 02:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/14 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 02:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 02:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"Type" = 32
"Start" = 2
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/04/14 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = Background Intelligent Transfer Service
"DependOnService" = RpcSs [binary data] -- [2008/04/14 02:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation)
"DependOnGroup" = [binary data]
"ObjectName" = LocalSystem
"Description" = Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = C:\WINDOWS\system32\qmgr.dll -- [2008/04/14 02:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Enum]
"0" = Root\LEGACY_BITS\0000
"Count" = 1
"NextInstance" = 1

< %systemroot%\System32\config\*.sav >
[2010/09/21 16:45:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/09/21 16:45:13 | 001,052,672 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/09/21 16:45:12 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/09/25 04:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/09/25 04:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/09/25 04:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/09/25 04:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/09/25 04:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2008/06/19 10:42:29 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2008/06/19 10:42:29 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2008/06/19 10:42:29 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2008/06/19 10:42:32 | 000,625,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/09/25 04:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/09/25 04:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/09/25 04:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/09/25 04:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/09/25 04:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2008/06/19 10:42:29 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2008/06/19 10:42:29 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2008/06/19 10:42:29 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2008/06/19 10:42:32 | 000,625,664 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< End of report >



OTL Extras logfile created on: 9/26/2012 9:39:57 PM - Run 2
OTL by OldTimer - Version 3.2.68.0 Folder = M:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 160.45 Mb Available Physical Memory | 31.46% Memory free
1.09 Gb Paging File | 0.79 Gb Available in Paging File | 71.90% Paging File free
Paging file location(s): C:\pagefile.sys 640 640 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = P:\
Drive C: | 6.01 Gb Total Space | 2.51 Gb Free Space | 41.82% Space Free | Partition Type: NTFS
Drive F: | 976.13 Mb Total Space | 412.45 Mb Free Space | 42.25% Space Free | Partition Type: FAT
Drive M: | 100.00 Gb Total Space | 98.23 Gb Free Space | 98.23% Space Free | Partition Type: NTFS
Drive P: | 40.00 Gb Total Space | 38.69 Gb Free Space | 96.71% Space Free | Partition Type: NTFS

Computer Name: DIMENSIONB110 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "P:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"P:\Microsoft Office\Office12\OUTLOOK.EXE" = P:\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxdxcoms.exe" = C:\WINDOWS\system32\lxdxcoms.exe:*:Enabled:3600-4600 Series Server -- ( )
"C:\Documents and Settings\Administrator\Local Settings\Temp\lxdx\wireless\lxdxwpss.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\lxdx\wireless\lxdxwpss.exe:*:Enabled:
"C:\WINDOWS\system32\lxdxcfg.exe" = C:\WINDOWS\system32\lxdxcfg.exe:*:Enabled:Printer Communication System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"P:\Lexmark 3600-4600 Series\lxdxmon.exe" = P:\Lexmark 3600-4600 Series\lxdxmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe:*:Enabled:Job Status Window Interface -- ()
"P:\Lexmark 3600-4600 Series\lxdxlscn.exe" = P:\Lexmark 3600-4600 Series\lxdxlscn.exe:*:Enabled: -- ()
"P:\AVG\AVG2012\avgmfapx.exe" = P:\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{118C3943-1683-42EF-824D-C22E70DB42E7}" = Comcast Desktop Software (v1.2.1)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2460A058-272D-498D-9A5E-E6F7492DAABC}" = Corel DVD Xpack
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 SP1 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{C9B26742-06BE-3B75-B1DE-7B91B5956A04}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Easy PDF Reader" = Easy PDF Reader 1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Photo Zoom Pro_is1" = Photo Zoom Pro 2.2.6
"Unlocker" = Unlocker 1.8.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Sidebar" = Windows Sidebar
"WinRAR archiver" = WinRAR archiver
"xfin_portal" = XFINITY Toolbar
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/6/2012 10:37:36 AM | Computer Name = DIMENSIONB110 | Source = AntiSpywareService | ID = 0
Description =

Error - 5/7/2012 7:01:15 PM | Computer Name = DIMENSIONB110 | Source = AntiSpywareService | ID = 0
Description =

Error - 5/8/2012 7:26:22 PM | Computer Name = DIMENSIONB110 | Source = AntiSpywareService | ID = 0
Description =

Error - 5/9/2012 3:22:15 PM | Computer Name = DIMENSIONB110 | Source = AntiSpywareService | ID = 0
Description =

Error - 5/15/2012 9:39:28 PM | Computer Name = DIMENSIONB110 | Source = AntiSpywareService | ID = 0
Description =

Error - 5/17/2012 9:46:07 PM | Computer Name = DIMENSIONB110 | Source = AntiSpywareService | ID = 0
Description =

Error - 5/18/2012 6:28:48 PM | Computer Name = DIMENSIONB110 | Source = AntiSpywareService | ID = 0
Description =

Error - 5/21/2012 7:17:22 AM | Computer Name = DIMENSIONB110 | Source = AntiSpywareService | ID = 0
Description =

Error - 5/22/2012 4:58:58 PM | Computer Name = DIMENSIONB110 | Source = AntiSpywareService | ID = 0
Description =

Error - 5/23/2012 9:10:08 PM | Computer Name = DIMENSIONB110 | Source = AntiSpywareService | ID = 0
Description =

[ System Events ]
Error - 7/25/2011 11:41:45 AM | Computer Name = DIMENSIONB110 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 7/25/2011 11:41:45 AM | Computer Name = DIMENSIONB110 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/25/2011 11:41:45 AM | Computer Name = DIMENSIONB110 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 7/25/2011 5:15:42 PM | Computer Name = DIMENSIONB110 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/25/2011 5:15:42 PM | Computer Name = DIMENSIONB110 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 7/25/2011 5:15:42 PM | Computer Name = DIMENSIONB110 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/25/2011 5:15:42 PM | Computer Name = DIMENSIONB110 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/9/2011 10:28:20 PM | Computer Name = DIMENSIONB110 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/9/2011 10:28:20 PM | Computer Name = DIMENSIONB110 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/9/2011 10:28:20 PM | Computer Name = DIMENSIONB110 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)


< End of report >
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello again fastfred28,

Looking pretty good to me. Let's see if we have missed anything and when you come back tell me how your machine is.

Now

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#5
fastfred28

fastfred28

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
computer seems to be back to normal.running great actually. Thanks for the great help!

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4ecd7f8343474b4589811e89c0450a13
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-30 12:29:28
# local_time=2012-09-30 07:29:28 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=23012
# found=2
# cleaned=2
# scan_time=1204
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2F9A6093\updater-startnow-200-2.5-d[1].exe a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\cmdow.exe Win32/CMDOW.143 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello again fastfred28,

I think your machine is clean. :thumbsup:

We have a couple of last steps to perform and then you're all set.Posted Image

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [emptytemp]
    [resethosts]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Step 2

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Step 3

We need to clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.
-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* Consider using an alternate browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Chrome may be downloaded from here . One of the most used nowadays.

Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

NoSript by Giorgio Maone is another one to add to your protection.

No scripts is an excellant security device. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

Further, sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

  • If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

    And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  • Malwarebytes
  • SuperAntiSpyWare
Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!
  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP