Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hacked by pokemon [Closed]

Started by YellowRubberDuck , Aug 17 2013 06:41 AM

  • This topic is locked This topic is locked

#1
YellowRubberDuck
Posted 17 August 2013 - 06:41 AM

YellowRubberDuck

    Member

  • Member
  • PipPipPip
  • 109 posts
Hi.

My IE browser's bar has this "Hacked by pokemon". The browser has stopped me from accessing this forum, cos when I typed in the forum's address, it said "IE cannot open the Internet site http://www.geekstogo.com/forum". Operation aborted. I had to install Firefox to open this site to post this. My OTL scan result as per below:

OTL logfile created on: 8/17/2013 8:01:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.36 Mb Total Physical Memory | 31.31 Mb Available Physical Memory | 14.02% Memory free
544.55 Mb Paging File | 231.63 Mb Available in Paging File | 42.54% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 132.76 Gb Free Space | 93.45% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.32 Gb Free Space | 19.01% Space Free | Partition Type: FAT32

Computer Name: YOUR-808953D619 | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/17 19:58:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
PRC - [2013/08/15 01:55:20 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2006/01/12 19:07:49 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
PRC - [2004/10/19 16:54:40 | 000,430,080 | ---- | M] () -- C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe
PRC - [2004/08/04 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/15 01:55:37 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2006/01/12 19:07:46 | 000,151,589 | ---- | M] () -- C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\bwfiles.dll
MOD - [2006/01/12 19:07:46 | 000,098,339 | ---- | M] () -- C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\FrExt.dll
MOD - [2006/01/12 19:07:46 | 000,061,496 | ---- | M] () -- C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\clntutil.dll
MOD - [2006/01/12 19:07:44 | 000,126,976 | ---- | M] () -- C:\Program Files\Updates from HP\9972322\Program\HPClientExt.dll
MOD - [2005/03/15 15:17:28 | 000,204,800 | ---- | M] () -- c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll
MOD - [2004/10/19 16:54:40 | 000,430,080 | ---- | M] () -- C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe
MOD - [2004/10/06 19:18:00 | 000,040,960 | ---- | M] () -- C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.dll
MOD - [2004/09/03 16:11:00 | 000,200,704 | ---- | M] () -- C:\Program Files\WLAN\802.11b+g USB WLAN\dot1x_dll.dll
MOD - [2004/03/05 15:00:00 | 000,827,392 | ---- | M] () -- C:\Program Files\WLAN\802.11b+g USB WLAN\libeay32.dll
MOD - [2004/03/05 15:00:00 | 000,155,648 | ---- | M] () -- C:\Program Files\WLAN\802.11b+g USB WLAN\ssleay32.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/08/15 01:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2009/05/12 09:17:46 | 000,098,432 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\telitusbser.sys -- (telitusbser)
DRV - [2008/06/20 17:52:06 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2005/10/18 21:15:42 | 004,034,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/09/23 21:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/08/14 06:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/04 08:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/03/04 19:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/10/06 18:49:04 | 000,248,320 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)
DRV - [2004/08/04 05:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/01/14 11:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.my/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found


FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/08/17 18:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2013/08/17 17:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/17 17:16:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2004/08/04 19:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MS32DLL] C:\WINDOWS\Bha.dll.vbs ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11b+g USB Wireless LAN Utility.lnk = C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7273E436-DB66-4460-B05A-9B270F6C0824}: DhcpNameServer = 15.243.128.51 15.243.160.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ED70459-ED01-4548-8984-04AA68384D9C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/12 19:04:36 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/08/17 20:00:48 | 000,000,096 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2013/08/17 20:00:50 | 000,000,096 | RHS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{59b0cf0a-33fd-11df-bfae-0016ec38a9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{59b0cf0a-33fd-11df-bfae-0016ec38a9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{59b0cf0a-33fd-11df-bfae-0016ec38a9ef}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{ad005bf2-83a7-11dc-bf9c-0016ec38a9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{ad005bf2-83a7-11dc-bf9c-0016ec38a9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad005bf2-83a7-11dc-bf9c-0016ec38a9ef}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{ad005bf3-83a7-11dc-bf9c-0016ec38a9ef}\Shell\Auto\command - "" = K:\RavMonE.exe e
O33 - MountPoints2\{ad005bf3-83a7-11dc-bf9c-0016ec38a9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad005bf3-83a7-11dc-bf9c-0016ec38a9ef}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/17 19:58:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2013/08/17 19:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Downloads
[2013/08/17 18:36:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/17 18:35:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2013/08/17 18:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/08/17 17:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla
[2013/08/17 17:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
[2013/08/17 17:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/08/17 17:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/08/17 17:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/17 17:01:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2013/08/17 16:57:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/17 20:04:08 | 000,003,848 | RHS- | M] () -- C:\WINDOWS\Bha.dll.vbs
[2013/08/17 20:04:08 | 000,003,848 | RHS- | M] () -- C:\Bha.dll.vbs
[2013/08/17 20:04:08 | 000,000,096 | RHS- | M] () -- C:\autorun.inf
[2013/08/17 19:58:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2013/08/17 19:01:24 | 000,384,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/17 19:01:24 | 000,054,396 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/17 18:58:33 | 000,000,182 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/08/17 18:57:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/17 18:56:58 | 000,309,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/17 18:56:57 | 234,278,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/17 18:53:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/17 17:16:24 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/17 17:16:16 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/08/17 16:40:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/17 17:16:23 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/17 17:16:16 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/08/17 17:16:16 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/20 21:23:32 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2006/08/07 21:03:52 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/01/12 18:16:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 13:42:48 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 18:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/01/13 10:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2010/11/17 23:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2006/12/10 07:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 8/17/2013 8:01:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.36 Mb Total Physical Memory | 31.31 Mb Available Physical Memory | 14.02% Memory free
544.55 Mb Paging File | 231.63 Mb Available in Paging File | 42.54% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 132.76 Gb Free Space | 93.45% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.32 Gb Free Space | 19.01% Space Free | Partition Type: FAT32

Computer Name: YOUR-808953D619 | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{055A0044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{43A44FC2-FC81-444F-B847-D93F535B7208}" = Neighbours From [bleep] 2
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{581CE7EA-A30D-0000-1211-088635773309}" = 802.11b+g USB Wireless LAN Adapter
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6900E3D5-7695-463E-98D7-2C940ED8214F}" = Sinbad - Legend Of The Seven Seas ™
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110002467}" = Inspector-Parker
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110074983}" = BeTrapped!
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110075733}" = Chainz
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110099903}" = Magic Inlay
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11015843}" = Ricochet Lost Worlds
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110166840}" = Ballistik
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110176513}" = Feeding Frenzy
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110194827}" = Jewel Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110250590}" = A Series of Unfortunate Events
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110261550}" = Shape Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110268640}" = Links® Course Challenge – Chateau Whistler
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11028247}" = Cubis Gold 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110294723}" = Mah Jong Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110313550}" = Jigsaw 365
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110325350}" = Mah Jong Medley
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110371640}" = Poker Superstars
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110375480}" = Luxor
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110379827}" = Wonderland - Secret Worlds
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11042853}" = Tumblebugs
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BCB8D603-985E-4765-B4AB-B4B991A535B7}" = Finding Nemo UWF
"{BCFC7B72-14C5-4FA2-B927-7DF64834882B}" = Mobile Connect
"{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7137AFD-4E43-47A6-BDC7-533808F72B36}" = muvee autoProducer 4.5
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"ATI Display Driver" = ATI Display Driver
"Dynomite Deluxe 2.71" = Dynomite Deluxe 2.71
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{BCB8D603-985E-4765-B4AB-B4B991A535B7}" = Finding Nemo: Nemo's Underwater World of Fun
"ITE_Autorun_173" = Evil Mirror
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Shockwave" = Shockwave
"Star Wars Early Learning Activity Center" = Star Wars Early Learning Activity Center
"Tarzan Action Game" = Tarzan Action Game
"TipTop Deluxe 1.1" = TipTop Deluxe 1.1
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/16/2007 7:15:37 PM | Computer Name = YOUR-808953D619 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3646, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/2/2008 3:57:45 AM | Computer Name = YOUR-808953D619 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3646, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/27/2010 7:40:13 AM | Computer Name = YOUR-808953D619 | Source = Application Error | ID = 1000
Description = Faulting application activity center.exe, version 0.0.0.0, faulting
module unknown, version 0.0.0.0, fault address 0x00000007.

Error - 2/27/2010 7:55:38 AM | Computer Name = YOUR-808953D619 | Source = Application Hang | ID = 1002
Description = Hanging application SheepD3D.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/20/2010 9:22:59 AM | Computer Name = YOUR-808953D619 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/20/2010 9:22:59 AM | Computer Name = YOUR-808953D619 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/20/2010 12:08:08 PM | Computer Name = YOUR-808953D619 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/20/2010 12:08:47 PM | Computer Name = YOUR-808953D619 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/20/2010 12:08:51 PM | Computer Name = YOUR-808953D619 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/20/2010 12:09:00 PM | Computer Name = YOUR-808953D619 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/17/2010 12:05:21 PM | Computer Name = YOUR-808953D619 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/17/2010 12:05:21 PM | Computer Name = YOUR-808953D619 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/17/2010 12:05:21 PM | Computer Name = YOUR-808953D619 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/17/2010 12:05:21 PM | Computer Name = YOUR-808953D619 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/17/2010 12:06:57 PM | Computer Name = YOUR-808953D619 | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 11/17/2010 12:06:57 PM | Computer Name = YOUR-808953D619 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/17/2010 12:06:57 PM | Computer Name = YOUR-808953D619 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 11/17/2010 12:06:57 PM | Computer Name = YOUR-808953D619 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/17/2010 12:06:57 PM | Computer Name = YOUR-808953D619 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/17/2013 4:41:33 AM | Computer Name = YOUR-808953D619 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
  • 0

Advertisements

#2
Crowbar
Posted 17 August 2013 - 08:01 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello YellowRubberDuck and welcome to the Virus, Spyware, Malware Removal forum !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
Also please note before we begin:
Please be aware that removing Malware can be a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot %100 guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before we start.

Hi - I always thought that Pokemon was one of the good guys!

It looks like you might have caught this from a removable drive, I will guide you to a utility that protects your removable drives and your computer from infected removable drives.

I see bigger issues, as you are running XP service pack 2. XP support ends very soon, and it will be very vulnerable. I urge you to consider moving to a supported operating system such as Vista or 7. For now I recommend that you update XP to SP3 as soon as we do some cleaning up. Also, your IE is painfully old and insecure, but you won't be able to update that until you move to Service Pack 3.

Let's remove some bad stuff and continue on:

Step 1

We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    O4 - HKLM..\Run: [MS32DLL] C:\WINDOWS\Bha.dll.vbs ()
    O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
    O33 - MountPoints2\{59b0cf0a-33fd-11df-bfae-0016ec38a9ef}\Shell - "" = AutoRun
    O33 - MountPoints2\{59b0cf0a-33fd-11df-bfae-0016ec38a9ef}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{59b0cf0a-33fd-11df-bfae-0016ec38a9ef}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\{ad005bf2-83a7-11dc-bf9c-0016ec38a9ef}\Shell - "" = AutoRun
    O33 - MountPoints2\{ad005bf2-83a7-11dc-bf9c-0016ec38a9ef}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{ad005bf2-83a7-11dc-bf9c-0016ec38a9ef}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
    O33 - MountPoints2\{ad005bf3-83a7-11dc-bf9c-0016ec38a9ef}\Shell\Auto\command - "" = K:\RavMonE.exe e
    O33 - MountPoints2\{ad005bf3-83a7-11dc-bf9c-0016ec38a9ef}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{ad005bf3-83a7-11dc-bf9c-0016ec38a9ef}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
    [2013/08/17 20:04:08 | 000,003,848 | RHS- | M] () -- C:\WINDOWS\Bha.dll.vbs
    [2013/08/17 20:04:08 | 000,003,848 | RHS- | M] () -- C:\Bha.dll.vbs
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 3
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Scan

Posted Image

A log will be produced at C:\ADWCleaner[XX].txt please attach that in your next post

Step 4
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next reply I would like to see:
  • OTL fix log (should pop up after the computer reboots when you run the OTL fix)
  • Roguekiller log files
  • ADWCleaner log file
  • checkup.txt

  • 0

#3
YellowRubberDuck
Posted 17 August 2013 - 11:07 PM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi. Believe me, this pokemon is bad.

1) While I was doing the steps above, Windows Update prompted me to update to SP3, so I did.
2) Now, I'm getting this message pop-up, "Windows - No Disk Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c". Whichever button I clicked, it pops back up. I just click til it stopped, but later it pops up again. What's happening?

The reports:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MS32DLL deleted successfully.
File move failed. C:\WINDOWS\Bha.dll.vbs scheduled to be moved on reboot.
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59b0cf0a-33fd-11df-bfae-0016ec38a9ef}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59b0cf0a-33fd-11df-bfae-0016ec38a9ef}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59b0cf0a-33fd-11df-bfae-0016ec38a9ef}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59b0cf0a-33fd-11df-bfae-0016ec38a9ef}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59b0cf0a-33fd-11df-bfae-0016ec38a9ef}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59b0cf0a-33fd-11df-bfae-0016ec38a9ef}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad005bf2-83a7-11dc-bf9c-0016ec38a9ef}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad005bf2-83a7-11dc-bf9c-0016ec38a9ef}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad005bf2-83a7-11dc-bf9c-0016ec38a9ef}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad005bf2-83a7-11dc-bf9c-0016ec38a9ef}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad005bf2-83a7-11dc-bf9c-0016ec38a9ef}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad005bf2-83a7-11dc-bf9c-0016ec38a9ef}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad005bf3-83a7-11dc-bf9c-0016ec38a9ef}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad005bf3-83a7-11dc-bf9c-0016ec38a9ef}\ not found.
File K:\RavMonE.exe e not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad005bf3-83a7-11dc-bf9c-0016ec38a9ef}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad005bf3-83a7-11dc-bf9c-0016ec38a9ef}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad005bf3-83a7-11dc-bf9c-0016ec38a9ef}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad005bf3-83a7-11dc-bf9c-0016ec38a9ef}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e not found.
File move failed. C:\WINDOWS\Bha.dll.vbs scheduled to be moved on reboot.
C:\Bha.dll.vbs moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 30157 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: HP_Owner
->Temp folder emptied: 162834480 bytes
->Temporary Internet Files folder emptied: 10498137 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 23962803 bytes
->Flash cache emptied: 477 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103301 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 30157 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 189.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08182013_112117

Files\Folders moved on Reboot...
C:\WINDOWS\Bha.dll.vbs moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\IadHide5.dll moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Owner [Admin rights]
Mode : Scan -- Date : 08/18/2013 12:59:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160023AS +++++
--- User ---
[MBR] 878231dde8898d2467d776693ca654f6
[BSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 7138 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14619150 | Size: 145479 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08182013_125948.txt >>




# AdwCleaner v2.306 - Logfile created 08/18/2013 at 13:03:10
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Owner - YOUR-808953D619
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Owner\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Conduit
Folder Found : C:\Program Files\Conduit

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Found : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0.1 (en-US)

File : C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\y25b1z9w.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [999 octets] - [18/08/2013 13:03:10]

########## EOF - C:\AdwCleaner[R1].txt - [1058 octets] ##########


Results of screen317's Security Check version 0.99.72
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
`````````Anti-malware/Other Utilities Check:`````````
Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#4
Crowbar
Posted 18 August 2013 - 07:24 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi -
I would have preferred that you waited until we cleaned up the malware on your system before you upgraded to SP3.
Let's hold off on installing anything new until you system looks better.

The error message you are receiving now, is telling you that you removed a usb drive without stopping it properly, and Windows is looking for it unsuccessfully.
A simple way to solve this is to plug in the usb device that was disconnected improperly and then remove it by clicking on the Safely Remove Hardware icon in the System Tray.
I don't think this is a good idea at this time, as it appears that one or more of your devices may have infected you with this pokemon malware. Let's try this method instead - look in the system tray and if you see the Safely Remove Hardware icon. It should look like this:
Posted Image
Please click on the icon, and then click on any devices you may see in that list. It should tell you that it is ok to remove the device.
That should make the message go away, please let me know if it does not. I would really prefer that you do not plug in any usb devices at this time, and risk a re-infection at this time.

Are you really running this computer without an anti-virus program? This is what the Security Check program is showing. That is pretty risky - I would like you to not use this computer for web browsing for now until an AV is installed, so please answer if you have one installed or not.

Now to continue with the cleanup -
Step 1
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 2
Please download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

In your next reply I would like to see:
  • ADWcleaner log
  • Combofix log
  • Please answer my questiions about your anti virus, and is the error message now gone?

  • 0

#5
YellowRubberDuck
Posted 19 August 2013 - 07:17 PM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
# AdwCleaner v2.306 - Logfile created 08/20/2013 at 01:22:10
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Owner - YOUR-808953D619
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0.1 (en-US)

File : C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\y25b1z9w.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1127 octets] - [18/08/2013 13:03:10]
AdwCleaner[S1].txt - [1069 octets] - [20/08/2013 01:22:10]

########## EOF - C:\AdwCleaner[S1].txt - [1129 octets] ##########


1) Yes, there is no AV software installed in this computer.
2) The error still keep popping up. There is no Safely Remove Software icon on the taskbar.
3) I left the ComboFix to run. It ran overnight but still at the Scanning process and there was an icon that said Low Virtual Memory. I closed the ComboFix.

How should I proceed now? Thanks.
  • 0

#6
Crowbar
Posted 20 August 2013 - 08:29 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi again,

Just to be thourough - did you click on the little arrow in the system tray that shows more icons, when looking for the Safely Remove Hardware icon?

If you still can't see the icon, let's try a different route to rid you of that error message.

Step 1
We need to protect your flash drive with Panda USB Vaccine:

Download the Panda USB Vaccine here

Double click the program and install it.

Posted Image

Vaccinate your computer first, then insert all of your USB drives (thumb drives, cell phones, cameras, etc...) and vaccinate each of them.
Make sure to safely remove each one.
Please let me know if this prevents the error message from showing up, if not, I do have another trick or two up my sleeve :)

Step 2
I wouild love to see this computer protected by an anti-virus program.

For a new free Anti-Virus program I would recommend one of these 2 (did I mention that they are free?) but make sure to only install ONE anti-virus

I myself use Microsoft Security Essentials, as it's light on resources, and never expires, but Avast! is also an excellent product.

Step 3
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
winsock.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt . It is also saved in the same location as OTL (desktop).
  • Post this log in your next response

  • 0

#7
YellowRubberDuck
Posted 21 August 2013 - 11:39 AM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi.

1) Yes, I've checked, that icon is not at the system tray. And this step didn't solve the problem. FYI, this problem started after I double clicked the drive c:/ icon in My Computer folder. I don't know whether this info is relevant, just hope it will help.

2) I chose Microsoft Essential. After installation, it updated the virus def and ran a quick scan. After restarting, the AV is off. I had to manually on it again, but the windows security alerts still can't detect the AV.

3)

OTL logfile created on: 8/22/2013 12:54:22 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.36 Mb Total Physical Memory | 19.94 Mb Available Physical Memory | 8.93% Memory free
560.40 Mb Paging File | 60.70 Mb Available in Paging File | 10.83% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 129.28 Gb Free Space | 91.00% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.32 Gb Free Space | 19.01% Space Free | Partition Type: FAT32

Computer Name: YOUR-808953D619 | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/17 19:58:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
PRC - [2013/08/15 01:55:20 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/18 16:49:42 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/07/18 16:49:24 | 000,995,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/19 16:54:40 | 000,430,080 | ---- | M] () -- C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/15 01:55:37 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2005/03/15 15:17:28 | 000,204,800 | ---- | M] () -- c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll
MOD - [2004/10/19 16:54:40 | 000,430,080 | ---- | M] () -- C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe
MOD - [2004/10/06 19:18:00 | 000,040,960 | ---- | M] () -- C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.dll
MOD - [2004/09/03 16:11:00 | 000,200,704 | ---- | M] () -- C:\Program Files\WLAN\802.11b+g USB WLAN\dot1x_dll.dll
MOD - [2004/03/05 15:00:00 | 000,827,392 | ---- | M] () -- C:\Program Files\WLAN\802.11b+g USB WLAN\libeay32.dll
MOD - [2004/03/05 15:00:00 | 000,155,648 | ---- | M] () -- C:\Program Files\WLAN\802.11b+g USB WLAN\ssleay32.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/08/15 01:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/18 16:49:42 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/02/11 20:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/05/12 09:17:46 | 000,098,432 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\telitusbser.sys -- (telitusbser)
DRV - [2005/10/18 21:15:42 | 004,034,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/09/23 21:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/08/14 06:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/04 08:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/03/04 19:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/10/06 18:49:04 | 000,248,320 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)
DRV - [2004/08/04 05:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/01/14 11:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.my/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found


FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/08/17 18:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2013/08/17 17:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/17 17:16:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2004/08/04 19:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11b+g USB Wireless LAN Utility.lnk = C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\PandaUSBVaccine.lnk = C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7273E436-DB66-4460-B05A-9B270F6C0824}: DhcpNameServer = 15.243.128.51 15.243.160.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ED70459-ED01-4548-8984-04AA68384D9C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/12 19:04:36 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/08/22 00:05:50 | 000,000,096 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2013/08/22 00:05:52 | 000,000,096 | RHS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/22 00:44:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner\IETldCache
[2013/08/21 23:21:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/08/21 23:20:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/08/21 23:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/08/21 22:55:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/21 22:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2013/08/21 22:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
[2013/08/21 22:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2013/08/21 22:23:36 | 000,848,856 | ---- | C] (Panda Security ) -- C:\Documents and Settings\HP_Owner\Desktop\USBVaccineSetup.exe
[2013/08/20 08:32:52 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/08/20 01:29:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/08/20 01:29:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/08/20 01:29:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/08/20 01:29:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/08/20 01:29:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/20 01:28:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Administrative Tools
[2013/08/20 01:28:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/08/20 01:26:50 | 005,105,821 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
[2013/08/18 12:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\RK_Quarantine
[2013/08/18 11:50:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/08/18 11:36:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2013/08/18 11:36:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2013/08/18 11:36:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2013/08/18 11:36:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2013/08/18 11:36:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2013/08/18 11:33:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2013/08/18 11:29:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013/08/18 11:29:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2013/08/18 11:21:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/18 11:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/08/17 19:58:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2013/08/17 19:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Downloads
[2013/08/17 18:35:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2013/08/17 18:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/08/17 17:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla
[2013/08/17 17:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
[2013/08/17 17:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/08/17 17:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/08/17 17:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/17 17:01:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2013/08/17 16:57:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/22 00:59:52 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/08/22 00:54:19 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/08/22 00:52:45 | 000,000,184 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/08/22 00:45:02 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/22 00:44:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 00:44:01 | 234,278,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/22 00:44:01 | 000,309,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/22 00:05:50 | 000,000,096 | ---- | M] () -- C:\autorun.inf
[2013/08/21 23:18:48 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/08/21 22:57:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/21 22:25:25 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2013/08/21 22:23:41 | 000,848,856 | ---- | M] (Panda Security ) -- C:\Documents and Settings\HP_Owner\Desktop\USBVaccineSetup.exe
[2013/08/21 22:05:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/20 01:27:38 | 005,105,821 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
[2013/08/18 13:07:57 | 000,891,115 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SecurityCheck.exe
[2013/08/18 13:02:28 | 000,666,633 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\adwcleaner.exe
[2013/08/18 12:56:36 | 000,920,576 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\RogueKiller.exe
[2013/08/18 11:51:42 | 000,384,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/18 11:51:42 | 000,054,396 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/18 11:50:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/08/18 11:33:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/08/17 19:58:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2013/08/17 17:16:24 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/17 17:16:16 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/21 23:37:37 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/08/21 23:28:04 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/08/21 23:18:48 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/08/21 23:18:06 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/08/21 22:25:25 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2013/08/20 09:25:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/08/20 09:25:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2013/08/20 01:29:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/20 01:29:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/20 01:29:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/20 01:29:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/20 01:29:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/08/18 13:06:54 | 000,891,115 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SecurityCheck.exe
[2013/08/18 13:02:25 | 000,666,633 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\adwcleaner.exe
[2013/08/18 12:56:32 | 000,920,576 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\RogueKiller.exe
[2013/08/18 11:03:06 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2013/08/18 11:02:57 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2013/08/18 11:02:03 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2013/08/17 17:16:23 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/17 17:16:16 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/08/17 17:16:16 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/20 21:23:32 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2006/08/07 21:03:52 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/01/12 18:16:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/17 00:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/01/13 10:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2010/11/17 23:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2006/12/10 07:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2013/08/21 22:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 08:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 08:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 08:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 21:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 08:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 08:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/21 01:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 08:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 08:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 08:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 08:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 08:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 08:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 08:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 08:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 08:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 08:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 08:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/21 00:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2008/04/14 08:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 08:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 08:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 08:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 20:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 08:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 08:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 08:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 08:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/14 08:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2008/04/14 08:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 08:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 08:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 08:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 08:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 08:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/14 08:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 08:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 08:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 08:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 08:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 08:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 08:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/14 08:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 08:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 14:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2004/08/04 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: QMGR.DLL >
[2004/08/04 12:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 08:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 08:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
[2008/04/14 08:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 08:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2004/08/04 19:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2004/08/04 12:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\WINDOWS\I386\SERVICES._

< MD5 for: SERVICES.EX_ >
[2004/08/04 12:00:00 | 000,049,955 | ---- | M] () MD5=85A738BA493104ED103B26CADEB8B543 -- C:\WINDOWS\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 19:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/06 19:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[2008/04/14 08:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 08:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/14 08:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe
[2009/02/07 01:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/07 01:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[2009/02/06 18:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 18:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 12:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.LNK >
[2004/11/09 18:39:18 | 000,001,602 | ---- | M] () MD5=8E8DB0B6CE493FBD98C0B510ED8800D5 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MS_ >
[2004/08/04 12:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\WINDOWS\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2004/08/04 12:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 08:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008/04/14 08:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 08:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 08:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008/04/14 08:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 08:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 08:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008/04/14 08:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DL_ >
[2004/08/04 12:00:00 | 000,001,516 | ---- | M] () MD5=DBE00AC2D306E49623D471A292EF25DC -- C:\WINDOWS\I386\WINSOCK.DL_

< MD5 for: WINSOCK.DLL >
[2004/08/04 12:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/04 12:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is HP_PAVILION
Volume Serial Number is 5B67-DC52

< End of report >


Another note:
- While OTL was running, the Virtual Memory Minimum Low icon pops up at the system tray.
- The computer is really slow now in terms of loading up software.

Edited by YellowRubberDuck, 21 August 2013 - 11:44 AM.

  • 0

#8
YellowRubberDuck
Posted 22 August 2013 - 10:05 AM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi.

I just switch on my computer and the Microsoft Essential icon is not in the system tray. Same goes to USB Vaccine. When the computer loads, it says USB Vaccine fails to load. And the computer now is super super slow. It took me half an hour to get Firefox to load, and another half an hour to type this out. It keep on crashing. What's happening?
  • 0

#9
Crowbar
Posted 22 August 2013 - 11:26 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi -
I would like to point out that XP is approaching it's end of life. Microsoft won't issue any more security or other updates after sometime in April 2014. Security wise, it would be pretty risky to use XP after that time. This is an interesting article here

While OTL was running, the Virtual Memory Minimum Low icon pops up at the system tray.

This computer has very little ram to begin with -

223.36 Mb Total Physical Memory | 31.31 Mb Available Physical Memory | 14.02% Memory free

You are not going to get very much performance out of this machine with this small amount of ram installed. I would usually suggest that you upgrade it to the maximun amount of ram it's capable of using, but since XP is at the end of it's life, I don't think you are going to get very much performance out of this machine.

I suspect that the premature install of Service Pack 3 may causing you more problems at the moment, because it was installed before your computer was completely cleaned. I did ask not to install any programs while we were removing the infections.

Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.


Has this computer had Norton Anti Virus installed in the past? I see a couple of traces of it, so I would like you to run the removal program for NAV, to make sure there will be no conflicts.


Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 2
Please download the Norton Removal Tool from here
to your desktop.
Next uninstall Norton Anti Virus via your Control Panel. (you probably won't see it in this list)
After it is uninstalled, run the Norton Removal Tool.

Step 3
let's remove the service pack for the time being, and re-install it later when I am sure that there are no infections on your computer.

  • Click Start, and then click Run.
  • Copy and then paste the following command in the Open box, and then press ENTER:
    appwiz.cpl
  • Click to select the Show Updates check box.
  • Click Windows XP Service Pack 3, and then click Remove.
  • Click Finish to restart the computer after the removal process is complete.

Step 4
The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

Please download the following registry file from here and save it on your desktop

Right click on the file (Wmi.reg) and select Merge
Restart your computer.

Step 5
You already have Security Check on your computer - please re-run it and post the checkup.txt file it generates.

In your next reply I would like to see:
  • OTL fix log
  • Checkup.txt file from running Security Check
  • Is there a difference after running the Norton Removal Utility
  • After taking these steps, is the computer running any better? Also is the hacked by pokemon message now gone?

I will be working late tonight, but will be on the lookout for your reply.
  • 0

#10
YellowRubberDuck
Posted 23 August 2013 - 10:04 AM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 3448986 bytes
->Temporary Internet Files folder emptied: 33298 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18467863 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 13842 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 134536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 21.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08232013_235917

Files\Folders moved on Reboot...
C:\Documents and Settings\HP_Owner\Local Settings\Temp\IadHide5.dll moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements

#11
YellowRubberDuck
Posted 24 August 2013 - 01:46 AM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Results of screen317's Security Check version 0.99.72
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#12
YellowRubberDuck
Posted 24 August 2013 - 01:59 AM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
1) Yes, after removal of Norton, the Microsoft Essential came back up, but it was still turned off even after restarts. And yes, after taking these steps, the computer is running much faster. :thumbsup:

2) When I want to uninstall SP3 in the Add/Remove Programs, there was no "Remove" button at the side. So, I installed Revo Uninstall to remove SP3, hope that was ok.

3) Well, I accidentally installed SP3. I chose to turn off computer with updates installation. My bad, I'm sorry.

4) When I double-clicked IE icon, nothing came up. It can't be loaded. So, I can't check whether it's gone or not.

5) Oh, yeah, the Windows - No Disk error is gone. :happy:

Edited by YellowRubberDuck, 24 August 2013 - 02:05 AM.

  • 0

#13
Crowbar
Posted 25 August 2013 - 08:08 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi again,
I see some good news in your last post, let's continue on with a sweep for anything left over malware wise, then try to fix your Windows issues.

2) When I want to uninstall SP3 in the Add/Remove Programs, there was no "Remove" button at the side. So, I installed Revo Uninstall to remove SP3, hope that was ok.

Not my preferred method of removing the service pack, but if it successfully removed it, then I suppose it's ok.

3) Well, I accidentally installed SP3. I chose to turn off computer with updates installation. My bad, I'm sorry.

No need to apologize, you are more secure with SP3 installed.

5) Oh, yeah, the Windows - No Disk error is gone.

This is good news ! :cool: As I thought, that was a symptom of something gone wrong with the SP3 install.

Step 1
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application. (Do not start the free trial of MalwareBytes Pro at this time, but feel free to do so after we are done)
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files/ESET/ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Step 3
Upgrade Internet Explorer by going to here and following the instructions to install Internet Explorer 8

Step 4
We need to uninstall and reinstall Microsoft Security Essentials
Please download MSE from here and make sure to save it on your desktop
then uninstall your current version by using Add/Remove programs.
When it's uninstalled please use the downloaded installer to reinstall the AV.

In your next reply I would like to see:
  • MalwareBytes log file
  • ESET online virus scan log - careful here, it's easy to lose this log
  • Does IE work now after the upgrade? Does your Antivirus appear to be working now?

  • 0

#14
YellowRubberDuck
Posted 27 August 2013 - 08:32 AM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi,

1) There was an error when I run Malwarebytes.

Run-time error '-2147024769 (8007007f)':

Automation error
The specified procedure could not be found.

Should I proceed with step 2 onwards?
  • 0

#15
Crowbar
Posted 27 August 2013 - 10:10 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
yes, please proceed with the next step
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP