Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Acer Aspire runs very slow [Solved]


  • This topic is locked This topic is locked

#1
ocsum

ocsum

    Member

  • Member
  • PipPip
  • 31 posts
Hi,new to forum,
I'm having lots of trouble when searching for files and internet searches as PC runs so slow that I get a "not Resonding "error on most web pages.Any documents I search is painfully slow even without being on the net.
Looking at the Task Manager the CPU usage sometimes is hig (60% ish) but most times it's low (15-30%).
Please help,I'm ok with a computer but please be patient/gentle if I've made a mistake somewhere.
Thank you in advance
Pete

I Downloaded OTL.And ran a quickscan,this is the log:

OTL logfile created on: 25/01/2013 7:50:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\lyndee1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

447.48 Mb Total Physical Memory | 98.30 Mb Available Physical Memory | 21.97% Memory free
1.03 Gb Paging File | 0.56 Gb Available in Paging File | 54.06% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.25 Gb Total Space | 53.23 Gb Free Space | 73.67% Space Free | Partition Type: NTFS
Drive D: | 73.31 Gb Total Space | 27.55 Gb Free Space | 37.59% Space Free | Partition Type: FAT32

Computer Name: ACER | User Name: lyndee1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/25 19:49:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lyndee1\Desktop\OTL.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/06/03 09:34:50 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/06/10 05:24:18 | 000,110,592 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eMode Management\AspireService.exe
PRC - [2006/05/05 07:53:36 | 000,438,272 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
PRC - [2006/04/29 09:43:34 | 000,401,408 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006/04/19 12:54:50 | 000,049,152 | ---- | M] ( ) -- C:\WINDOWS\system32\SysMonitor.exe
PRC - [2006/03/30 14:50:52 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
PRC - [2006/03/30 14:50:50 | 000,266,338 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
PRC - [2006/03/30 14:50:26 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer TV-FM\PCMService.exe
PRC - [2006/03/30 14:50:20 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2006/03/30 13:53:34 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/14 17:55:52 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b2ef9143\mscorlib.dll
MOD - [2013/01/14 17:55:48 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c3d8174f\system.drawing.dll
MOD - [2013/01/14 17:55:27 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d5c6a12f\system.windows.forms.dll
MOD - [2013/01/14 17:55:02 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_12a8b23a\system.dll
MOD - [2013/01/14 17:46:41 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/01/14 17:46:40 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/01/14 17:46:38 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/14 10:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 10:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/25 14:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2008/01/16 22:23:35 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2008/01/16 22:23:33 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2006/05/05 07:50:54 | 000,151,552 | ---- | M] () -- C:\Program Files\Acer\Acer eConsole\MediaUtil.dll
MOD - [2006/05/05 07:47:50 | 000,737,280 | ---- | M] () -- C:\Program Files\Acer\Acer eConsole\log4cxx.dll
MOD - [2006/05/02 18:11:40 | 000,352,256 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll
MOD - [2006/03/30 14:50:52 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
MOD - [2006/03/30 14:50:50 | 000,266,338 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
MOD - [2006/03/30 14:50:42 | 000,225,384 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLCapEngine.dll
MOD - [2006/03/30 14:50:42 | 000,065,634 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLSchMgr.dll
MOD - [2006/03/30 14:50:42 | 000,032,768 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvcps.dll
MOD - [2006/03/30 14:50:42 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLSchedps.dll
MOD - [2006/01/13 02:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/20 07:23:11 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/06/03 09:34:50 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/05/05 07:53:36 | 000,438,272 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe -- (Acer Media Server)
SRV - [2006/03/30 14:50:52 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2006/03/30 14:50:50 | 000,266,338 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2006/03/30 14:50:20 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2006/03/30 13:53:34 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\SSNDIS5.sys -- (SSNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/03 10:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/05/18 10:42:12 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/05/07 16:50:02 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2008/06/04 15:11:36 | 000,038,656 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2008/04/14 04:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/06 15:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2006/06/30 03:21:38 | 000,258,560 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006/06/29 20:27:00 | 000,016,768 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2006/06/14 18:34:00 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/05/16 12:04:00 | 000,892,032 | ---- | M] (Animation Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVHybrid.sys -- (LVHybrid)
DRV - [2006/01/31 09:06:14 | 000,299,715 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2006/01/31 09:05:26 | 000,138,816 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw88bda.sys -- (HCW88BDA)
DRV - [2006/01/31 09:05:00 | 000,011,970 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2005/11/30 12:21:29 | 000,028,857 | ---- | M] (Siemens Subscriber Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)
DRV - [2005/10/29 04:38:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)
DRV - [2005/10/05 08:38:24 | 000,280,064 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (ZD1211U(ZyDAS)
DRV - [2005/08/19 06:31:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/06/06 19:43:04 | 000,925,192 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/02/24 07:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/14 07:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/10/26 06:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/04 15:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/04/19 15:01:00 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=UP50
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=OIE8HP&PC=UP50
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS02/110
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=OIE8HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


[2010/01/29 18:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lyndee1\Application Data\Mozilla\Extensions
[2010/01/29 18:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lyndee1\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2004/08/04 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Updater For My.Freeze.com Toolbar) - {C26CD490-5F01-41E3-B150-EB29F19DA056} - C:\Program Files\myfreezetoolbar\auxi\myfreezetoolbAu.dll File not found
O2 - BHO: (no name) - {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No CLSID value found.
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe ( )
O4 - HKLM..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe (Acer Inc.)
O4 - HKLM..\Run: [EPSON Stylus CX3900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer TV-FM\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKCU..\Run: [EPSON Stylus CX3900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341990030828 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C54A949C-A5FF-41B8-98A9-04DC560FD932}: DhcpNameServer = 10.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\lyndee1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\lyndee1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/20 14:17:16 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/25 19:49:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lyndee1\Desktop\OTL.exe
[2013/01/12 17:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/01/12 17:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Navman
[2013/01/12 17:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2013/01/12 17:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3GainPRO
[2013/01/12 17:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain
[2013/01/12 17:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2013/01/12 17:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2013/01/12 17:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2013/01/12 17:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
[2013/01/12 17:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Aimersoft
[2013/01/12 17:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2013/01/12 17:43:26 | 000,000,000 | ---D | C] -- C:\etax2009
[2013/01/12 17:43:26 | 000,000,000 | ---D | C] -- C:\etax2008
[2013/01/11 16:14:10 | 000,000,000 | ---D | C] -- C:\8c57bf8a889d0dfd3c9c35ec72
[2013/01/09 15:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\Leadertech
[2013/01/08 21:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\vlc
[2013/01/08 21:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\AppData
[2013/01/08 21:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\ilividtoolbarguid
[2013/01/08 21:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Search Results Toolbar
[2013/01/07 21:56:33 | 000,000,000 | ---D | C] -- C:\TQWCD
[2013/01/04 16:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/01/01 13:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\HandBrake
[2013/01/01 11:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\MPEG Streamclip
[2012/12/30 20:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\tiger-k
[2012/12/30 20:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\Leawo
[2012/12/30 18:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\avidemux
[2012/12/30 16:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\TuneUp Software
[2012/12/30 16:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/12/30 16:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\AnvSoft
[2012/06/07 18:02:25 | 006,955,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[2011/05/18 19:36:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\lyndee1\Application Data\pcouffin.sys
[2004/10/11 19:46:32 | 000,205,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltefx13n.dll
[2004/01/19 14:31:00 | 000,153,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil13n.DLL
[2004/01/19 13:31:06 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfiff13n.dll
[2004/01/19 13:31:06 | 000,020,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfCUT13n.dll
[2004/01/19 12:31:50 | 000,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn13n.dll
[2004/01/19 12:12:00 | 000,089,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfcgm13n.dll
[2004/01/19 11:49:52 | 000,278,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFJ2K13n.dll
[2004/01/19 11:49:08 | 000,180,736 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpng13n.dll
[2004/01/19 11:47:36 | 000,076,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfwmf13n.dll
[2004/01/19 11:47:04 | 000,509,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMW13n.dll
[2004/01/19 11:45:38 | 000,420,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMP13n.DLL
[2004/01/19 11:44:52 | 000,143,872 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif13n.dll
[2004/01/19 11:36:48 | 000,056,832 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd13n.dll
[2004/01/19 11:36:36 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd13n.dll
[2004/01/19 11:36:32 | 000,026,624 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx13n.dll
[2004/01/19 11:36:24 | 000,065,536 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpct13n.dll
[2004/01/19 11:36:18 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmsp13n.dll
[2004/01/19 11:35:56 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmac13n.dll
[2004/01/19 11:35:34 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfimg13n.dll
[2004/01/19 11:34:50 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfclp13n.dll
[2004/01/19 11:34:42 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp13n.dll
[2004/01/19 11:33:48 | 000,444,928 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg13n.dll
[2004/01/19 11:32:18 | 000,265,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTDIS13n.dll
[2000/05/02 04:17:00 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\PCDLIB32.DLL
[1999/11/18 23:00:00 | 000,284,032 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Program Files\XceedZip.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/25 19:49:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lyndee1\Desktop\OTL.exe
[2013/01/25 19:15:49 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/01/25 19:05:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/25 18:39:39 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5F3AD2B9-F968-4C76-9068-B46A1B5ACB8F}.job
[2013/01/25 17:26:13 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/01/25 17:15:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/24 21:49:49 | 000,000,251 | ---- | M] () -- C:\Documents and Settings\lyndee1\Desktop\Optus myZOO - Webmail (2).url
[2013/01/24 15:29:52 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\lyndee1\Desktop\Google.url
[2013/01/22 17:22:08 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2013/01/21 10:29:19 | 000,000,238 | ---- | M] () -- C:\Documents and Settings\lyndee1\Desktop\Optus myZOO - Webmail.url
[2013/01/14 17:54:33 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/14 17:45:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/14 17:20:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/14 16:21:49 | 000,476,344 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/14 16:21:49 | 000,085,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/13 14:19:59 | 000,000,426 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5F3AD2B9-F968-4C76-9068-B46A1B5ACB8F}.job
[2013/01/12 18:08:42 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/12/19 21:29:54 | 000,000,003 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\rrn.dat
[2012/09/01 19:21:54 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/02/15 15:22:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/07 19:27:13 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\lp3codec32win.dll
[2011/05/18 19:36:09 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\lyndee1\Application Data\inst.exe
[2011/05/18 19:36:09 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\lyndee1\Application Data\pcouffin.cat
[2011/05/18 19:36:09 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\lyndee1\Application Data\pcouffin.inf
[2011/05/18 19:34:05 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\lyndee1\Application Data\vso_ts_preview.xml
[2011/03/29 19:37:56 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/03/29 19:37:56 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/03/29 19:37:41 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\lyndee1\Application Data\$_hpcst$.hpc
[2011/03/02 17:29:08 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/01/22 21:10:14 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\lyndee1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/31 16:37:04 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\lyndee1\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/10/20 14:22:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 10:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 22:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 10:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/01/29 16:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1738A
[2010/12/13 18:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2E261
[2011/06/05 19:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\312DE
[2012/09/18 18:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/07/11 21:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/01/09 14:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2012/06/10 17:19:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/01/08 19:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/08/17 22:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eConsole
[2010/08/05 16:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2009/12/09 18:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/08/03 19:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fisher-Price
[2012/12/20 19:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2009/07/23 07:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2010/04/10 17:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2011/03/29 19:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/18 18:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2012/09/01 20:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2012/07/12 09:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/02/22 19:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/30 16:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/01/08 11:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2012/06/16 11:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2012/01/07 20:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/19 19:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/12/30 16:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\AnvSoft
[2013/01/12 17:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\avidemux
[2012/07/11 21:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\Babylon
[2011/01/09 14:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\Canneverbe Limited
[2009/12/09 17:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\DriverCure
[2012/10/14 17:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\ElevatedDiagnostics
[2008/06/17 22:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\EPSON
[2010/08/14 13:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\Fisher-Price
[2011/05/18 20:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\FreeAudioPack
[2010/08/05 18:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\FreeFileViewer
[2011/06/06 16:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\FreeVideoConverter
[2011/06/06 16:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\FrostWire
[2010/12/24 12:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\GetRightToGo
[2013/01/12 17:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\HandBrake
[2010/12/24 12:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\iJoysoft
[2013/01/12 17:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\ilividtoolbarguid
[2011/06/05 20:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\imeshbandmltbpi
[2009/09/11 20:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\iShell
[2013/01/09 15:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\Leadertech
[2012/12/30 20:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\Leawo
[2011/06/06 21:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\mediabarim
[2013/01/01 11:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\MPEG Streamclip
[2011/06/01 16:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\myfreezetoolbar
[2013/01/12 17:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\OpenCandy
[2011/03/29 19:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\PC Suite
[2011/06/06 20:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\RegistryKeys
[2011/03/29 19:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\Samsung
[2013/01/12 17:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\tiger-k
[2012/12/30 16:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\TuneUp Software
[2011/05/18 19:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lyndee1\Application Data\Vso

========== Purity Check ==========



< End of report >

Edited by ocsum, 25 January 2013 - 05:08 AM.

  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double-click on erunt-setup.exe to install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Create a System Restore point:

  • Click on Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like GTG Backup for example then press the Create button and once it's done click on Close
Next:

Let myself know when completed the above and or if any problems encountered. Also there should be another log created by OTL when you ran it on the desktop, called extras.txt.

Post the contents of the aforementioned log in you next reply also and we will then go from there, thank you.
  • 0

#3
ocsum

ocsum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi Dakeyras and thank you for your time.
I've done the back up of the registry and this is the OTL extras.txt log

OTL Extras logfile created on: 26/01/2013 10:52:25 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\lyndee1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

447.48 Mb Total Physical Memory | 135.80 Mb Available Physical Memory | 30.35% Memory free
1.03 Gb Paging File | 0.63 Gb Available in Paging File | 60.63% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.25 Gb Total Space | 53.23 Gb Free Space | 73.67% Space Free | Partition Type: NTFS
Drive D: | 73.31 Gb Total Space | 27.55 Gb Free Space | 37.59% Space Free | Partition Type: FAT32

Computer Name: ACER | User Name: lyndee1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-4038266451-457648012-2459450891-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
"C:\Program Files\Acer\Acer eConsole\MediaSync.exe" = C:\Program Files\Acer\Acer eConsole\MediaSync.exe:*:Enabled:Media Synchronizer -- (Acer Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Acer\Acer eConsole\eConsole.exe" = C:\Program Files\Acer\Acer eConsole\eConsole.exe:*:Enabled:eConsole -- (Acer Inc.)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\lyndee1\Local Settings\Temporary Internet Files\Content.IE5\LMQP4MOC\solutoinstaller12[1].exe" = C:\Documents and Settings\lyndee1\Local Settings\Temporary Internet Files\Content.IE5\LMQP4MOC\solutoinstaller12[1].exe:*:Enabled:SolutoInstaller


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C1B233-D218-484B-8078-9375482C5608}" = LeapFrog Tag Plugin
"{0CB98AC0-D691-4B21-AD3D-95982517021D}" = Acer WLAN 11g USB Dongle
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 35
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}" = Acer eMode Management
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}" = e-tax 2012
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EA110D11-7F62-4FE9-91B4-57ED480C1C9F}" = Picture Organiser
"{EC028E6B-F3F1-4192-B63E-A7C97302ED5A}" = Acer eConsole
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"EfntSSDSL" = Siemens Subscriber Networks SpeedStream DSL
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESCX3900 User's Guide" = ESCX3900 User's Guide
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iMesh 1 MediaBar" = MediaBar
"InstallShield_{0CB98AC0-D691-4B21-AD3D-95982517021D}" = Acer WLAN 11g USB Dongle
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OcaHistoryUpd" = OCA Client history tool install
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UPCShell" = LeapFrog Connect
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 4.0 [32-Bit]
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect

Error encountered while reading event logs.

< End of report >


Cheers
Pete
  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

thank you for your time

You're welcome.

I've done the back up of the registry

Good, did you also create a system restore point ? If not do so before proceeding with the below please.

Peer to Peer Advice:

It appears BearShare, FrostWire and LimeWire are either installed and or have been. If you have used any recently, you can be fairly confident this is a principal reason your computer became infected.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like BearShare, FrostWire, utorrent, Bittorrent, Azureus, Limewire and Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

My friendly advice would be to uninstall/remove the aforementioned(if it is just the remnants left for all three, merely inform me and we can remove those later on). However if you opt not to...please refrain from using them for the duration of the malware removal process, thank you.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

MediaBar <-- Has undesirable/unsafe characteristics.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Scan with AdwCleaner:

Please download AdwCleaner from here and save to your desktop.

Alternate downloads are here or here.

  • Doube-click on adwcleaner.exe to launch the application.
  • Now click on the Delete tab >> follow the prompts.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case should be something like S1.

Scan with JRT:

Please download Junkware Removal Tool to your desktop.

Note: Temp shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Doube-click on JRT.exe to launch the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Scan with RogueKiller:

Please download RogueKiller to your desktop

Alternate downloads are here or here.

  • Quit all running programs
  • Double-click on RogueKiller.exe to start the application.
  • Let the pre-scan complete, then click on Accept option when the disclaimer window appears.
  • Now click on the Scan tab back in the RogueKiller main window.
  • The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com
  • Please post the contents of the RKreport.txt in your next reply.
Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • AdwCleaner Log.
  • Junkware Removal Tool Log.
  • RogueKiller Log.

  • 0

#5
ocsum

ocsum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Good, did you also create a system restore point ?

Yes,after I ran the ERUNT program from your first post.

I ran the AdwCleaner.EXE,JRT.EXE and RougeKiller.EXE,but I have a question,on the Rouge killer program it did the scan and found 10 items in the registry tab,It asks "please look at the different tabs and delete items with the buttons"
Should I delete,I'm not sure?

The Adwcleaner,JRT and RougeKiller Logs

# AdwCleaner v2.109 - Logfile created 01/28/2013 at 09:08:29
# Updated 26/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : lyndee1 - ACER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\lyndee1\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\DOCUME~1\lyndee1\LOCALS~1\Temp\{f34c9277-6577-4dff-b2d7-7d58092f272f}
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\lyndee1\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\lyndee1\Application Data\ilividtoolbarguid
Folder Deleted : C:\Documents and Settings\lyndee1\Application Data\imeshbandmltbpi
Folder Deleted : C:\Documents and Settings\lyndee1\Application Data\mediabarim
Folder Deleted : C:\Documents and Settings\lyndee1\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\lyndee1\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Program Files\PriceGong
Folder Deleted : C:\Program Files\search results toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Surf Canyon
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AU&userid=2d87efbd-0cd1-489d-8bde-b57d8bc3171e&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AU&userid=2d87efbd-0cd1-489d-8bde-b57d8bc3171e&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AU&userid=2d87efbd-0cd1-489d-8bde-b57d8bc3171e&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [10912 octets] - [28/01/2013 09:08:29]

########## EOF - C:\AdwCleaner[S1].txt - [10973 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.2 (01.26.2013:2)
OS: Microsoft Windows XP x86
Ran by lyndee1 on Mon 28/01/2013 at 9:20:30.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0bd6f992-62ad-47f7-aca6-299729be4e2b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\w3i"
Successfully deleted: [Folder] "C:\Documents and Settings\lyndee1\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\lyndee1\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files\w3i"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 28/01/2013 at 9:27:00.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : lyndee1 [Admin rights]
Mode : Scan -- Date : 01/28/2013 09:34:27
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : EPSON Stylus CX3900 Series (C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\DOCUME~1\lyndee1\LOCALS~1\Temp\E_S1C4.tmp" /EF "HKCU") -> FOUND
[RUN][BLACKLISTDLL] HKLM\[...]\Run : SiSPower (Rundll32.exe SiSPower.dll,ModeAgent) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : EPSON Stylus CX3900 Series (C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\WINDOWS\TEMP\E_S147.tmp" /EF "HKLM") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4038266451-457648012-2459450891-1006[...]\Run : EPSON Stylus CX3900 Series (C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\DOCUME~1\lyndee1\LOCALS~1\Temp\E_S1C4.tmp" /EF "HKCU") -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721616PLA380 +++++
--- User ---
[MBR] dc534a15c2dce51ce9ac04af4e887d4d
[BSP] 0c68bea6a283c7da1b9b987ab07afb1f : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 7993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16370235 | Size: 73986 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 167895315 | Size: 75085 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01282013_02d0934.txt >>
RKreport[1]_S_01282013_02d0934.txt



Cheers
Pete
  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Yes,after I ran the ERUNT program from your first post.

Acknowledged.

I have a question,on the Rouge killer program it did the scan and found 10 items in the registry tab,It asks "please look at the different tabs and delete items with the buttons"
Should I delete,I'm not sure?

We will address those shorty, reason I advised RogueKiller to be ran in scan mode only was so I could review the output first before deciding on the appropriate course of action etc.

Now some unnecessary Start-up items have been flagged by RogueKiller. Relating to your Epson printer and the SIS software. Removing these will improve overall performance a tad. However if you wish to keep them do not select the below after rescanning with RogueKiller/before clicking on the Delete tab etc:-

[RUN][SUSP PATH] HKCU\[...]\Run : EPSON Stylus CX3900 Series (C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\DOCUME~1\lyndee1\LOCALS~1\Temp\E_S1C4.tmp" /EF "HKCU") -> FOUND
[RUN][BLACKLISTDLL] HKLM\[...]\Run : SiSPower (Rundll32.exe SiSPower.dll,ModeAgent) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : EPSON Stylus CX3900 Series (C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\WINDOWS\TEMP\E_S147.tmp" /EF "HKLM") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4038266451-457648012-2459450891-1006[...]\Run : EPSON Stylus CX3900 Series (C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\DOCUME~1\lyndee1\LOCALS~1\Temp\E_S1C4.tmp" /EF "HKCU") -> FOUND

Though opting to remove them will not affect the software and both will still run as on-demand when you access/need them.

Re-scan with RogueKiller:

Run the scan again as outlined prior and it will create a new log called RKreport[2].txt. I actually have no need to review this one...

After the scan is complete, click on the Delete button, once complete click on the ShortcutsFix button.

Post the contents of both RKreport[3].txt and RKreport[4].txt in your next reply.

Re-scan with OTL:

  • Double-click on OTL.exe to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, one Notepad file will open.
  • Post the contents of the new OTL log in your next reply.

  • 0

#7
ocsum

ocsum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi Dakeyras,
Here goes:

OTL logfile created on: 28/01/2013 9:19:00 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\lyndee1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

447.48 Mb Total Physical Memory | 145.12 Mb Available Physical Memory | 32.43% Memory free
1.03 Gb Paging File | 0.54 Gb Available in Paging File | 52.31% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.25 Gb Total Space | 54.77 Gb Free Space | 75.81% Space Free | Partition Type: NTFS
Drive D: | 73.31 Gb Total Space | 27.65 Gb Free Space | 37.72% Space Free | Partition Type: FAT32

Computer Name: ACER | User Name: lyndee1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\lyndee1\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\Program Files\Acer\Acer eMode Management\AspireService.exe (Acer Inc.)
PRC - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\WINDOWS\system32\SysMonitor.exe ( )
PRC - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\Acer TV-FM\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)


========== Modules (No Company Name) ==========

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b2ef9143\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c3d8174f\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d5c6a12f\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_12a8b23a\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - C:\WINDOWS\system32\PSIService.exe ()
MOD - C:\Program Files\Acer\Acer eConsole\MediaUtil.dll ()
MOD - C:\Program Files\Acer\Acer eConsole\log4cxx.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\it41.dll ()
MOD - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe ()
MOD - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe ()
MOD - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\Acer TV-FM\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\Acer TV-FM\Kernel\TV\CLSchedps.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\imagefile.dll ()


========== Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (Acer Media Server) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe (Acer Inc.)
SRV - (CLSched) -- C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SSNDIS5) -- System32\Drivers\SSNDIS5.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (cpuz135) -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (MpKslba3cf76c) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C01992A9-D94F-475C-B510-9B19A8C70FE9}\MpKslba3cf76c.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog)
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (LVHybrid) -- C:\WINDOWS\system32\drivers\LVHybrid.sys (Animation Technologies Inc.)
DRV - (HCW88TSE) -- C:\WINDOWS\system32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88BDA) -- C:\WINDOWS\system32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88AUD) -- C:\WINDOWS\system32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc)
DRV - (ENETHUSB) -- C:\WINDOWS\system32\drivers\enethusb.sys (Siemens Subscriber Networks, Inc.)
DRV - (ZD1211BU(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)
DRV - (ZD1211U(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (genmcmnUSB) -- C:\WINDOWS\system32\drivers\gflmouhid.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=UP50
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=OIE8HP&PC=UP50
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=UP50
IE - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS02/110
IE - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=OIE8HP&PC=UP50
IE - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


[2010/01/29 18:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lyndee1\Application Data\Mozilla\Extensions
[2010/01/29 18:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lyndee1\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2004/08/04 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Updater For My.Freeze.com Toolbar) - {C26CD490-5F01-41E3-B150-EB29F19DA056} - C:\Program Files\myfreezetoolbar\auxi\myfreezetoolbAu.dll File not found
O2 - BHO: (no name) - {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe ( )
O4 - HKLM..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer TV-FM\PCMService.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341990030828 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C54A949C-A5FF-41B8-98A9-04DC560FD932}: DhcpNameServer = 10.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\lyndee1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\lyndee1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/20 14:17:16 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/28 09:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Desktop\RK_Quarantine
[2013/01/28 09:20:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/01/28 09:17:00 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/28 09:16:22 | 000,536,387 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\lyndee1\Desktop\JRT.exe
[2013/01/27 22:14:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/01/27 22:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\erunt
[2013/01/27 22:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/01/27 22:03:04 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\lyndee1\Desktop\erunt-setup.exe
[2013/01/26 20:09:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/26 10:51:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lyndee1\Desktop\OTL.exe
[2013/01/12 17:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Navman
[2013/01/12 17:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3GainPRO
[2013/01/12 17:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain
[2013/01/12 17:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2013/01/12 17:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Aimersoft
[2013/01/12 17:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2013/01/12 17:43:26 | 000,000,000 | ---D | C] -- C:\etax2009
[2013/01/12 17:43:26 | 000,000,000 | ---D | C] -- C:\etax2008
[2013/01/11 16:14:10 | 000,000,000 | ---D | C] -- C:\8c57bf8a889d0dfd3c9c35ec72
[2013/01/09 15:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\Leadertech
[2013/01/08 21:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\vlc
[2013/01/08 21:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\AppData
[2013/01/07 21:56:33 | 000,000,000 | ---D | C] -- C:\TQWCD
[2013/01/04 16:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/01/01 13:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\HandBrake
[2013/01/01 11:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\MPEG Streamclip
[2012/12/30 20:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\tiger-k
[2012/12/30 20:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\Leawo
[2012/12/30 18:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\avidemux
[2012/12/30 16:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\TuneUp Software
[2012/12/30 16:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/12/30 16:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyndee1\Application Data\AnvSoft
[2012/06/07 18:02:25 | 006,955,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[2011/05/18 19:36:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\lyndee1\Application Data\pcouffin.sys
[2004/10/11 19:46:32 | 000,205,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltefx13n.dll
[2004/01/19 14:31:00 | 000,153,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil13n.DLL
[2004/01/19 13:31:06 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfiff13n.dll
[2004/01/19 13:31:06 | 000,020,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfCUT13n.dll
[2004/01/19 12:31:50 | 000,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn13n.dll
[2004/01/19 12:12:00 | 000,089,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfcgm13n.dll
[2004/01/19 11:49:52 | 000,278,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFJ2K13n.dll
[2004/01/19 11:49:08 | 000,180,736 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpng13n.dll
[2004/01/19 11:47:36 | 000,076,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfwmf13n.dll
[2004/01/19 11:47:04 | 000,509,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMW13n.dll
[2004/01/19 11:45:38 | 000,420,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMP13n.DLL
[2004/01/19 11:44:52 | 000,143,872 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif13n.dll
[2004/01/19 11:36:48 | 000,056,832 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd13n.dll
[2004/01/19 11:36:36 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd13n.dll
[2004/01/19 11:36:32 | 000,026,624 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx13n.dll
[2004/01/19 11:36:24 | 000,065,536 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpct13n.dll
[2004/01/19 11:36:18 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmsp13n.dll
[2004/01/19 11:35:56 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmac13n.dll
[2004/01/19 11:35:34 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfimg13n.dll
[2004/01/19 11:34:50 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfclp13n.dll
[2004/01/19 11:34:42 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp13n.dll
[2004/01/19 11:33:48 | 000,444,928 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg13n.dll
[2004/01/19 11:32:18 | 000,265,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTDIS13n.dll
[2000/05/02 04:17:00 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\PCDLIB32.DLL
[1999/11/18 23:00:00 | 000,284,032 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Program Files\XceedZip.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/28 21:00:19 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\lyndee1\Desktop\Virus, Spyware, Malware Removal - Geeks to Go Forums.url
[2013/01/28 20:46:50 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5F3AD2B9-F968-4C76-9068-B46A1B5ACB8F}.job
[2013/01/28 19:49:55 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/01/28 14:38:19 | 000,000,251 | ---- | M] () -- C:\Documents and Settings\lyndee1\Desktop\Optus myZOO - Webmail (2).url
[2013/01/28 09:50:51 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\lyndee1\Desktop\Google.url
[2013/01/28 09:33:07 | 000,768,512 | ---- | M] () -- C:\Documents and Settings\lyndee1\Desktop\RogueKiller.exe
[2013/01/28 09:21:06 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/01/28 09:16:45 | 000,536,387 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\lyndee1\Desktop\JRT.exe
[2013/01/28 09:10:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/28 09:07:13 | 000,580,235 | ---- | M] () -- C:\Documents and Settings\lyndee1\Desktop\adwcleaner.exe
[2013/01/27 22:12:26 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\lyndee1\Desktop\NTREGOPT.lnk
[2013/01/27 22:12:26 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\lyndee1\Desktop\ERUNT.lnk
[2013/01/27 22:09:41 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\lyndee1\Desktop\erunt-setup.exe
[2013/01/26 10:51:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lyndee1\Desktop\OTL.exe
[2013/01/26 10:48:06 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/22 17:22:08 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2013/01/21 10:29:19 | 000,000,238 | ---- | M] () -- C:\Documents and Settings\lyndee1\Desktop\Optus myZOO - Webmail.url
[2013/01/14 17:45:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/14 17:20:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/14 16:21:49 | 000,476,344 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/14 16:21:49 | 000,085,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/06 15:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/28 09:32:59 | 000,768,512 | ---- | C] () -- C:\Documents and Settings\lyndee1\Desktop\RogueKiller.exe
[2013/01/28 09:06:46 | 000,580,235 | ---- | C] () -- C:\Documents and Settings\lyndee1\Desktop\adwcleaner.exe
[2013/01/27 22:12:26 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\lyndee1\Desktop\NTREGOPT.lnk
[2013/01/27 22:12:26 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\lyndee1\Desktop\ERUNT.lnk
[2013/01/25 21:02:43 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\lyndee1\Desktop\Virus, Spyware, Malware Removal - Geeks to Go Forums.url
[2013/01/13 14:19:59 | 000,000,426 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5F3AD2B9-F968-4C76-9068-B46A1B5ACB8F}.job
[2013/01/12 18:08:42 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/12/19 21:29:54 | 000,000,003 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\rrn.dat
[2012/09/01 19:21:54 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/02/15 15:22:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/07 19:27:13 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\lp3codec32win.dll
[2011/05/18 19:36:09 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\lyndee1\Application Data\inst.exe
[2011/05/18 19:36:09 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\lyndee1\Application Data\pcouffin.cat
[2011/05/18 19:36:09 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\lyndee1\Application Data\pcouffin.inf
[2011/05/18 19:34:05 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\lyndee1\Application Data\vso_ts_preview.xml
[2011/03/29 19:37:56 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/03/29 19:37:56 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/03/29 19:37:41 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\lyndee1\Application Data\$_hpcst$.hpc
[2011/03/02 17:29:08 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/01/22 21:10:14 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\lyndee1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/31 16:37:04 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\lyndee1\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/10/20 14:22:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 10:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 22:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 10:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


RougeKiller Report #3

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : lyndee1 [Admin rights]
Mode : Scan -- Date : 01/28/2013 21:16:06
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721616PLA380 +++++
--- User ---
[MBR] dc534a15c2dce51ce9ac04af4e887d4d
[BSP] 0c68bea6a283c7da1b9b987ab07afb1f : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 7993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16370235 | Size: 73986 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 167895315 | Size: 75085 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_S_01282013_02d2116.txt >>
RKreport[1]_S_01282013_02d0934.txt ; RKreport[2]_D_01282013_02d2114.txt ; RKreport[3]_S_01282013_02d2116.txt

RougeKiller Report #4

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : lyndee1 [Admin rights]
Mode : Remove -- Date : 01/28/2013 21:16:19
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721616PLA380 +++++
--- User ---
[MBR] dc534a15c2dce51ce9ac04af4e887d4d
[BSP] 0c68bea6a283c7da1b9b987ab07afb1f : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 7993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16370235 | Size: 73986 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 167895315 | Size: 75085 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_D_01282013_02d2116.txt >>
RKreport[1]_S_01282013_02d0934.txt ; RKreport[2]_D_01282013_02d2114.txt ; RKreport[3]_S_01282013_02d2116.txt ; RKreport[4]_D_01282013_02d2116.txt



Rougekiller Report #5

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : lyndee1 [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/28/2013 21:17:24
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 4 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 141 / Fail 0
My documents: Success 17 / Fail 17
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 683 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\Harddisk1\DP(1)0-0+8 -- 0x2 --> Restored
[G:] \Device\Harddisk2\DP(1)0-0+9 -- 0x2 --> Restored
[H:] \Device\Harddisk3\DP(1)0-0+a -- 0x2 --> Restored
[I:] \Device\Harddisk4\DP(1)0-0+b -- 0x2 --> Restored

Finished : << RKreport[5]_SC_01282013_02d2117.txt >>
RKreport[1]_S_01282013_02d0934.txt ; RKreport[2]_D_01282013_02d2114.txt ; RKreport[3]_S_01282013_02d2116.txt ; RKreport[4]_D_01282013_02d2116.txt ; RKreport[5]_SC_01282013_02d2117.txt

Cheers
Pete
  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Lets proceed as follows shall we...

Adobe/Java Advice:

Have you recently uninstalled Java ? If so not a problem but if not I do advise uninstalling the following:-

Java™ 6 Update 35
Java Auto Updater


I strongly advise against re-installing a updated version at present because the software as a whole has been exploited of late and your machine could end up seriously infected. Even though this exploit has been reportedly fixed there is still a vulnerability with the software.

Your choice if you wish to go ahead and reinstall(I will provide specific instructions later on) but as mentioned I advise against it and for the present I do not even have anything Java related installed on my machines.

So let myself know what you wish to do about this in your next reply please.

--------------

Also uninstall Adobe Reader 7.1.0. As out of date Adobe Reader installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update this in due course.

Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Updater For My.Freeze.com Toolbar) - {C26CD490-5F01-41E3-B150-EB29F19DA056} - C:\Program Files\myfreezetoolbar\auxi\myfreezetoolbAu.dll File not found
O2 - BHO: (no name) - {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4038266451-457648012-2459450891-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)

:Files
ipconfig /flushdns /c
C:\Program Files\myfreezetoolbar

:Commands
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The log-file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Please download the installer for Malwarebytes' Anti-Malware to your desktop.

Note: The installer will be randomly named, say for example something like 549od2jqai.exe

  • Double-click on the randomly named exe file then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:

  • Launch Malwarebytes' Anti-Malware
  • Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Answer to my Java query.
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#9
ocsum

ocsum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi Dakeyras,
My computer seems to be running a bit faster,though i wonder if its the RAM size (448MB)
The Java query,we have been having major flooding in our region cutting roads off and proterty,trying to get on the internet to find info was frustrating so I thought to try and remove Java and Adobe to see if it would make a difference......it didn't


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35\ deleted successfully.
C:\WINDOWS\system32\npdeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C26CD490-5F01-41E3-B150-EB29F19DA056}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C26CD490-5F01-41E3-B150-EB29F19DA056}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4038266451-457648012-2459450891-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4038266451-457648012-2459450891-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\lyndee1\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\lyndee1\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\myfreezetoolbar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: lyndee1
->Temp folder emptied: 220610794 bytes
->Temporary Internet Files folder emptied: 43533386 bytes
->Java cache emptied: 1 bytes
->Flash cache emptied: 1710 bytes

User: NetworkService
->Temp folder emptied: 736788 bytes
->Temporary Internet Files folder emptied: 3713233 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7786571 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 297175106 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 710696 bytes

Total Files Cleaned = 548.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01292013_065422

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\lyndee1\Local Settings\Temp\~DFBBEE.tmp not found!
File\Folder C:\Documents and Settings\lyndee1\Local Settings\Temp\~DFBBFA.tmp not found!
File\Folder C:\Documents and Settings\lyndee1\Local Settings\Temp\~DFBC53.tmp not found!
File\Folder C:\Documents and Settings\lyndee1\Local Settings\Temp\~DFBC5F.tmp not found!
File\Folder C:\Documents and Settings\lyndee1\Local Settings\Temp\~DFBC8C.tmp not found!
File\Folder C:\Documents and Settings\lyndee1\Local Settings\Temp\~DFBC98.tmp not found!
C:\Documents and Settings\lyndee1\Local Settings\Temporary Internet Files\Content.IE5\W0ICKVDS\si[1].htm moved successfully.
C:\Documents and Settings\lyndee1\Local Settings\Temporary Internet Files\Content.IE5\OCCQEVF6\326700-acer-aspire-runs-very-slow[1].htm moved successfully.
C:\Documents and Settings\lyndee1\Local Settings\Temporary Internet Files\Content.IE5\6BWFDYFG\si[1].htm moved successfully.
C:\Documents and Settings\lyndee1\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\TMP000000016FE61577A70ECBB4 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35\ deleted successfully.
C:\WINDOWS\system32\npdeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C26CD490-5F01-41E3-B150-EB29F19DA056}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C26CD490-5F01-41E3-B150-EB29F19DA056}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4038266451-457648012-2459450891-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4038266451-457648012-2459450891-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\lyndee1\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\lyndee1\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\myfreezetoolbar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: lyndee1
->Temp folder emptied: 220610794 bytes
->Temporary Internet Files folder emptied: 43533386 bytes
->Java cache emptied: 1 bytes
->Flash cache emptied: 1710 bytes

User: NetworkService
->Temp folder emptied: 736788 bytes
->Temporary Internet Files folder emptied: 3713233 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7786571 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 297175106 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 710696 bytes

Total Files Cleaned = 548.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01292013_065422

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\lyndee1\Local Settings\Temp\~DFBBEE.tmp not found!
File\Folder C:\Documents and Settings\lyndee1\Local Settings\Temp\~DFBBFA.tmp not found!
File\Folder C:\Documents and Settings\lyndee1\Local Settings\Temp\~DFBC53.tmp not found!
File\Folder C:\Documents and Settings\lyndee1\Local Settings\Temp\~DFBC5F.tmp not found!
File\Folder C:\Documents and Settings\lyndee1\Local Settings\Temp\~DFBC8C.tmp not found!
File\Folder C:\Documents and Settings\lyndee1\Local Settings\Temp\~DFBC98.tmp not found!
C:\Documents and Settings\lyndee1\Local Settings\Temporary Internet Files\Content.IE5\W0ICKVDS\si[1].htm moved successfully.
C:\Documents and Settings\lyndee1\Local Settings\Temporary Internet Files\Content.IE5\OCCQEVF6\326700-acer-aspire-runs-very-slow[1].htm moved successfully.
C:\Documents and Settings\lyndee1\Local Settings\Temporary Internet Files\Content.IE5\6BWFDYFG\si[1].htm moved successfully.
C:\Documents and Settings\lyndee1\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\TMP000000016FE61577A70ECBB4 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

MBAM found 6 files hijacked and removed them

I would like to use adobe as wife uses Facebook alot and alot of videos use the Adobe Flashplayer.

Cheers
Pete

Edited by ocsum, 28 January 2013 - 03:39 PM.

  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

My computer seems to be running a bit faster,though i wonder if its the RAM size (448MB)

Good and aye the machine would benefit from some upgraded memory modules...

If you wish to check if the installed memory can be upgraded, Crucial have a small scanner(CrucialScan.exe) which is perfectly safe to download and run. Which will advise if the system can support any upgraded memory modules. Not sure if they cater for Australia to be honest but at least you will get a rough idea what to purchase if a upgrade is possible from a IT Store in your area for example.

I thought to try and remove Java and Adobe to see if it would make a difference......it didn't

Fair play, I still advise against re-installing Java but if do want it back merely inform myself and as mentioned prior we will re-install Adobe Reader in due course.

wife uses Facebook alot and alot of videos use the Adobe Flashplayer

Did you uninstall Adobe Flashplayer also ? If so merely inform myself and we can re-install that also in due course.

MBAM found 6 files hijacked and removed them

I would like to review this log please.

Check Hard Disk For Errors:

Click on Start >> Run.. >> then copy/paste the following command into the box and press OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.
  • 0

Advertisements


#11
ocsum

ocsum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi Dakeyras,
the computer is a lot faster now and wife alot happier.

Did you uninstall Adobe Flashplayer also ? If so merely inform myself and we can re-install that also in due course.

I will need to install Adobe flash flayer and Adobe reader.Java doesn't worry me at all as I didn't see the benifit before so I won't bother now.

The hard disk log.

The type of the file system is NTFS.
Volume label is ACER.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
Recovering orphaned file tmp.edb (10395) into directory file 21753.
Recovering orphaned file ~DF4278.tmp (13951) into directory file 22053.
Recovering orphaned file ~DF4284.tmp (17567) into directory file 22053.
Recovering orphaned file ~DF42BE.tmp (17613) into directory file 22053.
Recovering orphaned file ~DF42CA.tmp (17616) into directory file 22053.
Recovering orphaned file IPB_ST~1.CSS (17641) into directory file 750.
Recovering orphaned file ipb_styles[1].css (17641) into directory file 750.
Recovering orphaned file IPB_ED~1.CSS (17648) into directory file 750.
Recovering orphaned file ipb_editor[1].css (17648) into directory file 750.
Recovering orphaned file IPB_CO~1.CSS (17649) into directory file 750.
Recovering orphaned file ipb_common[1].css (17649) into directory file 750.
Recovering orphaned file IPB_PR~1.CSS (17658) into directory file 750.
Recovering orphaned file ipb_print[1].css (17658) into directory file 750.
Recovering orphaned file ipb[1].js (17663) into directory file 750.
Recovering orphaned file IPB_1_~1.JS (17663) into directory file 750.
Recovering orphaned file CALEND~1.CSS (17670) into directory file 750.
Recovering orphaned file calendar_select[1].css (17670) into directory file 750.
Recovering orphaned file IPBLAN~1.JS (17673) into directory file 445.
Recovering orphaned file ipb.lang[1].js (17673) into directory file 445.
Recovering orphaned file PROTOT~1.JS (18041) into directory file 2947.
Recovering orphaned file prototype[1].js (18041) into directory file 2947.
Recovering orphaned file SCRIPT~1.JS (18102) into directory file 2947.
Recovering orphaned file scriptaculous[1].js (18102) into directory file 2947.
Recovering orphaned file EFFECT~1.JS (18224) into directory file 445.
Recovering orphaned file effects[1].js (18224) into directory file 445.
Recovering orphaned file DRAGDR~1.JS (18225) into directory file 445.
Recovering orphaned file dragdrop[1].js (18225) into directory file 445.
Recovering orphaned file BUILDE~1.JS (18558) into directory file 750.
Recovering orphaned file builder[1].js (18558) into directory file 750.
Recovering orphaned file IPSQUI~1.JS (18560) into directory file 2947.
Recovering orphaned file ips.quickpm[1].js (18560) into directory file 2947.
Recovering orphaned file logo[1].png (18786) into directory file 445.
Recovering orphaned file LOGO_1~1.PNG (18786) into directory file 445.
Recovering orphaned file FACEBO~1.PNG (18794) into directory file 445.
Recovering orphaned file facebook[1].png (18794) into directory file 445.
Recovering orphaned file TWITTE~1.PNG (18828) into directory file 750.
Recovering orphaned file twitter[1].png (18828) into directory file 750.
Recovering orphaned file WELCOM~1.PNG (18829) into directory file 2947.
Recovering orphaned file welcome-g2g[1].png (18829) into directory file 2947.
Recovering orphaned file DROPDO~1.PNG (18831) into directory file 2947.
Recovering orphaned file dropdown[1].png (18831) into directory file 2947.
Recovering orphaned file LIGHT_~1.PNG (18844) into directory file 750.
Recovering orphaned file light_toast[1].png (18844) into directory file 750.
Recovering orphaned file ga[1].js (18862) into directory file 750.
Recovering orphaned file GA_1_~1.JS (18862) into directory file 750.
Recovering orphaned file T_CLOS~1.PNG (18865) into directory file 750.
Recovering orphaned file t_closed[1].png (18865) into directory file 750.
Recovering orphaned file T_HOT_~1.PNG (18873) into directory file 445.
Recovering orphaned file t_hot_unread[1].png (18873) into directory file 445.
Recovering orphaned file ATTACH~1.GIF (19033) into directory file 750.
Recovering orphaned file attachicon[1].gif (19033) into directory file 750.
Recovering orphaned file T_UNRE~1.PNG (19055) into directory file 2947.
Recovering orphaned file t_unread[1].png (19055) into directory file 2947.
Recovering orphaned file quant[1].js (19059) into directory file 2947.
Recovering orphaned file QUANT_~1.JS (19059) into directory file 2947.
Recovering orphaned file gpt[1].js (19081) into directory file 445.
Recovering orphaned file GPT_1_~1.JS (19081) into directory file 445.
Recovering orphaned file ARRV_W~1.GIF (19121) into directory file 445.
Recovering orphaned file arrv_white[1].gif (19121) into directory file 445.
Recovering orphaned file TOPIC_~1.PNG (19126) into directory file 844.
Recovering orphaned file topic_button_left[1].png (19126) into directory file 844.
Recovering orphaned file TOPIC_~1.PNG (19612) into directory file 2947.
Recovering orphaned file topic_button_right[1].png (19612) into directory file 2947.
Recovering orphaned file DISCLA~1.PNG (19916) into directory file 445.
Recovering orphaned file disclaimer[1].png (19916) into directory file 445.
Recovering orphaned file FACEBO~2.PNG (20010) into directory file 445.
Recovering orphaned file facebook[2].png (20010) into directory file 445.
Recovering orphaned file TWITTE~1.PNG (20070) into directory file 445.
Recovering orphaned file twitter[1].png (20070) into directory file 445.
Recovering orphaned file rss32[1].png (20134) into directory file 750.
Recovering orphaned file RSS32_~1.PNG (20134) into directory file 750.
Recovering orphaned file vglnk[1].js (20144) into directory file 2947.
Recovering orphaned file VGLNK_~1.JS (20144) into directory file 2947.
Recovering orphaned file CC_80X~1.PNG (20146) into directory file 750.
Recovering orphaned file cc_80x15[1].png (20146) into directory file 750.
Recovering orphaned file GOOGLE~1.PNG (20160) into directory file 750.
Recovering orphaned file googleplus[1].png (20160) into directory file 750.
Recovering orphaned file al[1].asp (20177) into directory file 2947.
Recovering orphaned file AL_1_~1.ASP (20177) into directory file 2947.
Recovering orphaned file SHOW_A~1.JS (20325) into directory file 844.
Recovering orphaned file show_ads[1].js (20325) into directory file 844.
Recovering orphaned file GOOGLE~1.JS (20328) into directory file 844.
Recovering orphaned file google_ads_gpt[1].js (20328) into directory file 844.
Recovering orphaned file BEACON~1.JS (20345) into directory file 844.
Recovering orphaned file beacon[1].js (20345) into directory file 844.
Recovering orphaned file QXT1NW6N.txt (20352) into directory file 25238.
Recovering orphaned file Y6Z784B6.txt (20353) into directory file 25238.
Recovering orphaned file FRAMEI~1.DAT (20354) into directory file 28171.
Recovering orphaned file frameiconcache.dat (20354) into directory file 28171.
Recovering orphaned file ~DF56CA.tmp (20448) into directory file 22053.
Recovering orphaned file MSHIST~1 (20470) into directory file 22056.
Recovering orphaned file MSHist012013013020130131 (20470) into directory file 22056.
Recovering orphaned file FAVICO~2.ICO (20490) into directory file 2947.
Recovering orphaned file favicon[2].ico (20490) into directory file 2947.
Recovering orphaned file DATA_1~1.JS (20510) into directory file 2947.
Recovering orphaned file data_1357578433[1].js (20510) into directory file 2947.
Recovering orphaned file FX2_13~1.JS (20517) into directory file 2947.
Recovering orphaned file fx2_1353596579[1].js (20517) into directory file 2947.
Recovering orphaned file UI_135~1.JS (20518) into directory file 844.
Recovering orphaned file ui_1354719365[1].js (20518) into directory file 844.
Recovering orphaned file ITXT_1~1.JS (20519) into directory file 844.
Recovering orphaned file itxt_1347965782[1].js (20519) into directory file 844.
Recovering orphaned file CORE_1~1.JS (20528) into directory file 844.
Recovering orphaned file core_1354719365[1].js (20528) into directory file 844.
Recovering orphaned file ~DF5BA0.tmp (20557) into directory file 22053.
Recovering orphaned file ~DF5BC3.tmp (20708) into directory file 22053.
Recovering orphaned file TMPL_1~1.JS (20717) into directory file 445.
Recovering orphaned file tmpl_1352478969[1].js (20717) into directory file 445.
Recovering orphaned file FX_135~1.JS (20718) into directory file 2947.
Recovering orphaned file fx_1352896232[1].js (20718) into directory file 2947.
Recovering orphaned file UI_MOB~1.JS (21619) into directory file 750.
Recovering orphaned file ui_mobile_1358346876[1].js (21619) into directory file 750.
Recovering orphaned file ITXTCS~1.CSS (21630) into directory file 2947.
Recovering orphaned file itxtcss_1357578412[1].css (21630) into directory file 2947.
Recovering orphaned file DEBUG_~1.JS (21655) into directory file 445.
Recovering orphaned file debug_1336489573[1].js (21655) into directory file 445.
Recovering orphaned file METRIC~1.JS (21666) into directory file 445.
Recovering orphaned file metrics_1329390699[1].js (21666) into directory file 445.
Recovering orphaned file INPUT_~1.PNG (21808) into directory file 750.
Recovering orphaned file input_text[1].png (21808) into directory file 750.
Recovering orphaned file ~DF5E11.tmp (21893) into directory file 22053.
Recovering orphaned file UI_CLA~1.JS (21915) into directory file 750.
Recovering orphaned file ui_classic_1351083710[1].js (21915) into directory file 750.
Recovering orphaned file UI_IMP~1.JS (22301) into directory file 750.
Recovering orphaned file ui_impetus_1358504332[1].js (22301) into directory file 750.
Recovering orphaned file ~DF5EB0.tmp (22314) into directory file 22053.
Recovering orphaned file px[1].gif (22330) into directory file 445.
Recovering orphaned file PX_1_~1.GIF (22330) into directory file 445.
Recovering orphaned file LOADIN~1.GIF (22333) into directory file 445.
Recovering orphaned file loading[1].gif (22333) into directory file 445.
Recovering orphaned file init[1] (22335) into directory file 844.
Recovering orphaned file INIT_1~1 (22335) into directory file 844.
Recovering orphaned file init[1] (22344) into directory file 445.
Recovering orphaned file INIT_1~1 (22344) into directory file 445.
Recovering orphaned file SPRITE~1.PNG (22354) into directory file 750.
Recovering orphaned file sprite_lr_edges[1].png (22354) into directory file 750.
Recovering orphaned file CHROME~2.PNG (22361) into directory file 750.
Recovering orphaned file chrome2012_sprites_4[1].png (22361) into directory file 750.
Recovering orphaned file IPSSIG~1.JS (22368) into directory file 445.
Recovering orphaned file ips.signin[1].js (22368) into directory file 445.
Recovering orphaned file ipb[1].js (22386) into directory file 2947.
Recovering orphaned file IPB_1_~1.JS (22386) into directory file 2947.
Recovering orphaned file IPSSHA~1.JS (22410) into directory file 445.
Recovering orphaned file ips.sharelinks[1].js (22410) into directory file 445.
Recovering orphaned file IPSTOP~1.JS (22413) into directory file 445.
Recovering orphaned file ips.topic[1].js (22413) into directory file 445.
Recovering orphaned file IDENTI~1.PNG (22414) into directory file 844.
Recovering orphaned file identicon-374883-65-65[1].png (22414) into directory file 844.
Recovering orphaned file AV-235~1.JPG (22417) into directory file 2947.
Recovering orphaned file av-235300[1].jpg (22417) into directory file 2947.
Recovering orphaned file GEEKU_~1.PNG (22419) into directory file 2947.
Recovering orphaned file geeku_mod[1].png (22419) into directory file 2947.
Recovering orphaned file smile[1].gif (22429) into directory file 750.
Recovering orphaned file SMILE_~1.GIF (22429) into directory file 750.
Recovering orphaned file print[1].png (22433) into directory file 844.
Recovering orphaned file PRINT_~1.PNG (22433) into directory file 844.
Recovering orphaned file DOWNLO~1.PNG (22455) into directory file 445.
Recovering orphaned file download[1].png (22455) into directory file 445.
Recovering orphaned file PRETTI~1.JS (22465) into directory file 750.
Recovering orphaned file prettify[1].js (22465) into directory file 750.
Recovering orphaned file LANG-S~1.JS (22498) into directory file 750.
Recovering orphaned file lang-sql[1].js (22498) into directory file 750.
Recovering orphaned file LIGHTB~1.JS (22573) into directory file 750.
Recovering orphaned file lightbox[1].js (22573) into directory file 750.
Recovering orphaned file BULLET~1.PNG (22589) into directory file 844.
Recovering orphaned file bullet_green[1].png (22589) into directory file 844.
Recovering orphaned file CITATI~1.PNG (22604) into directory file 844.
Recovering orphaned file citation_bg[1].png (22604) into directory file 844.
Recovering orphaned file ads[1] (22664) into directory file 844.
Recovering orphaned file ADS_1_~1 (22664) into directory file 844.
Recovering orphaned file ads[1] (22674) into directory file 2947.
Recovering orphaned file ADS_1_~1 (22674) into directory file 2947.
Recovering orphaned file al[1].asp (22688) into directory file 750.
Recovering orphaned file AL_1_~1.ASP (22688) into directory file 750.
Recovering orphaned file 70Q0M5D1.txt (22691) into directory file 25238.
Recovering orphaned file 756814~1.JPG (22750) into directory file 2947.
Recovering orphaned file 7568143683313634340[1].jpg (22750) into directory file 2947.
Recovering orphaned file 414046~1.JPG (22757) into directory file 445.
Recovering orphaned file 4140466876853874482[1].jpg (22757) into directory file 445.
Recovering orphaned file s[1].htm (22772) into directory file 750.
Recovering orphaned file S_1_~1.HTM (22772) into directory file 750.
Recovering orphaned file abg[4].js (22778) into directory file 445.
Recovering orphaned file ABG_4_~1.JS (22778) into directory file 445.
Recovering orphaned file AD_CHO~1.PNG (22787) into directory file 445.
Recovering orphaned file ad_choices_i[1].png (22787) into directory file 445.
Recovering orphaned file icon1[1].png (22815) into directory file 445.
Recovering orphaned file ICON1_~1.PNG (22815) into directory file 445.
Recovering orphaned file SHOW_A~3.JS (22817) into directory file 844.
Recovering orphaned file show_ads[2].js (22817) into directory file 844.
Recovering orphaned file osd[1].js (22823) into directory file 844.
Recovering orphaned file OSD_1_~1.JS (22823) into directory file 844.
Recovering orphaned file AD_CHO~1.PNG (22827) into directory file 750.
Recovering orphaned file ad_choices_en[1].png (22827) into directory file 750.
Recovering orphaned file SHOW_A~2.JS (22834) into directory file 2947.
Recovering orphaned file show_ads_impl[2].js (22834) into directory file 2947.
Recovering orphaned file LOADIN~2.GIF (22839) into directory file 445.
Recovering orphaned file loading[2].gif (22839) into directory file 445.
Recovering orphaned file CLOSEL~1.GIF (22844) into directory file 750.
Recovering orphaned file closelabel[1].gif (22844) into directory file 750.
Recovering orphaned file RE52E4~1.JS (22866) into directory file 844.
Recovering orphaned file render_ads[5].js (22866) into directory file 844.
Recovering orphaned file WDTS4XD6.txt (22868) into directory file 25238.
Recovering orphaned file init[1] (22872) into directory file 750.
Recovering orphaned file INIT_1~1 (22872) into directory file 750.
Recovering orphaned file SPACER~1.GIF (22873) into directory file 750.
Recovering orphaned file spacer[1].gif (22873) into directory file 750.
Recovering orphaned file ads[2] (22883) into directory file 2947.
Recovering orphaned file ADS_2_~1 (22883) into directory file 2947.
Recovering orphaned file EXPAND~1.JS (22884) into directory file 445.
Recovering orphaned file expandableflash_1351256125[1].js (22884) into directory file 445.
Recovering orphaned file GENERI~1.JS (22888) into directory file 445.
Recovering orphaned file genericflash_1352367151[1].js (22888) into directory file 445.
Recovering orphaned file si[1].htm (22889) into directory file 844.
Recovering orphaned file SI_1_~1.HTM (22889) into directory file 844.
Recovering orphaned file B41UMNO1.txt (22892) into directory file 25238.
Recovering orphaned file IPB_LO~1.CSS (22906) into directory file 2947.
Recovering orphaned file ipb_login_register[1].css (22906) into directory file 2947.
Recovering orphaned file EXPAND~1.JS (22908) into directory file 2947.
Recovering orphaned file expandableunit_1347031349[1].js (22908) into directory file 2947.
Recovering orphaned file GENERI~1.JS (22909) into directory file 2947.
Recovering orphaned file generic_1341223698[1].js (22909) into directory file 2947.
Recovering orphaned file front[1].asp (22911) into directory file 844.
Recovering orphaned file FRONT_~1.ASP (22911) into directory file 844.
Recovering orphaned file al[1].asp (22912) into directory file 844.
Recovering orphaned file AL_1_~1.ASP (22912) into directory file 844.
Recovering orphaned file IPB_ED~2.CSS (22915) into directory file 750.
Recovering orphaned file ipb_editor[2].css (22915) into directory file 750.
Recovering orphaned file ipb[2].js (22916) into directory file 2947.
Recovering orphaned file IPB_2_~1.JS (22916) into directory file 2947.
Recovering orphaned file TWITTE~2.PNG (22937) into directory file 750.
Recovering orphaned file twitter_login[1].png (22937) into directory file 750.
Recovering orphaned file al[1].asp (22947) into directory file 445.
Recovering orphaned file AL_1_~1.ASP (22947) into directory file 445.
Recovering orphaned file 5IW1GQVM.txt (22964) into directory file 25238.
Recovering orphaned file 326700~1.HTM (22966) into directory file 750.
Recovering orphaned file 326700-acer-aspire-runs-very-slow[1].htm (22966) into directory file 750.
Recovering orphaned file X2B1PY5J.txt (22973) into directory file 25238.
Recovering orphaned file IPB_CO~1.CSS (22974) into directory file 844.
Recovering orphaned file ipb_common[1].css (22974) into directory file 844.
Recovering orphaned file CALEND~1.CSS (22997) into directory file 2947.
Recovering orphaned file calendar_select[1].css (22997) into directory file 2947.
Recovering orphaned file IPB_ST~1.CSS (23006) into directory file 445.
Recovering orphaned file ipb_styles[1].css (23006) into directory file 445.
Recovering orphaned file PRETTI~1.CSS (23011) into directory file 445.
Recovering orphaned file prettify[1].css (23011) into directory file 445.
Recovering orphaned file IPB_PR~2.CSS (23013) into directory file 750.
Recovering orphaned file ipb_print[2].css (23013) into directory file 750.
Recovering orphaned file ipb[1].js (23014) into directory file 844.
Recovering orphaned file IPB_1_~1.JS (23014) into directory file 844.
Recovering orphaned file IPSEDI~1.JS (23015) into directory file 2947.
Recovering orphaned file ips.editor[1].js (23015) into directory file 2947.
Recovering orphaned file OPTS_A~1.PNG (23016) into directory file 750.
Recovering orphaned file opts_arrow[1].png (23016) into directory file 750.
Recovering orphaned file help[1].png (23017) into directory file 844.
Recovering orphaned file HELP_1~1.PNG (23017) into directory file 844.
Recovering orphaned file ARROW_~1.PNG (23028) into directory file 2947.
Recovering orphaned file arrow_rotate_clockwise[1].png (23028) into directory file 2947.
Recovering orphaned file TRANSM~1.PNG (23029) into directory file 445.
Recovering orphaned file transmit_blue[1].png (23029) into directory file 445.
Recovering orphaned file PAGE_W~1.PNG (23037) into directory file 750.
Recovering orphaned file page_white_add[1].png (23037) into directory file 750.
Recovering orphaned file USER_G~1.PNG (23039) into directory file 844.
Recovering orphaned file user_green[1].png (23039) into directory file 844.
Recovering orphaned file USER_P~1.PNG (23048) into directory file 2947.
Recovering orphaned file user_popup[1].png (23048) into directory file 2947.
Recovering orphaned file BULLET~1.PNG (23050) into directory file 445.
Recovering orphaned file bullet_black[1].png (23050) into directory file 445.
Recovering orphaned file REPORT~1.PNG (23061) into directory file 750.
Recovering orphaned file report[1].png (23061) into directory file 750.
Recovering orphaned file COMMEN~1.PNG (23062) into directory file 844.
Recovering orphaned file comment_edit[1].png (23062) into directory file 844.
Recovering orphaned file COMMEN~1.PNG (23064) into directory file 2947.
Recovering orphaned file comment_add[1].png (23064) into directory file 2947.
Recovering orphaned file INFORM~1.PNG (23068) into directory file 445.
Recovering orphaned file information[1].png (23068) into directory file 445.
Recovering orphaned file POST_B~1.PNG (23074) into directory file 750.
Recovering orphaned file post_button_left[1].png (23074) into directory file 750.
Recovering orphaned file POST_B~1.PNG (23076) into directory file 844.
Recovering orphaned file post_button_right[1].png (23076) into directory file 844.
Recovering orphaned file USER_O~1.PNG (23077) into directory file 2947.
Recovering orphaned file user_off[1].png (23077) into directory file 2947.
Recovering orphaned file USER_A~1.PNG (23081) into directory file 445.
Recovering orphaned file user_add[1].png (23081) into directory file 445.
Recovering orphaned file EMAIL_~1.PNG (23092) into directory file 750.
Recovering orphaned file email_open[1].png (23092) into directory file 750.
Recovering orphaned file CLOSE_~1.PNG (23093) into directory file 844.
Recovering orphaned file close_popup[1].png (23093) into directory file 844.
Recovering orphaned file REMOVE~1.PNG (23096) into directory file 2947.
Recovering orphaned file remove_formatting[1].png (23096) into directory file 2947.
Recovering orphaned file FONT_C~1.PNG (23098) into directory file 2947.
Recovering orphaned file font_color[1].png (23098) into directory file 2947.
Recovering orphaned file SPELLC~1.PNG (23101) into directory file 2947.
Recovering orphaned file spellcheck[1].png (23101) into directory file 2947.
Recovering orphaned file RESIZE~1.PNG (23154) into directory file 2947.
Recovering orphaned file resize_small[1].png (23154) into directory file 2947.
Recovering orphaned file help[1].png (23170) into directory file 2947.
Recovering orphaned file HELP_1~1.PNG (23170) into directory file 2947.
Recovering orphaned file redo[1].png (23189) into directory file 2947.
Recovering orphaned file REDO_1~1.PNG (23189) into directory file 2947.
Recovering orphaned file RESIZE~1.PNG (23213) into directory file 445.
Recovering orphaned file resize_big[1].png (23213) into directory file 445.
Recovering orphaned file bold[1].png (23218) into directory file 445.
Recovering orphaned file BOLD_1~1.PNG (23218) into directory file 445.
Recovering orphaned file undo[1].png (23250) into directory file 750.
Recovering orphaned file UNDO_1~1.PNG (23250) into directory file 750.
Recovering orphaned file ITALIC~1.PNG (23251) into directory file 844.
Recovering orphaned file italic[1].png (23251) into directory file 844.
Recovering orphaned file UNDERL~1.PNG (23259) into directory file 750.
Recovering orphaned file underline[1].png (23259) into directory file 750.
Recovering orphaned file UNORDE~1.PNG (23260) into directory file 844.
Recovering orphaned file unordered_list[1].png (23260) into directory file 844.
Recovering orphaned file ORDERE~1.PNG (23264) into directory file 445.
Recovering orphaned file ordered_list[1].png (23264) into directory file 445.
Recovering orphaned file EMOTIC~1.PNG (23267) into directory file 750.
Recovering orphaned file emoticons[1].png (23267) into directory file 750.
Recovering orphaned file GRADIE~1.PNG (23273) into directory file 844.
Recovering orphaned file gradient_bg[1].png (23273) into directory file 844.
Recovering orphaned file GUM2[1].png (23284) into directory file 844.
Recovering orphaned file GUM2_1~1.PNG (23284) into directory file 844.
Recovering orphaned file email[1].png (23287) into directory file 445.
Recovering orphaned file EMAIL_~1.PNG (23287) into directory file 445.
Recovering orphaned file link[1].png (23293) into directory file 750.
Recovering orphaned file LINK_1~1.PNG (23293) into directory file 750.
Recovering orphaned file PICTUR~1.PNG (23298) into directory file 445.
Recovering orphaned file picture[1].png (23298) into directory file 445.
Recovering orphaned file quote[1].png (23320) into directory file 750.
Recovering orphaned file QUOTE_~1.PNG (23320) into directory file 750.
Recovering orphaned file media[1].png (23325) into directory file 844.
Recovering orphaned file MEDIA_~1.PNG (23325) into directory file 844.
Recovering orphaned file ALIGN_~1.PNG (23334) into directory file 445.
Recovering orphaned file align_right[1].png (23334) into directory file 445.
Recovering orphaned file ALIGN_~1.PNG (23342) into directory file 750.
Recovering orphaned file align_center[1].png (23342) into directory file 750.
Recovering orphaned file code[1].png (23343) into directory file 844.
Recovering orphaned file CODE_1~1.PNG (23343) into directory file 844.
Recovering orphaned file INDENT~1.PNG (23346) into directory file 2947.
Recovering orphaned file indent[1].png (23346) into directory file 2947.
Recovering orphaned file ALIGN_~2.PNG (23357) into directory file 445.
Recovering orphaned file align_left[1].png (23357) into directory file 445.
Recovering orphaned file OUTDEN~1.PNG (23360) into directory file 750.
Recovering orphaned file outdent[1].png (23360) into directory file 750.
Recovering orphaned file RTE_AR~1.PNG (23364) into directory file 844.
Recovering orphaned file rte_arrow[1].png (23364) into directory file 844.
Recovering orphaned file STRIKE~1.PNG (23368) into directory file 2947.
Recovering orphaned file strike[1].png (23368) into directory file 2947.
Recovering orphaned file SUBSCR~1.PNG (23372) into directory file 445.
Recovering orphaned file subscript[1].png (23372) into directory file 445.
Recovering orphaned file SUPERS~1.PNG (23374) into directory file 750.
Recovering orphaned file superscript[1].png (23374) into directory file 750.
Recovering orphaned file STATS_~1.PNG (23382) into directory file 844.
Recovering orphaned file stats_time[1].png (23382) into directory file 844.
Recovering orphaned file STATS_~1.PNG (23394) into directory file 2947.
Recovering orphaned file stats_server[1].png (23394) into directory file 2947.
Recovering orphaned file STATS_~1.PNG (23400) into directory file 445.
Recovering orphaned file stats_database[1].png (23400) into directory file 445.
Recovering orphaned file GPLUS-~1.PNG (23405) into directory file 750.
Recovering orphaned file gplus-16[1].png (23405) into directory file 750.
Recovering orphaned file feed[1].png (23408) into directory file 844.
Recovering orphaned file FEED_1~1.PNG (23408) into directory file 844.
Recovering orphaned file SMALL-~1.PNG (23410) into directory file 2947.
Recovering orphaned file small-p-button[1].png (23410) into directory file 2947.
Recovering orphaned file FAVICO~2.ICO (23415) into directory file 445.
Recovering orphaned file favicon[2].ico (23415) into directory file 445.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

75762539 KB total disk space.
18021096 KB in 80065 files.
28236 KB in 9340 indexes.
0 KB in bad sectors.
179895 KB in use by the system.
65536 KB occupied by the log file.
57533312 KB available on disk.

4096 bytes in each allocation unit.
18940634 total allocation units on disk.
14383328 allocation units available on disk.


MBAM found 6 files hijacked and removed them

I would like to review this log please.


Sorry I couldn't find the log that MBMA done with the hijacked files.
What happens now with all the logs and anti malware programs on the desktop?

Cheers
Pete
  • 0

#12
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

the computer is a lot faster now and wife alot happier.

Good.

I will need to install Adobe flash flayer and Adobe reader

We will address that after completion of the below etc.

Sorry I couldn't find the log that MBMA done with the hijacked files.

Fair play.

What happens now with all the logs and anti malware programs on the desktop?

I will provide specific instructions when I give the all clear.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in cmd and click on OK.
  • At the Command Prompt C:\ > type the following:
  • cd c:\ and hit the Enter/Return key.
  • Now type in defrag c: -f
  • A analysis report will be displayed and then Windows will start the Defragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in chkdsk c: /r and hit the Enter/Return key.
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in exit and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#13
ocsum

ocsum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi Dakeyras,

Come home from work and turned computer on to check this thread,computer was slow,even slower then before because it to several attempts in turning the power off then back on again to get around the freezing.Windows seemed to have started ok each time but when I'd go to click on a short cut on desktop (Google) it would freeze for 5-10 minutes without doing anything.
What I noticed if it makes any difference,last night after running the MBAM program the computer was a lot quicker and in the task bar/tray down the bottom I had an icon that when you hover the curser over it it says "Safetly Remove Hardware" It looks to be a green arrow above a harddrive I think,if that makes sense.Well started computer up this arvo and the icon was back in the task tray and we're back to running slow again.....
Sorry for the complaint I thought I was seeing the light at the end of the tunnel.
Also I ran the CHKDSK doing the Graphical mode and noticed the icons in the task tray(all 4 of them - MBAM,Microsoft security essentials,volume and Safetly remove hardware)swapped around......Do you think this is odd?

Anyway heres the log for ESET online scanner

C:\Documents and Settings\lyndee1\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.3.windows.exe multiple threats
C:\Program Files\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1589\A0215203.dll a variant of Win32/Toolbar.CrossRider.A application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1589\A0215207.exe Win32/Toolbar.CrossRider.B application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1591\A0215543.exe a variant of Win32/CNETInstaller.A application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1591\A0215544.exe a variant of Win32/InstallBrain.O application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1607\A0216712.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1607\A0216714.dll Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1607\A0216715.dll a variant of Win32/Toolbar.MyWebSearch.Q application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1607\A0216716.dll Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1607\A0216733.exe a variant of Win32/Adware.RK application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1607\A0217712.dll a variant of Win32/Adware.RK.AM application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1607\A0217713.exe a variant of Win32/Adware.RK.AE application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1611\A0217790.exe a variant of Win32/InstallCore.W application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1621\A0219656.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1621\A0219657.exe Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1621\A0219658.exe Win32/OpenCandy application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1621\A0219660.exe Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1621\A0219661.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1621\A0219662.exe Win32/OpenCandy application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1621\A0219682.exe a variant of Win32/Toolbar.SearchSuite.A application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1621\A0219684.dll a variant of Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1621\A0219686.dll a variant of Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1621\A0219704.exe a variant of Win32/InstallCore.W application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1621\A0220275.exe a variant of Win32/InstallBrain.O application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1644\A0230656.exe a variant of Win32/Speedchecker.A application
C:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1644\A0230667.msi multiple threats
C:\WECPSetup.exe a variant of Win32/InstallCore.W application
D:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1621\A0221041.exe a variant of Win32/Bundled.Toolbar.Ask application
D:\System Volume Information\_restore{1A2FE54D-9D26-4B44-ADCA-479EBEE5A642}\RP1621\A0221042.exe Win32/OpenCandy application


What gets me worried is two of the 27 infections are in my D:\

Thank you Dakeyras for your patience.

Cheers
Pete
  • 0

#14
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thank you Dakeyras for your patience.

You're welcome.

Sorry for the complaint I thought I was seeing the light at the end of the tunnel.

Not a problem I assure you.

Come home from work and turned computer on to check this thread,computer was slow,even slower then before because it to several attempts in turning the power off then back on again to get around the freezing.Windows seemed to have started ok each time but when I'd go to click on a short cut on desktop (Google) it would freeze for 5-10 minutes without doing anything.

OK running through the Hard-Drive Maintenance/Repair again will probably make some difference as a first run is at times not enough.

Also I ran the CHKDSK doing the Graphical mode and noticed the icons in the task tray(all 4 of them - MBAM,Microsoft security essentials,volume and Safetly remove hardware)swapped around......Do you think this is odd?

No it is not really and or a cause for concern, basically when a machine is booted up whatever loads first etc will show up in the system tray before something else from time to time.

What gets me worried is two of the 27 infections are in my D:\

They are merely infected system restore points and we will create a new clean one/flush those when I give the all clear. As for the rest of the detections they are merely false positives and no further action is required...

Scan with SCC:

Please download Shortcut Cleaner to the desktop.

Double click on sc-cleaner.exe >> follow the prompts and post the contents of sc-cleaner.txt in your next reply.

StartUpLite:

Please download this small application from here.

It is very simple to use and quite effective and will advise about any unnecessary system startups that can be safely removed.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Next:

Then perform the Hard-Drive Maintenance/Repair procedure again. When completed the above post back to let myself know. Also include the requested Shortcut Cleaner log, how the machine is performing now and we will then go from there thank you.
  • 0

#15
ocsum

ocsum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi Dakeyras,
I ran the SC-Cleaner,heres the log

Shortcut Cleaner 1.0.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
Program started at: 01/31/2013 05:18:25 AM.


Searching C:\Documents and Settings\lyndee1\Start Menu\

Searching C:\Documents and Settings\All Users\Start Menu\

Searching C:\Documents and Settings\lyndee1\Application Data\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Documents and Settings\All Users\Desktop\

Searching C:\Documents and Settings\lyndee1\Desktop\

0 bad shortcuts found.

Program finished at: 01/31/2013 05:18:29 AM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)


Unfortunately the TFC.exe program didn't work at all
It downloaded ok,but when I run the programe it opens,click START and nothing happens,I get
"Getting user floders"
"Stopping running processes"
The cursor becomes an hourglass and the computer freezes,nothing happens even after 20 mins.The on;y way to use the computer is to turn it off and restart as TFC locks the computer up.
I even tried to do a CHKDSK and rerun the TFC.exe but that didn't make any difference.

Cheers
Pete

Edited by ocsum, 31 January 2013 - 05:18 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP