Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Redirects & Can't Run Malewarebytes Update

Started by ChrisPittts , Aug 07 2011 09:11 AM

  • This topic is locked This topic is locked

#91
ChrisPittts
Posted 26 August 2011 - 08:49 PM

ChrisPittts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
OTL logfile created on: 8/27/2011 10:38:04 AM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Michael Belmont\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.36 Mb Total Physical Memory | 148.71 Mb Available Physical Memory | 29.54% Memory free
1.20 Gb Paging File | 0.87 Gb Available in Paging File | 72.68% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.85 Gb Total Space | 12.03 Gb Free Space | 43.20% Space Free | Partition Type: NTFS

Computer Name: MJ-BEB851079773 | User Name: Michael Belmont | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Michael Belmont\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
PRC - C:\Program Files\Hewlett-Packard\hp print screen utility\prnsys.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\js3250.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL ()
MOD - C:\Program Files\Hewlett-Packard\hp print screen utility\stringres.dll ()
MOD - C:\Program Files\Hewlett-Packard\hp print screen utility\prnsys.exe ()


========== Win32 Services (SafeList) ==========

SRV - (wuauserv) -- File not found
SRV - (nosGetPlusHelper) getPlus® -- File not found
SRV - (HidServ) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Driver Services (SafeList) ==========

DRV - (MpKsl4cf91773) -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F3CB0BF-971C-4A90-B704-EB30AB536D63}\MpKsl4cf91773.sys (Microsoft Corporation)
DRV - (MpKsle26d049b) -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F3CB0BF-971C-4A90-B704-EB30AB536D63}\MpKsle26d049b.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-448539723-113007714-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-448539723-113007714-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-448539723-113007714-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.oblates....sian_quote.php"
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.no_proxies_on: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michael Belmont\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michael Belmont\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/30 14:37:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/23 14:30:42 | 000,000,000 | ---D | M]

[2010/03/19 12:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Belmont\Application Data\Mozilla\Extensions
[2011/08/27 10:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Belmont\Application Data\Mozilla\Firefox\Profiles\3vtzljp6.default\extensions
[2011/07/31 18:33:58 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Michael Belmont\Application Data\Mozilla\Firefox\Profiles\3vtzljp6.default\extensions\[email protected]
[2011/08/09 16:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/16 13:59:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 07:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/08/09 16:11:32 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PrnSys Executable] C:\Program Files\Hewlett-Packard\hp print screen utility\prnsys.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueZone Session Manager.LNK = C:\Program Files\SEAGULL\BlueZone\BZSM.EXE (Seagull Software Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-113007714-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-448539723-113007714-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-448539723-113007714-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-448539723-113007714-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/05 11:27:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/10 13:34:09 | 000,002,147 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/27 10:36:01 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael Belmont\Desktop\OTL.exe
[2011/08/16 22:18:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/08/16 20:57:46 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/08/14 08:10:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/14 08:08:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/08/14 08:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/08/14 08:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/08/14 08:06:41 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011/08/14 08:06:40 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/08/14 08:06:40 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/08/14 08:06:40 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/08/14 08:06:39 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011/08/14 08:06:39 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/08/14 08:06:39 | 000,000,000 | ---D | C] -- C:\9d9d958b19735ff0d70eebc46e3f
[2011/08/14 08:05:07 | 000,000,000 | ---D | C] -- C:\0ff7295ea5ebd7c650a1a0a46583f79b
[2011/08/14 08:04:56 | 000,000,000 | ---D | C] -- C:\6b890c6c3a02bd6d90432396
[2011/08/14 07:58:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael Belmont\Recent
[2011/08/11 13:42:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/11 13:41:55 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/11 13:40:30 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/09 16:30:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/09 16:27:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/09 16:27:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/09 16:27:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/09 16:27:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/09 16:27:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/09 16:27:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/09 16:27:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael Belmont\Start Menu\Programs\Administrative Tools
[2011/08/09 16:09:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/09 16:07:19 | 000,000,000 | ---D | C] -- C:\2ff5a2b8e12ee606e568002813df103b
[2011/08/09 16:03:45 | 000,000,000 | ---D | C] -- C:\32ada37ebc0a802f5407f0
[2011/08/09 16:03:35 | 000,000,000 | ---D | C] -- C:\413584e0a82357ba95a1
[2011/07/31 18:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Belmont\Application Data\Malwarebytes
[2011/07/31 18:44:06 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/31 18:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/31 18:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/07/31 18:44:01 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/31 18:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/31 18:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Dell Wireless
[2011/07/31 18:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Belmont\Start Menu\Programs\Dell Inc
[2011/07/31 17:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Belmont\Local Settings\Application Data\Deployment
[2011/07/31 17:38:56 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/07/31 17:37:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/07/31 17:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/28 15:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Activision Value
[2011/07/28 13:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Disney Imagineering
[2004/11/29 19:08:30 | 000,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll

========== Files - Modified Within 30 Days ==========

[2011/08/27 10:37:15 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/27 10:36:37 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Belmont\Desktop\OTL.exe
[2011/08/27 10:31:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/26 06:06:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1006UA.job
[2011/08/26 05:31:01 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1003UA.job
[2011/08/26 05:29:40 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\Michael Belmont\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/26 05:29:38 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\Michael Belmont\Desktop\Google Chrome.lnk
[2011/08/26 05:03:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/26 05:03:44 | 000,145,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/26 03:52:25 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1003Core.job
[2011/08/26 03:52:25 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1006Core.job
[2011/08/14 08:10:24 | 000,435,540 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/14 08:10:24 | 000,068,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/09 16:30:49 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/09 16:11:32 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/31 18:25:58 | 000,056,802 | ---- | M] () -- C:\WINDOWS\System32\DellSystem.xml
[2011/07/28 15:11:42 | 000,000,129 | ---- | M] () -- C:\WINDOWS\disney.ini
[2011/07/28 13:38:21 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/07/28 13:38:20 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/07/28 13:38:18 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/07/28 13:37:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\EReg515.dat
[2011/07/28 13:32:52 | 000,000,172 | ---- | M] () -- C:\WINDOWS\disneysy.ini
[2011/07/28 13:13:46 | 000,000,500 | ---- | M] () -- C:\WINDOWS\hegames.ini

========== Files Created - No Company Name ==========

[2011/08/09 16:30:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/09 16:30:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/09 16:27:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/09 16:27:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/09 16:27:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/09 16:27:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/09 16:27:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/31 17:58:43 | 000,056,802 | ---- | C] () -- C:\WINDOWS\System32\DellSystem.xml
[2011/07/28 13:37:58 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/07/28 13:37:56 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/07/28 13:37:56 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/07/28 13:37:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2011/07/28 13:33:24 | 000,000,129 | ---- | C] () -- C:\WINDOWS\disney.ini
[2011/07/28 13:32:33 | 000,000,172 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2011/03/24 12:03:22 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Michael Belmont\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/20 13:09:31 | 000,000,313 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/07/16 09:06:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/22 19:43:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/21 16:07:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/04/21 16:05:12 | 000,000,500 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/04/19 16:11:57 | 000,001,426 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2010/04/11 15:48:23 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/04/10 17:23:21 | 000,000,411 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/03/19 14:01:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/03/19 14:01:35 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/03/19 14:01:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/03/19 12:47:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/13 01:14:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/13 01:06:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/12 16:45:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/12 16:44:11 | 000,145,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 18:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 18:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,435,540 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,068,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/20 14:14:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2003/08/18 06:55:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2003/08/18 06:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 07:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2001/01/19 11:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE

< End of report >
OTL Extras logfile created on: 8/27/2011 10:38:04 AM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Michael Belmont\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.36 Mb Total Physical Memory | 148.71 Mb Available Physical Memory | 29.54% Memory free
1.20 Gb Paging File | 0.87 Gb Available in Paging File | 72.68% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.85 Gb Total Space | 12.03 Gb Free Space | 43.20% Space Free | Partition Type: NTFS

Computer Name: MJ-BEB851079773 | User Name: Michael Belmont | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-448539723-113007714-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon Camera WIA Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{E1F4FB82-3EA6-46B6-A18A-9B3A62DA393E}" = hp deskjet 6122
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 2.1
"EOS Utility" = Canon Utilities EOS Utility
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hp deskjet 6122 series_Driver" = hp deskjet 6122 series
"hp print screen utility" = hp print screen utility
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon EOS-1D Mark II N WIA Driver
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Lexmark X1100 Series" = Lexmark X1100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-448539723-113007714-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"Progress Bar" = Progress Bar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2011 10:31:39 PM | Computer Name = MJ-BEB851079773 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80040154, P2 cocreateinstance(updatesearcher),
P3 initialize, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security
essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

Error - 8/24/2011 10:32:41 AM | Computer Name = MJ-BEB851079773 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040154.

Error - 8/24/2011 10:32:41 AM | Computer Name = MJ-BEB851079773 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 8/24/2011 10:32:48 AM | Computer Name = MJ-BEB851079773 | Source = .NET Runtime Optimization Service | ID = 1110
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service Manager returned a fatal error (0x80004002). Will stop service

Error - 8/26/2011 5:19:08 AM | Computer Name = MJ-BEB851079773 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 8/26/2011 5:27:23 AM | Computer Name = MJ-BEB851079773 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 8/26/2011 5:29:44 AM | Computer Name = MJ-BEB851079773 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/26/2011 5:39:12 AM | Computer Name = MJ-BEB851079773 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 8/26/2011 5:39:36 AM | Computer Name = MJ-BEB851079773 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/27/2011 10:43:37 AM | Computer Name = MJ-BEB851079773 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ OSession Events ]
Error - 2/25/2011 5:04:50 PM | Computer Name = MJ-BEB851079773 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27885
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/26/2011 5:38:41 AM | Computer Name = MJ-BEB851079773 | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 8/26/2011 5:38:41 AM | Computer Name = MJ-BEB851079773 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 8/26/2011 5:39:11 AM | Computer Name = MJ-BEB851079773 | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 8/26/2011 5:39:12 AM | Computer Name = MJ-BEB851079773 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.111.709.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x80080005 Error
description: Server execution failed

Error - 8/27/2011 10:32:09 AM | Computer Name = MJ-BEB851079773 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 8/27/2011 10:42:26 AM | Computer Name = MJ-BEB851079773 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 8/27/2011 10:42:56 AM | Computer Name = MJ-BEB851079773 | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 8/27/2011 10:42:56 AM | Computer Name = MJ-BEB851079773 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 8/27/2011 10:43:26 AM | Computer Name = MJ-BEB851079773 | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 8/27/2011 10:43:26 AM | Computer Name = MJ-BEB851079773 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.111.709.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x80080005 Error
description: Server execution failed


< End of report >
  • 0

Advertisements

#92
SweetTech
Posted 29 August 2011 - 10:36 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

From a malware point of view, your logs look pretty good, and I'm not seeing any signs of malware in them. The issues you are experiencing with slowness could be due to the amount of RAM installed on your computer. But there is a possibility that it could be an issue with your system. You may want to post in the Windows XP forum and see what the techs have to say about it.

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
[ClearAllRestorePoints]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#93
ChrisPittts
Posted 29 August 2011 - 11:10 AM

ChrisPittts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Thanks again for everything!!!!!!
  • 0

#94
SweetTech
Posted 29 August 2011 - 11:17 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
No problem! I'm glad to have been of assistance! Please take good care!

Kindest Regards,
ST.
  • 0

#95
SweetTech
Posted 29 August 2011 - 11:24 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP