Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer is now running slow [Solved]

Started by OCman , Aug 24 2014 09:10 PM

  • This topic is locked This topic is locked

#1
OCman
Posted 24 August 2014 - 09:10 PM

OCman

    Member

  • Member
  • PipPipPip
  • 130 posts

Thanks in advance for your help!!!...peace

 

I rant Malwarebytes Anti-Malware and I had 19 "PUP.Optional." files and that was it.

 

Here is the OTL.txt & Extras.txt logs:

 

 

 

OTL logfile created on: 8/24/2014 7:56:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jerry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 51.66% Memory free
4.84 Gb Paging File | 3.55 Gb Available in Paging File | 73.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.52 Gb Total Space | 803.76 Gb Free Space | 86.28% Space Free | Partition Type: NTFS
Drive K: | 930.86 Gb Total Space | 414.79 Gb Free Space | 44.56% Space Free | Partition Type: NTFS
Drive S: | 60.25 Gb Total Space | 53.16 Gb Free Space | 88.24% Space Free | Partition Type: FAT32
 
Computer Name: JERRY-D947B1E63 | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/24 19:53:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Desktop\OTL.exe
PRC - [2014/08/24 14:37:18 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vxhost.exe
PRC - [2014/08/15 17:56:51 | 000,408,576 | ---- | M] (NetWork Host Corporation) -- C:\Documents and Settings\All Users\Application Data\Online\sv.exe
PRC - [2014/08/06 20:20:57 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2014/06/24 19:44:07 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/05/06 11:44:28 | 013,119,328 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSync.exe
PRC - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/07/02 10:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/23 01:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/04/16 22:06:38 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/04/16 22:01:54 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/01/25 16:35:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/01/25 16:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/11/11 18:30:22 | 000,995,328 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2005/11/08 05:30:46 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2005/11/08 05:30:42 | 000,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2005/11/08 05:25:46 | 000,716,800 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2005/11/04 18:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/10/14 11:01:06 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
PRC - [1997/08/14 01:20:00 | 002,927,104 | ---- | M] (Starfish Software, Inc.) -- C:\Program Files\Starfish\Sidekick 98\program\sidekick.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/24 14:37:18 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vxhost.exe
MOD - [2014/08/06 20:20:55 | 000,353,096 | ---- | M] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/08/06 20:20:54 | 014,669,128 | ---- | M] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/08/06 20:20:53 | 008,537,928 | ---- | M] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\pdf.dll
MOD - [2014/08/06 20:20:46 | 001,732,936 | ---- | M] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/02/10 13:44:24 | 004,592,128 | ---- | M] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll
MOD - [2014/02/10 13:44:24 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll
MOD - [2013/10/03 15:28:50 | 000,052,736 | ---- | M] () -- C:\Program Files\SugarSync\librsync.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/11/08 05:30:46 | 000,003,072 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
MOD - [2002/05/03 14:40:32 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [1997/08/14 01:20:00 | 000,265,728 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\Sfres.dll
MOD - [1997/08/14 01:20:00 | 000,262,656 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\Expense.dll
MOD - [1997/08/14 01:20:00 | 000,155,648 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\SFMAIL.DLL
MOD - [1997/08/14 01:20:00 | 000,154,624 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\Ftime.dll
MOD - [1997/08/14 01:20:00 | 000,128,000 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\Import.dll
MOD - [1997/08/14 01:20:00 | 000,123,392 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\CTLBAR.dll
MOD - [1997/08/14 01:20:00 | 000,119,808 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\Form.dll
MOD - [1997/08/14 01:20:00 | 000,115,200 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\Micrdate.dll
MOD - [1997/08/14 01:20:00 | 000,093,184 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\skwmapi.dll
MOD - [1997/08/14 01:20:00 | 000,090,624 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\Export.dll
MOD - [1997/08/14 01:20:00 | 000,081,408 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\Yintl.dll
MOD - [1997/08/14 01:20:00 | 000,076,288 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\Sfexpimp.dll
MOD - [1997/08/14 01:20:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\SPELL32.dll
MOD - [1997/08/14 01:20:00 | 000,055,808 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\Truesync.dll
MOD - [1997/08/14 01:20:00 | 000,049,664 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\Skdlgdll.dll
MOD - [1997/08/14 01:20:00 | 000,016,896 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\Skwvab.dll
MOD - [1997/08/14 01:20:00 | 000,011,264 | ---- | M] () -- C:\Program Files\Starfish\Sidekick 98\program\sfwab.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/08/15 11:48:42 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/04/23 01:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/04/16 22:06:38 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/04/01 21:47:08 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/02/17 11:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/25 16:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/01/25 16:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2003/10/22 09:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/08/24 19:16:09 | 000,052,440 | ---- | M] (Malwarebytes Corporation) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\xvmsfdt.sys -- (hmso)
DRV - [2014/08/11 03:42:03 | 001,636,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140824.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/08/11 03:42:00 | 000,095,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140824.002\NAVENG.SYS -- (NAVENG)
DRV - [2014/06/11 01:00:00 | 000,377,648 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/06/11 01:00:00 | 000,109,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/30 13:11:50 | 000,295,936 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sscbfs3.sys -- (SSCBFS3)
DRV - [2012/10/02 23:32:22 | 000,174,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/01/09 17:46:55 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/16 22:06:40 | 000,097,096 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/04/16 22:03:24 | 000,043,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/03/08 13:59:14 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/03/08 13:59:14 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/03/08 13:59:14 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/12/28 13:42:26 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/12/18 16:42:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/12/02 17:02:10 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/09/03 17:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009/09/03 17:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/02/27 10:21:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/16 17:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NvAtaBus.sys -- (nvatabus)
DRV - [2005/11/08 05:15:38 | 000,439,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2005/11/08 05:15:38 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2005/11/08 05:15:22 | 001,095,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2005/11/08 05:14:54 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/11/08 05:14:46 | 000,143,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/11/08 05:14:44 | 000,077,824 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2005/11/08 05:14:40 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/07/13 02:18:48 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/03 15:22:24 | 000,024,059 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cw75.sys -- (Cw75)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/...039&form=ZGAIDF
IE - HKCU\..\SearchScopes\{D5042721-6DFD-85DD-AD1C-6B852F3F6275}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: about:blank
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2011/02/17 17:31:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSync.exe (SugarSync, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.h...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A4A11FA-65A4-463C-A780-687F422FF489}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\WINDOWS\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {C28617FD-4FE7-4043-AD51-C8132CE90106} - Virtual Storage Mount Notification - C:\WINDOWS\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/04 08:37:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/24 19:53:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Desktop\OTL.exe
[2014/08/24 19:16:09 | 000,052,440 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\xvmsfdt.sys
[2014/08/24 17:39:02 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/08/24 17:34:44 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/08/24 17:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/08/22 19:49:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jerry\Recent
[2014/08/15 18:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NetworkHostTask
[2014/08/15 17:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UpdateCommon
[2014/08/15 17:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Online
[2014/08/15 17:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Application Data\serv
[2014/08/15 17:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Application Data\device
[2014/08/15 12:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Local Settings\Application Data\Adobe
[2014/08/01 18:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Desktop\Anabolics
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/24 19:53:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\Desktop\OTL.exe
[2014/08/24 19:52:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/08/24 19:50:43 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/24 19:50:36 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/24 19:47:46 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-789336058-839522115-1003UA.job
[2014/08/24 19:16:09 | 000,052,440 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\xvmsfdt.sys
[2014/08/24 17:39:22 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/08/24 17:34:56 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/24 17:01:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/08/24 14:45:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-789336058-839522115-1003Core.job
[2014/08/24 14:28:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/08/24 14:28:09 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2014/08/24 14:27:59 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/08/24 14:27:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/08/22 20:04:13 | 000,064,984 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/08/22 20:04:13 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/08/22 20:04:13 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/08/22 20:04:13 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2014/08/22 20:04:13 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2014/08/15 11:48:41 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/08/15 11:48:40 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/08/15 11:48:19 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Jerry\Desktop\Google Chrome.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/24 17:34:56 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/12 08:03:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/28 19:26:17 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2011/06/26 18:55:45 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Jerry\Application Data\FixVTS.ini
[2010/12/10 18:43:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\housecall.guid.cache
[2010/08/26 18:41:27 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Jerry\default.pls
[2010/07/04 10:19:57 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011/06/26 16:09:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >
 
 
 

OTL Extras logfile created on: 8/24/2014 7:56:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jerry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 51.66% Memory free
4.84 Gb Paging File | 3.55 Gb Available in Paging File | 73.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.52 Gb Total Space | 803.76 Gb Free Space | 86.28% Space Free | Partition Type: NTFS
Drive K: | 930.86 Gb Total Space | 414.79 Gb Free Space | 44.56% Space Free | Partition Type: NTFS
Drive S: | 60.25 Gb Total Space | 53.16 Gb Free Space | 88.24% Space Free | Partition Type: FAT32
 
Computer Name: JERRY-D947B1E63 | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service
"C:\Program Files\Common Files\aol\1278299008\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1278299008\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Documents and Settings\Jerry\Desktop\PDFConverterSetup.exe" = C:\Documents and Settings\Jerry\Desktop\PDFConverterSetup.exe:*:Enabled:InstallCore™
"C:\Program Files\Common Files\AOL\1327887375\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1327887375\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
"C:\Program Files\AOL Desktop 9.7\waol.exe" = C:\Program Files\AOL Desktop 9.7\waol.exe:*:Enabled:AOL
"C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe" = C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe:*:Enabled:AOL Browser
"C:\Program Files\Common Files\AOL\1330284609\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1330284609\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C5F82A1-F792-48F9-99BE-8AFE123A23D5}" = DISC TITLE PRINTER
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7516254D-7F98-49DD-8209-5D2208BD1033}" = Nero 7 Ultra Edition
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}" = ACDSee 5.0 Standard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CC23FF9A-989C-4DEB-8970-50E6E4862315}" = EOSInfo
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Backup Plus_is1" = Backup Plus v7.0
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"hp LaserJet-all-in-one" = hp LaserJet-all-in-one
"ie8" = Windows Internet Explorer 8
"InstallShield_{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Non Driver CIO Components" = Non Driver CIO Components
"NVIDIA Drivers" = NVIDIA Drivers
"Revo Uninstaller" = Revo Uninstaller 1.91
"Sidekick 98" = Sidekick 98
"SugarSync" = SugarSync
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/1/2014 9:45:51 AM | Computer Name = JERRY-D947B1E63 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.
 
Error - 6/13/2014 3:16:38 PM | Computer Name = JERRY-D947B1E63 | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Trojan.Malscript in File: C:\Documents and Settings\Jerry\Local
 Settings\Temporary Internet Files\Content.IE5\24CSORG8\u5f32P6[1].js by: Auto-Protect
 scan.  Action: Cleaned by Deletion.  Action Description: The file was deleted successfully.
 
 
 
Error - 7/9/2014 7:28:00 PM | Computer Name = JERRY-D947B1E63 | Source = Application Hang | ID = 1002
Description = Hanging application Setup.exe, version 0.0.0.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 7/9/2014 7:28:08 PM | Computer Name = JERRY-D947B1E63 | Source = Application Hang | ID = 1001
Description = Fault bucket 01973502.
 
Error - 7/24/2014 2:10:32 PM | Computer Name = JERRY-D947B1E63 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module unknown, version 0.0.0.0, fault address 0x06580ed0.
 
Error - 8/3/2014 8:27:25 PM | Computer Name = JERRY-D947B1E63 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module mshtml.dll, version 8.0.6001.23588, fault address 0x003be303.
 
Error - 8/15/2014 9:02:45 PM | Computer Name = JERRY-D947B1E63 | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Trojan.Gen.2 in File: C:\Documents and Settings\Jerry\Application
 Data\serv\Yontoo1.exe.download by: Auto-Protect scan.  Action: Quarantine succeeded
 : Access denied.  Action Description: The file was quarantined successfully.    
 
Error - 8/15/2014 9:03:21 PM | Computer Name = JERRY-D947B1E63 | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Adware.BL in File: C:\Documents and Settings\Jerry\Application
 Data\serv\Okiitan.exe.download by: Auto-Protect scan.  Action: Cleaned by Deletion.
  Action Description: The file was deleted successfully.    
 
Error - 8/22/2014 10:06:37 PM | Computer Name = JERRY-D947B1E63 | Source = Application Error | ID = 1000
Description = Faulting application vmhost.exe, version 1.0.0.1, faulting module 
mshtml.dll, version 8.0.6001.23588, fault address 0x00088c83.
 
Error - 8/22/2014 10:30:37 PM | Computer Name = JERRY-D947B1E63 | Source = Application Error | ID = 1001
Description = Fault bucket 360603617.
 
[ System Events ]
Error - 7/30/2014 5:21:19 PM | Computer Name = JERRY-D947B1E63 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AFD  eeCtrl  Fips  intelppm  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  SPBBCDrv  SRTSP  SRTSPX  SYMTDI
Tcpip
WPS
 
Error - 7/30/2014 5:22:05 PM | Computer Name = JERRY-D947B1E63 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 7/30/2014 5:22:17 PM | Computer Name = JERRY-D947B1E63 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 8/16/2014 12:37:34 AM | Computer Name = JERRY-D947B1E63 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
 with DCOM within the required timeout.
 
Error - 8/16/2014 1:38:04 AM | Computer Name = JERRY-D947B1E63 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
 with DCOM within the required timeout.
 
Error - 8/16/2014 2:38:04 AM | Computer Name = JERRY-D947B1E63 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
 with DCOM within the required timeout.
 
Error - 8/16/2014 3:38:04 AM | Computer Name = JERRY-D947B1E63 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
 with DCOM within the required timeout.
 
Error - 8/16/2014 4:38:04 AM | Computer Name = JERRY-D947B1E63 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
 with DCOM within the required timeout.
 
Error - 8/16/2014 5:38:04 AM | Computer Name = JERRY-D947B1E63 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
 with DCOM within the required timeout.
 
Error - 8/16/2014 6:38:04 AM | Computer Name = JERRY-D947B1E63 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
 with DCOM within the required timeout.
 
 
< End of report >

 


  • 0

Advertisements

#2
Biscuithd
Posted 25 August 2014 - 07:01 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, I see a few things. Give me a few hours and I'll be back with a fix, etc. :)


  • 0

#3
Biscuithd
Posted 25 August 2014 - 09:13 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I'm wondering about some of the programs that I see on your computer.

 

sidekick 1997
HP Printer Divers 2005
Creative 2005
Casio from 2003

 

These are quite old and I'm wondering it some updating might be in order for those programs. All are installed and running and "could" be causing your speed issues. Just a thought.

 

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    
:commands

[SetRestorePoint]:otl

PRC - [2014/08/24 14:37:18 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vxhost.exe

PRC - [2014/08/15 17:56:51 | 000,408,576 | ---- | M] (NetWork Host Corporation) -- C:\Documents and Settings\All Users\Application Data\Online\sv.exe

PRC - [2014/05/06 11:44:28 | 013,119,328 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSync.exe

MOD - [2014/08/24 14:37:18 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vxhost.exe

MOD - [2013/10/03 15:28:50 | 000,052,736 | ---- | M] () -- C:\Program Files\SugarSync\librsync.dll

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC

IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/...039&form=ZGAIDF

IE - HKCU\..\SearchScopes\{D5042721-6DFD-85DD-AD1C-6B852F3F6275}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF

O4 - HKCU..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSync.exe (SugarSync, Inc.)

[2014/08/24 17:01:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2014/08/24 14:28:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

:files

C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vxhost.exe

C:\Documents and Settings\All Users\Application Data\Online\sv.exe:commands

[resethosts]

[reboot]
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

 

JRTbythisisu.png Fix with Junkware Removal Tool
 
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
 
Please include the contents of that file in your reply.
 
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
 
adwcleaner_new.png Scan with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.
 
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
 
Please include the contents of that file in your reply.

 

 

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;

process;

services-list;

systemspecs;

startupall;

skipfix-iedefaults;

firefoxlook;

chromelook;

filesrcm;

installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

 

You should have OTL Moved FIles log for me, JRT log, adwCleaner and ZOEK logs.

 


  • 0

#4
OCman
Posted 26 August 2014 - 06:19 AM

OCman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

When I right clicked on OTL, I wasn't given the option to run as administrator.

 

Should I still copy/paste the script and click run?


  • 0

#5
Biscuithd
Posted 26 August 2014 - 07:13 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

When I right clicked on OTL, I wasn't given the option to run as administrator.

Sorry, that line of the instructions was for non-XP system. Everything else is correct.

 

Yes, proceed with the scans. :)


  • 0

#6
OCman
Posted 26 August 2014 - 10:00 AM

OCman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

JRT does'nt give me the option to run as adminstrator, I can do "run as" then a window pops up and I can select adminstrator, but the login doesn't work.


  • 0

#7
Biscuithd
Posted 26 August 2014 - 10:05 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Same as above and with all of them. XP doesn't require Admin access.
  • 0

#8
OCman
Posted 28 August 2014 - 02:47 PM

OCman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Sorry for the delay!

 

 

========== COMMANDS ==========
Error: Unable to interpret <[SetRestorePoint]:otl> in the current context!
Error: Unable to interpret <PRC - [2014/08/24 14:37:18 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vxhost.exe> in the current context!
Error: Unable to interpret <PRC - [2014/08/15 17:56:51 | 000,408,576 | ---- | M] (NetWork Host Corporation) -- C:\Documents and Settings\All Users\Application Data\Online\sv.exe> in the current context!
Error: Unable to interpret <PRC - [2014/05/06 11:44:28 | 013,119,328 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSync.exe> in the current context!
Error: Unable to interpret <MOD - [2014/08/24 14:37:18 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vxhost.exe> in the current context!
Error: Unable to interpret <MOD - [2013/10/03 15:28:50 | 000,052,736 | ---- | M] () -- C:\Program Files\SugarSync\librsync.dll> in the current context!
Error: Unable to interpret <SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] --  -- (Changer)> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/...039&form=ZGAIDF> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{D5042721-6DFD-85DD-AD1C-6B852F3F6275}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSync.exe (SugarSync, Inc.)> in the current context!
Error: Unable to interpret <[2014/08/24 17:01:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat> in the current context!
Error: Unable to interpret <[2014/08/24 14:28:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl> in the current context!
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vxhost.exe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\Online\sv.exe:commands not found.
File\Folder [resethosts] not found.
File\Folder [reboot] not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 08282014_133127
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by Jerry on Thu 08/28/2014 at 13:24:48.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpointmediaplayer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D5042721-6DFD-85DD-AD1C-6B852F3F6275}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\freerip"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/28/2014 at 13:29:13.87
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
# AdwCleaner v3.308 - Report created 28/08/2014 at 13:34:08
# Updated 20/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jerry - JERRY-D947B1E63
# Running from : C:\Documents and Settings\Jerry\My Documents\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Documents and Settings\All Users\Application Data\NetworkHostTask
Folder Found : C:\Documents and Settings\All Users\Application Data\Online
Folder Found : C:\Documents and Settings\All Users\Application Data\UpdateCommon
Folder Found : C:\Documents and Settings\Jerry\Application Data\Device
Folder Found : C:\Documents and Settings\Jerry\Application Data\serv
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\MGShareware
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\MetaStream
Key Found : HKLM\SOFTWARE\MGShareware
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\SOFTWARE\Viewpoint
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2020 octets] - [28/08/2014 13:34:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2080 octets] ##########
 
 
 
 
 
Zoek.exe v5.0.0.0 Updated 27-08-2014
Tool run by Jerry on Thu 08/28/2014 at 13:38:47.85.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Jerry\My Documents\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
8/28/2014 1:40:48 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Installed Programs ======================
 
ACDSee 5.0 Standard  
Acrobat.com  
Adobe AIR  
Adobe Flash Player 14 ActiveX  
Adobe Reader X (10.1.10)  
Apple Application Support  
Apple Software Update  
Backup Plus v7.0  
Broadcom Advanced Control Suite  
Broadcom Gigabit Integrated Controller  
Brother MFL-Pro Suite  
CCleaner  
Compatibility Pack for the 2007 Office system  
Creative MediaSource  
Dell Resource CD  
DVD Decrypter (Remove Only)  
DVD Shrink 3.2  
EasyRecovery Professional  
EOSInfo  
FileHippo.com Update Checker  
Google Chrome  
Google Earth  
Google Update Helper  
High Definition Audio Driver Package - KB835221  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)  
Hotfix for Windows Media Format 11 SDK (KB929399)  
Hotfix for Windows Media Player 11 (KB939683)  
Hotfix for Windows XP (KB952287)  
Hotfix for Windows XP (KB954550-v5)  
Hotfix for Windows XP (KB961118)  
Hotfix for Windows XP (KB981793)  
hp LaserJet-all-in-one  
HP Software Update  
Java 7 Update 67  
Java Auto Updater  
LiveUpdate 3.3 (Symantec Corporation)  
Malwarebytes Anti-Malware version 2.0.2.1012  
Microsoft .NET Framework 2.0 Service Pack 2  
Microsoft .NET Framework 3.0 Service Pack 2  
Microsoft .NET Framework 3.5 SP1  
Microsoft Compression Client Pack 1.0 for Windows XP  
Microsoft Office Basic Edition 2003  
Microsoft Silverlight  
Microsoft User-Mode Driver Framework Feature Pack 1.0  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
MSXML 6 Service Pack 2 (KB973686)  
Nero 7 Ultra Edition  
neroxml  
Non Driver CIO Components  
NVIDIA Drivers  
Octoshape add-in for Adobe Flash Player  
PaperPort  
Personal Ancestral File 5  
QFolder  
QuickTime  
Revo Uninstaller 1.91  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)  
Security Update for Microsoft Windows (KB2564958)  
Security Update for Windows Internet Explorer 8 (KB2510531)  
Security Update for Windows Internet Explorer 8 (KB2898785)  
Security Update for Windows Internet Explorer 8 (KB2909210)  
Security Update for Windows Internet Explorer 8 (KB2909921)  
Security Update for Windows Internet Explorer 8 (KB2925418)  
Security Update for Windows Internet Explorer 8 (KB2936068)  
Security Update for Windows Internet Explorer 8 (KB2964358)  
Security Update for Windows Internet Explorer 8 (KB971961)  
Security Update for Windows Internet Explorer 8 (KB981332)  
Security Update for Windows Internet Explorer 8 (KB982381)  
Security Update for Windows Media Player (KB2378111)  
Security Update for Windows Media Player (KB2834904-v2)  
Security Update for Windows Media Player (KB911564)  
Security Update for Windows Media Player (KB952069)  
Security Update for Windows Media Player (KB954155)  
Security Update for Windows Media Player (KB973540)  
Security Update for Windows Media Player (KB975558)  
Security Update for Windows Media Player (KB978695)  
Security Update for Windows Media Player (KB979402)  
Security Update for Windows Media Player 11 (KB954154)  
Security Update for Windows Media Player 6.4 (KB925398)  
Security Update for Windows XP (KB2115168)  
Security Update for Windows XP (KB2229593)  
Security Update for Windows XP (KB2296011)  
Security Update for Windows XP (KB2347290)  
Security Update for Windows XP (KB2387149)  
Security Update for Windows XP (KB2393802)  
Security Update for Windows XP (KB2419632)  
Security Update for Windows XP (KB2423089)  
Security Update for Windows XP (KB2440591)  
Security Update for Windows XP (KB2443105)  
Security Update for Windows XP (KB2478960)  
Security Update for Windows XP (KB2478971)  
Security Update for Windows XP (KB2479943)  
Security Update for Windows XP (KB2481109)  
Security Update for Windows XP (KB2483185)  
Security Update for Windows XP (KB2485663)  
Security Update for Windows XP (KB2506212)  
Security Update for Windows XP (KB2507938)  
Security Update for Windows XP (KB2508429)  
Security Update for Windows XP (KB2509553)  
Security Update for Windows XP (KB2535512)  
Security Update for Windows XP (KB2536276-v2)  
Security Update for Windows XP (KB2544893-v2)  
Security Update for Windows XP (KB2566454)  
Security Update for Windows XP (KB2570947)  
Security Update for Windows XP (KB2584146)  
Security Update for Windows XP (KB2585542)  
Security Update for Windows XP (KB2592799)  
Security Update for Windows XP (KB2598479)  
Security Update for Windows XP (KB2603381)  
Security Update for Windows XP (KB2619339)  
Security Update for Windows XP (KB2620712)  
Security Update for Windows XP (KB2631813)  
Security Update for Windows XP (KB2653956)  
Security Update for Windows XP (KB2655992)  
Security Update for Windows XP (KB2659262)  
Security Update for Windows XP (KB2661637)  
Security Update for Windows XP (KB2676562)  
Security Update for Windows XP (KB2686509)  
Security Update for Windows XP (KB2691442)  
Security Update for Windows XP (KB2698365)  
Security Update for Windows XP (KB2705219-v2)  
Security Update for Windows XP (KB2712808)  
Security Update for Windows XP (KB2719985)  
Security Update for Windows XP (KB2723135-v2)  
Security Update for Windows XP (KB2727528)  
Security Update for Windows XP (KB2757638)  
Security Update for Windows XP (KB2758857)  
Security Update for Windows XP (KB2770660)  
Security Update for Windows XP (KB2780091)  
Security Update for Windows XP (KB2802968)  
Security Update for Windows XP (KB2807986)  
Security Update for Windows XP (KB2813345)  
Security Update for Windows XP (KB2820917)  
Security Update for Windows XP (KB2834886)  
Security Update for Windows XP (KB2845187)  
Security Update for Windows XP (KB2847311)  
Security Update for Windows XP (KB2850869)  
Security Update for Windows XP (KB2859537)  
Security Update for Windows XP (KB2862152)  
Security Update for Windows XP (KB2862330)  
Security Update for Windows XP (KB2862335)  
Security Update for Windows XP (KB2864063)  
Security Update for Windows XP (KB2868038)  
Security Update for Windows XP (KB2868626)  
Security Update for Windows XP (KB2876217)  
Security Update for Windows XP (KB2876331)  
Security Update for Windows XP (KB2892075)  
Security Update for Windows XP (KB2893294)  
Security Update for Windows XP (KB2893984)  
Security Update for Windows XP (KB2898715)  
Security Update for Windows XP (KB2900986)  
Security Update for Windows XP (KB2914368)  
Security Update for Windows XP (KB2916036)  
Security Update for Windows XP (KB2922229)  
Security Update for Windows XP (KB2929961)  
Security Update for Windows XP (KB2930275)  
Security Update for Windows XP (KB923561)  
Security Update for Windows XP (KB941569)  
Security Update for Windows XP (KB946648)  
Security Update for Windows XP (KB950760)  
Security Update for Windows XP (KB950762)  
Security Update for Windows XP (KB950974)  
Security Update for Windows XP (KB951376-v2)  
Security Update for Windows XP (KB951748)  
Security Update for Windows XP (KB952004)  
Security Update for Windows XP (KB952954)  
Security Update for Windows XP (KB955069)  
Security Update for Windows XP (KB956572)  
Security Update for Windows XP (KB956802)  
Security Update for Windows XP (KB956803)  
Security Update for Windows XP (KB956844)  
Security Update for Windows XP (KB958644)  
Security Update for Windows XP (KB958869)  
Security Update for Windows XP (KB959426)  
Security Update for Windows XP (KB960225)  
Security Update for Windows XP (KB960803)  
Security Update for Windows XP (KB960859)  
Security Update for Windows XP (KB961501)  
Security Update for Windows XP (KB969059)  
Security Update for Windows XP (KB970238)  
Security Update for Windows XP (KB970430)  
Security Update for Windows XP (KB971468)  
Security Update for Windows XP (KB971657)  
Security Update for Windows XP (KB972270)  
Security Update for Windows XP (KB973507)  
Security Update for Windows XP (KB973869)  
Security Update for Windows XP (KB973904)  
Security Update for Windows XP (KB974112)  
Security Update for Windows XP (KB974318)  
Security Update for Windows XP (KB974392)  
Security Update for Windows XP (KB974571)  
Security Update for Windows XP (KB975025)  
Security Update for Windows XP (KB975467)  
Security Update for Windows XP (KB975560)  
Security Update for Windows XP (KB975561)  
Security Update for Windows XP (KB975562)  
Security Update for Windows XP (KB975713)  
Security Update for Windows XP (KB977816)  
Security Update for Windows XP (KB977914)  
Security Update for Windows XP (KB978037)  
Security Update for Windows XP (KB978338)  
Security Update for Windows XP (KB978542)  
Security Update for Windows XP (KB978601)  
Security Update for Windows XP (KB978706)  
Security Update for Windows XP (KB979309)  
Security Update for Windows XP (KB979482)  
Security Update for Windows XP (KB979559)  
Security Update for Windows XP (KB979683)  
Security Update for Windows XP (KB979687)  
Security Update for Windows XP (KB980195)  
Security Update for Windows XP (KB980218)  
Security Update for Windows XP (KB980232)  
Security Update for Windows XP (KB981997)  
Security Update for Windows XP (KB982132)  
Security Update for Windows XP (KB982665)  
Sidekick 98  
SigmaTel Audio  
Sound Blaster X-Fi  
SugarSync  
Symantec Endpoint Protection  
Update for Windows Internet Explorer 8 (KB976662)  
Update for Windows Internet Explorer 8 (KB982632)  
Update for Windows XP (KB2345886)  
Update for Windows XP (KB2749655)  
Update for Windows XP (KB2904266)  
Update for Windows XP (KB2934207)  
Update for Windows XP (KB951978)  
Update for Windows XP (KB955759)  
Update for Windows XP (KB967715)  
Update for Windows XP (KB968389)  
Update for Windows XP (KB971029)  
Update for Windows XP (KB971737)  
Update for Windows XP (KB973687)  
Update for Windows XP (KB973815)  
WebFldrs XP  
Windows Genuine Advantage Notifications (KB905474)  
Windows Genuine Advantage Validation Tool (KB892130)  
Windows Imaging Component  
Windows Internet Explorer 8  
Windows Media Format 11 runtime  
Windows Media Player 11  
Windows XP Service Pack 3  
WinZip 11.1  
 
==== Running Processes ======================
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SugarSync\SugarSync.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jerry\Desktop\OTL.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Jerry\My Documents\Downloads\AdwCleaner.exe
C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jerry\My Documents\Downloads\zoek.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
 
==== Services ======================
 
You do not have Microsoft .NET Framework 4.0(or higher) installed.
 
==== System Specs ======================
 
Windows: Windows XP Professional Service Pack 3 (Build 2600)
Memory (RAM): 3070 MB
CPU Info: Intel® Core™2 CPU          6300  @ 1.86GHz
CPU Speed: 1861.4 MHz
Sound Card: SB X-Fi Audio [CCE0] | 
Display Adapters: NVIDIA GeForce 7900 GS | NetMeeting driver | RDPDD Chained DD
Monitors: 1x; Plug and Play Monitor | 
Screen Resolution: 1600 X 1200 - 32 bit
Network: Network Present
Network Adapters: Broadcom NetXtreme 57xx Gigabit Controller - Teefer2 Miniport
CD / DVD Drives: 2x (I: | J: | ) I: _NEC    DVD+-RW ND-3650A | J: SONY    DVD-ROM DDU1615S
Ports: COM1 | COM3 LPT Port NOT Present. 
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  931.5GB | K:  930.9GB | S:  60.3GB
Hard Disks - Free: C:  803.3GB | K:  414.8GB | S:  53.2GB
Manufacturer *: Dell Inc.                
BIOS Info: AT/AT COMPATIBLE | 05/07/07 | DELL   - 14
Time Zone: Pacific Standard Time
Motherboard *: Dell Inc.           0YF432
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Symantec Endpoint Protection On-access scanning disabled (Updated)
Firewall: Norton AntiVirus enabled
Firewall: Symantec Endpoint Protection disabled
Internet Explorer version: 8.0.6001.18702 
Google Chrome version: 36.0.1985.143
Adobe Reader version: 10.1.10.18
Sun Java version: 1.7.0_67 (32-bit) 
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
====== C:\DOCUME~1\Jerry\LOCALS~1\Temp ====
2014-08-26 15:55:56 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\WINDOWS\system32 =====
2014-08-28 20:35:02 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\WINDOWS\System32\sqlite3.dll
2014-08-28 19:41:45 6818CC5AEB477497480269CE627DDF17 145408 ----a-w- C:\WINDOWS\System32\javacpl.cpl
2014-08-28 19:41:45 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\WINDOWS\System32\javaws.exe
2014-08-28 19:41:36 49E203776C2ACB289385168A9058EE9E 96680 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge.dll
2014-08-28 19:41:36 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\WINDOWS\System32\javaw.exe
2014-08-28 19:41:36 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\WINDOWS\System32\java.exe
====== C:\WINDOWS\system32\drivers =====
2014-08-25 00:39:02 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2014-08-25 00:34:44 AED25CDB09FB4E56F45DAF6C9A1D3ED3 53208 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2014-08-28 19:41:54 -------- d-----w- C:\Program Files\Common Files\Java
======= C: =====
====== C:\Documents and Settings\Jerry\Application Data ======
2014-08-26 16:00:19 88CF0FF92A4A9FA7BD9B7513B2E9E22B 62 --sha-w- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2014-08-26 16:00:19 -------- d-s---w- C:\Documents and Settings\Administrator\Application Data\Microsoft
2014-08-26 16:00:19 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
2014-08-26 16:00:19 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2014-08-16 00:56:42 -------- d-----w- C:\Documents and Settings\Jerry\Application Data\serv
2014-08-16 00:56:42 -------- d-----w- C:\Documents and Settings\Jerry\Application Data\device
2014-08-15 19:43:07 -------- d-----w- C:\Documents and Settings\Jerry\Local Settings\Application Data\Adobe
====== C:\Documents and Settings\Jerry ======
2014-08-26 16:00:20 CBDA6984D2ECC537AEF07205AE001013 178 --sha-w- C:\Documents and Settings\Administrator\ntuser.ini
2014-08-26 16:00:19 -------- d-sh--w- C:\Documents and Settings\Administrator\Cookies
2014-08-26 16:00:19 -------- d--h--r- C:\Documents and Settings\Administrator\Application Data
2014-08-26 16:00:19 -------- d-----w- C:\Documents and Settings\Administrator\Favorites
2014-08-26 16:00:19 -------- d-----w- C:\Documents and Settings\Administrator\Desktop
2014-08-26 16:00:18 -------- d--h--w- C:\Documents and Settings\Administrator\Templates
2014-08-26 16:00:18 -------- d--h--w- C:\Documents and Settings\Administrator\Recent
2014-08-26 16:00:18 -------- d--h--w- C:\Documents and Settings\Administrator\PrintHood
2014-08-26 16:00:18 -------- d--h--w- C:\Documents and Settings\Administrator\NetHood
2014-08-26 16:00:18 -------- d--h--w- C:\Documents and Settings\Administrator\Local Settings
2014-08-26 16:00:18 -------- d--h--r- C:\Documents and Settings\Administrator\SendTo
2014-08-26 16:00:18 -------- d-----w- C:\Documents and Settings\Administrator\My Documents
2014-08-26 16:00:18 -------- d-----r- C:\Documents and Settings\Administrator\Start Menu
2014-08-26 15:54:40 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Documents and Settings\Jerry\Desktop\JRT.exe
2014-08-25 02:53:47 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Documents and Settings\Jerry\Desktop\OTL.exe
2014-08-23 02:49:02 -------- d--h--r- C:\Documents and Settings\Jerry\Recent
 
====== C: exe-files ==
2014-08-28 20:33:32 32BF8709615B32AE0F37E36D71DCB91D 242552 ----a-w- C:\Documents and Settings\Jerry\My Documents\Downloads\Setup (1).exe
2014-08-28 20:33:23 9DED4724D695CFB01960426DA011ABAE 1364531 ----a-w- C:\Documents and Settings\Jerry\My Documents\Downloads\AdwCleaner.exe
2014-08-28 19:41:45 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\WINDOWS\system32\javaws.exe
2014-08-28 19:41:36 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\WINDOWS\system32\javaw.exe
2014-08-28 19:41:36 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\WINDOWS\system32\java.exe
2014-08-28 19:39:19 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Documents and Settings\Jerry\Application Data\Sun\Java\jre1.7.0_67\lzma.exe
2014-08-26 15:55:56 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\erunt\ERUNT.EXE
2014-08-26 15:54:40 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Documents and Settings\Jerry\Desktop\JRT.exe
2014-08-25 02:53:47 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Documents and Settings\Jerry\Desktop\OTL.exe
2014-08-25 02:53:20 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Documents and Settings\Jerry\My Documents\Downloads\OTL.exe
2014-08-24 21:37:17 9456914D9477092914E7C786AD2A99CA 354304 ----a-w- C:\Avenger\vxhost.exe
=== C: other files ==
2014-08-26 15:55:55 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\TDL4.bat
2014-08-26 15:55:55 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\medfos.bat
2014-08-26 15:55:55 A87CD1BAC46CAC0EEEDB571F07077032 8104 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\modules.bat
2014-08-26 15:55:55 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\searchlnk.bat
2014-08-26 15:55:55 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\firefox.bat
2014-08-26 15:55:55 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\ev_clear.bat
2014-08-26 15:55:55 7D8282EB94B5D639B7378811C1924A8F 9516 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\runvalues.bat
2014-08-26 15:55:55 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\delorphans.bat
2014-08-26 15:55:55 5B92615B0CEA08D6BA1217C08CBB1443 15919 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\get.bat
2014-08-26 15:55:55 5B71358F97544D9DE58A9A0893079506 39458 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\prelim.bat
2014-08-26 15:55:55 53B191266B30D57F2F835ABBF54C68C5 13963 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\chrome.bat
2014-08-26 15:55:55 3BC04DEBBE9027060D51901133F60101 154678 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\misc.bat
2014-08-26 15:55:55 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\ask.bat
2014-08-26 15:55:55 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\iexplore.bat
2014-08-26 15:55:55 2F80D807DB405C8F6E0F3706B9FED710 10161 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\JRT.bat
2014-08-26 15:55:55 0D08FBD2E6F6C6AC6A504712C4CE6CE3 1226 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\FWPolicy.bat
2014-08-26 15:55:55 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Documents and Settings\Jerry\Local Settings\temp\jrt\delfolders.bat
2014-08-25 02:38:46 4AE62FEF367533EDD03A810E3520A4F5 8 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\2YQ58D2Z\www.robinsweb[1].com
2014-08-25 02:37:15 4AE62FEF367533EDD03A810E3520A4F5 8 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\LAD4MOLQ\www.myfreecalendarmaker[1].com
2014-08-25 02:36:55 4AE62FEF367533EDD03A810E3520A4F5 8 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\OZ2EPRDE\www.numismedia[1].com
2014-08-25 02:34:09 4AE62FEF367533EDD03A810E3520A4F5 8 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\XE21WDK7\www.themeworld[2].com
2014-08-25 02:32:25 4AE62FEF367533EDD03A810E3520A4F5 8 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\E0CIFDHU\www.fun-with-words[1].com
2014-08-25 02:26:54 4AE62FEF367533EDD03A810E3520A4F5 8 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\YWS6C127\www.studyworld[1].com
2014-08-25 02:26:28 4AE62FEF367533EDD03A810E3520A4F5 8 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\E0CIFDHU\www.cartoonclipartworld[1].com
2014-08-25 02:13:40 4AE62FEF367533EDD03A810E3520A4F5 8 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\7NS0RUEY\www.healingnaturallybybee[1].com
2014-08-25 02:13:12 4AE62FEF367533EDD03A810E3520A4F5 8 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\OLIJH9L5\www.clubprotege[1].com
2014-08-25 02:13:09 4AE62FEF367533EDD03A810E3520A4F5 8 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\YWS6C127\www.militarysos[1].com
2014-08-25 02:07:35 4AE62FEF367533EDD03A810E3520A4F5 8 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\OP2HUWZ2\www.tattoostime[1].com
2014-08-25 02:06:20 4AE62FEF367533EDD03A810E3520A4F5 8 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\M9BN01K4\www.marketingpower[1].com
2014-08-25 00:39:02 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2014-08-25 00:34:44 AED25CDB09FB4E56F45DAF6C9A1D3ED3 53208 ----a-w- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2014-08-25 00:32:41 4AE62FEF367533EDD03A810E3520A4F5 8 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\5JXK3AJA\www.celebrity-sunglasses-finder[1].com
2014-08-25 00:06:19 DCED0FFC82FD9DC9F2265CE1D3BD3BF2 14669 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\YWS6C127\pixel[1].com
2014-08-24 22:37:01 4AE62FEF367533EDD03A810E3520A4F5 8 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\U6FSUKQI\www.recipecircus[1].com
2014-08-24 22:36:31 4AE62FEF367533EDD03A810E3520A4F5 8 ----a-w- C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\E2AJV7P8\www.designformankind[1].com
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\run]
"Backblaze"="C:\Program Files\Backblaze\bzbui.exe -quiet"
 
[HKEY_USERS\S-1-5-21-220523388-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"SugarSync"="C:\Program Files\SugarSync\SugarSync.exe -startInTray -usedelay=true"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"Google Update"="C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\run]
"Backblaze"="C:\Program Files\Backblaze\bzbui.exe -quiet"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe /r"
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe -1 AudioDrvEmulator C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"UpdReg"="C:\WINDOWS\UpdReg.EXE"
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot"
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
"SetDefPrt"="C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe"
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"SugarSync"="C:\Program Files\SugarSync\SugarSync.exe -startInTray -usedelay=true"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"Google Update"="C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
 
==== Startup Registry Disabled ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Fast Start]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOL"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\AOL 9.5\\AOL.EXE\" -b"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1278299008\\ee\\AOLSoftware.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OrderReminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OrderReminder"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\OrderReminder\\OrderReminder\\OrderReminder.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StatusClient 2.6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StatusClient"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\StatusClient\\StatusClient.exe /auto"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomcatStartup 2.5]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpbpsttp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\hpbpsttp.exe"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Jerry^Start Menu^Programs^Startup^Timed Backups Manager StartUp.lnk]
"path"="C:\\Documents and Settings\\Jerry\\Start Menu\\Programs\\Startup\\Timed Backups Manager StartUp.lnk"
"backup"="C:\\WINDOWS\\pss\\Timed Backups Manager StartUp.lnkStartup"
"command"="C:\\PROGRA~1\\BACKUP~1\\BackTime.exe "
"item"="Timed Backups Manager StartUp"
 
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [08/15/2014 11:48 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:q0C:\ProgramC:Files\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11/07/2012 05:45 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-789336058-839522115-1003Core.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-789336058-839522115-1003UA.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job --a------ C:\WINDOWS\system32\xp_eos.exe [02/25/2014 06:59 PM]
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job --a------ C:\WINDOWS\system32\xp_eos.exe [02/25/2014 06:59 PM]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [06/27/2011 08:30 PM]
 
==== Chrome Look ======================
 
Google Voice Search Hotword (Beta) - Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Startpages ======================
 
C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "http://www.google.com/" ],
 
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search"
{76E9350E-0392-9C19-F83A-99BC015260AF} Bing  Url="http://www.bing.com/...39&form=ZGAIDF"
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Thu 08/28/2014 at 13:43:34.40 ======================
 
 
 
 
 

  • 0

#9
Biscuithd
Posted 29 August 2014 - 07:57 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

My apologies, I had an error in my initial script. Could you re-run this one piece and post the results.

 

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
     

:commands

[SetRestorePoint]
 
:otl

PRC - [2014/08/24 14:37:18 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vxhost.exe

PRC - [2014/08/15 17:56:51 | 000,408,576 | ---- | M] (NetWork Host Corporation) -- C:\Documents and Settings\All Users\Application Data\Online\sv.exe

PRC - [2014/05/06 11:44:28 | 013,119,328 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSync.exe

MOD - [2014/08/24 14:37:18 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vxhost.exe

MOD - [2013/10/03 15:28:50 | 000,052,736 | ---- | M] () -- C:\Program Files\SugarSync\librsync.dll

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC

IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/...039&form=ZGAIDF

IE - HKCU\..\SearchScopes\{D5042721-6DFD-85DD-AD1C-6B852F3F6275}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF

O4 - HKCU..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSync.exe (SugarSync, Inc.)

[2014/08/24 17:01:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2014/08/24 14:28:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

 
:files

C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vxhost.exe

C:\Documents and Settings\All Users\Application Data\Online\sv.exe
 
:commands

[resethosts]

[reboot]
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

 

Please include the content of this logfile in your next reply.


  • 0

#10
OCman
Posted 29 August 2014 - 08:33 AM

OCman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
========== COMMANDS ==========
Error: Unable to interpret <[SetRestorePoint]> in the current context!
========== OTL ==========
No active process named vxhost.exe was found!
No active process named sv.exe was found!
No active process named SugarSync.exe was found!
Error: No service named HidServ was found to stop!
Service\Driver key HidServ not found.
File %SystemRoot%\System32\hidserv.dll not found.
Error: No service named WDICA was found to stop!
Service\Driver key WDICA not found.
Error: No service named wanatw was found to stop!
Service\Driver key wanatw not found.
File system32\DRIVERS\wanatw4.sys not found.
Error: No service named SymIMMP was found to stop!
Service\Driver key SymIMMP not found.
File system32\DRIVERS\SymIM.sys not found.
Error: No service named SymIM was found to stop!
Service\Driver key SymIM not found.
File system32\DRIVERS\SymIM.sys not found.
Error: No service named PDRFRAME was found to stop!
Service\Driver key PDRFRAME not found.
Error: No service named PDRELI was found to stop!
Service\Driver key PDRELI not found.
Error: No service named PDFRAME was found to stop!
Service\Driver key PDFRAME not found.
Error: No service named PDCOMP was found to stop!
Service\Driver key PDCOMP not found.
Error: No service named PCIDump was found to stop!
Service\Driver key PCIDump not found.
Error: No service named lbrtfdc was found to stop!
Service\Driver key lbrtfdc not found.
Error: No service named i2omgmt was found to stop!
Service\Driver key i2omgmt not found.
Error: No service named Changer was found to stop!
Service\Driver key Changer not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76E9350E-0392-9C19-F83A-99BC015260AF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D5042721-6DFD-85DD-AD1C-6B852F3F6275}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5042721-6DFD-85DD-AD1C-6B852F3F6275}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SugarSync not found.
File C:\Program Files\SugarSync\SugarSync.exe not found.
File C:\WINDOWS\System32\d3d9caps.dat not found.
C:\WINDOWS\system32\wpa.dbl moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\NetworkHostTask\vxhost.exe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\Online\sv.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 08292014_072841

Edited by OCman, 29 August 2014 - 08:34 AM.

  • 0

Advertisements

#11
Biscuithd
Posted 29 August 2014 - 08:35 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

You can find it here. c: _OTL\MovedFiles directory on your main drive as (date)_(time).log.


  • 0

#12
OCman
Posted 29 August 2014 - 08:37 AM

OCman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

yes, i found the file and edited my post above.


  • 0

#13
Biscuithd
Posted 29 August 2014 - 08:39 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

i found the file

Good!

 

How the machine running now?


  • 0

#14
OCman
Posted 29 August 2014 - 09:04 AM

OCman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Seems good, but I'm leaving for the weekend right now. I will really check it out on Monday and get back to you.

 

Thanks for your help!

 

peace


  • 0

#15
Biscuithd
Posted 29 August 2014 - 09:05 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, talk to you then! :)

 

You're welcome!


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP