Here is the OTL Fix log:
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\58795:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\58795:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\58795:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\58795:UDP deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 02262013_192626
OTL.txt log:
OTL logfile created on: 2/26/2013 7:34:18 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.98 Mb Total Physical Memory | 621.71 Mb Available Physical Memory | 60.83% Memory free
2.41 Gb Paging File | 2.01 Gb Available in Paging File | 83.62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 129.45 Gb Free Space | 86.85% Space Free | Partition Type: NTFS
Computer Name: JESS-DELL | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\WINXP\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
========== Modules (No Company Name) ========== MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
========== Services (SafeList) ========== SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
========== Driver Services (SafeList) ========== DRV - (XDva391) -- C:\WINXP\system32\XDva391.sys File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (EagleXNt) -- C:\WINXP\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\WINXP\system32\drivers\EagleNT.sys File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINXP\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (HssDrv) -- C:\WINXP\system32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\WINXP\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (avipbb) -- C:\WINXP\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINXP\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (dtsoftbus01) -- C:\WINXP\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avkmgr) -- C:\WINXP\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (b57w2k) -- C:\WINXP\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\WINXP\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\WINXP\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (VIAudio) -- C:\WINXP\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...ferrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1767777339-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKU\S-1-5-21-1078081533-1767777339-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-1078081533-1767777339-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1078081533-1767777339-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 CF 7C A0 21 FF CD 01 [binary data]
IE - HKU\S-1-5-21-1078081533-1767777339-1417001333-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1078081533-1767777339-1417001333-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...Box&Form=IE8SRCIE - HKU\S-1-5-21-1078081533-1767777339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1767777339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
http://www.google.comCHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.14.1_0\plugin/blackfishietab.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: WOT = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.9_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: IE Tab = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\4.2.22.2_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINXP\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1078081533-1767777339-1417001333-500..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1767777339-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66}
http://avatar.mabino....2010.05.24.cab (MabinogiWebAvatarRenderer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6796D18-389A-480F-BEDF-104A5D19952E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/26 09:15:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2013/02/25 16:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2013/02/25 15:01:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/25 14:42:47 | 000,000,000 | ---D | C] -- C:\WINXP\System32\appmgmt
[2013/02/17 14:17:36 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2013/02/17 14:07:39 | 000,000,000 | ---D | C] -- C:\WINXP\ERDNT
[2013/02/17 14:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/02/17 14:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/02/16 16:45:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/02/16 16:00:05 | 000,000,000 | ---D | C] -- C:\WINXP\SxsCaPendDel
[2013/02/09 00:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mumble
[2013/02/08 21:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mumble
[2013/02/08 21:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mumble
[2013/02/08 21:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2013/02/06 17:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2013/02/06 17:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/06 17:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/02/06 17:41:07 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys
[2013/02/06 17:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/02 01:15:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/02/02 01:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/02/02 01:15:44 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/02/26 19:32:27 | 000,432,784 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2013/02/26 19:32:27 | 000,067,740 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2013/02/26 19:28:02 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2013/02/26 19:27:39 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2013/02/26 18:52:00 | 000,001,010 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1767777339-1417001333-500UA.job
[2013/02/25 21:52:00 | 000,000,958 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1767777339-1417001333-500Core.job
[2013/02/25 14:29:43 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/02/21 17:59:39 | 000,002,362 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/21 17:59:38 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2013/02/17 14:20:31 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2013/02/17 14:18:57 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2013/02/17 14:03:54 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2013/02/17 14:03:54 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2013/02/16 16:45:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/02/16 16:18:20 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Talk.lnk
[2013/02/13 16:49:39 | 000,190,592 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT
[2013/02/13 16:45:23 | 000,001,374 | ---- | M] () -- C:\WINXP\imsins.BAK
[2013/02/08 21:54:50 | 000,002,378 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MumbleAutomaticCertificateBackup.p12
[2013/02/08 21:49:17 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2013/02/06 17:41:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/06 07:03:16 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ Mabinogi .lnk
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/02/17 14:20:31 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2013/02/17 14:03:54 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2013/02/17 14:03:54 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2013/02/16 16:18:20 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Talk.lnk
[2013/02/08 21:54:50 | 000,002,378 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MumbleAutomaticCertificateBackup.p12
[2013/02/08 21:49:17 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2013/02/06 17:41:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/02 01:15:46 | 000,002,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/09/01 16:38:33 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/14 23:44:28 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll
[2012/02/12 17:20:47 | 000,038,956 | -H-- | C] () -- C:\WINXP\System32\mlfcache.dat
[2011/11/13 01:05:38 | 000,000,262 | ---- | C] () -- C:\WINXP\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/10/03 23:11:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\ColorSet.ini
[2011/07/08 18:32:27 | 000,003,120 | ---- | C] () -- C:\WINXP\System32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
[2011/06/17 18:32:02 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2011/05/26 09:23:56 | 000,012,288 | ---- | C] () -- C:\WINXP\System32\e100bmsg.dll
[2011/05/26 09:18:03 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2011/05/26 09:12:28 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2011/05/26 05:00:46 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2011/05/26 04:59:38 | 000,190,592 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
========== ZeroAccess Check ========== [2011/08/14 02:23:32 | 000,000,227 | RHS- | M] () -- C:\WINXP\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINXP\system32\wbem\fastprox.dll -- [2010/09/16 11:11:04 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINXP\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
The FSS.txt log:
Farbar Service Scanner Version: 20-02-2013
Ran by Administrator (administrator) on 26-02-2013 at 19:48:14
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINXP\system32\dhcpcsvc.dll => MD5 is legit
C:\WINXP\system32\Drivers\afd.sys => MD5 is legit
C:\WINXP\system32\Drivers\netbt.sys => MD5 is legit
C:\WINXP\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINXP\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINXP\system32\dnsrslvr.dll => MD5 is legit
C:\WINXP\system32\ipnathlp.dll => MD5 is legit
C:\WINXP\system32\netman.dll => MD5 is legit
C:\WINXP\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINXP\system32\srsvc.dll => MD5 is legit
C:\WINXP\system32\Drivers\sr.sys => MD5 is legit
C:\WINXP\system32\wscsvc.dll => MD5 is legit
C:\WINXP\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINXP\system32\wuauserv.dll
[2011-05-26 09:13] - [2008-04-14 07:00] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A
C:\WINXP\system32\qmgr.dll => MD5 is legit
C:\WINXP\system32\es.dll => MD5 is legit
C:\WINXP\system32\cryptsvc.dll => MD5 is legit
C:\WINXP\system32\svchost.exe => MD5 is legit
C:\WINXP\system32\rpcss.dll => MD5 is legit
C:\WINXP\system32\services.exe
[2010-09-16 11:11] - [2010-09-16 11:11] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6
Extra List:
=======
Gpc(3) HssDrv(8) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000060000000700000008000000
IpSec Tag value is correct.
**** End of log ****
________
Lastly, I would like to stop the mentioned items from running at startup.