Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

cannot access antivirus websites [Closed]

Started by andrerousselle123 , Mar 23 2013 12:05 AM

This topic is locked

#1
andrerousselle123

Posted 23 March 2013 - 12:05 AM

New Member

Member
8 posts

I am unable to access antivirus sites,

#2
Essexboy

Posted 23 March 2013 - 07:41 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi I will need to have a look at your system

Download OTL to your Desktop
Secondary link

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
andrerousselle123

Posted 23 March 2013 - 09:13 AM

New Member

Topic Starter
Member
8 posts

OTL logfile created on: 3/23/2013 12:00:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 116.54 Mb Available Physical Memory | 22.85% Memory free
1.22 Gb Paging File | 0.67 Gb Available in Paging File | 54.98% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 34.97 Gb Free Space | 46.94% Space Free | Partition Type: NTFS
Drive D: | 62.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ANDRE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/23 11:58:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2013/03/13 17:25:17 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe
PRC - [2013/03/07 20:02:42 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/03/06 08:36:54 | 002,731,296 | ---- | M] (Conduit) -- C:\Documents and Settings\Owner\Application Data\SearchProtect\bin\cltmng.exe
PRC - [2013/03/06 08:36:52 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/01/24 14:18:46 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/09/05 11:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/12 16:48:48 | 000,921,707 | R--- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2006/10/12 13:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
PRC - [2006/10/12 13:44:48 | 000,385,113 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/20 10:17:33 | 014,717,144 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/03/07 20:02:40 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/22 11:48:22 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\2f9c4ac40873ab429468473c4046dc81\System.ni.dll
MOD - [2010/08/22 11:47:45 | 011,411,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\98429e84777ec8449f41710ded0fe84c\mscorlib.ni.dll
MOD - [2010/08/22 11:46:22 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2008/05/29 22:42:12 | 000,060,416 | ---- | M] () -- C:\WINDOWS\system32\antiwpa.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Documents and Settings\Owner\Application Data\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/20 10:17:34 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 20:02:40 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/06 08:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2012/09/05 11:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/04/14 08:00:00 | 000,157,221 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\bnlkm.dll -- (yfvtlonf)
SRV - [2006/10/12 13:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2006/09/13 05:00:00 | 000,173,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0330Vid.sys -- (V0330VID)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 63 65 5B 12 92 3C E7 4A BF 1C 70 F2 AF 7B E2 3F [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 63 65 5B 12 92 3C E7 4A BF 1C 70 F2 AF 7B E2 3F [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 63 65 5B 12 92 3C E7 4A BF 1C 70 F2 AF 7B E2 3F [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 63 65 5B 12 92 3C E7 4A BF 1C 70 F2 AF 7B E2 3F [binary data]

IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...77-8B1F6F645AD5
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 63 65 5B 12 92 3C E7 4A BF 1C 70 F2 AF 7B E2 3F [binary data]
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\URLSearchHook: {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files\Vgrabber_v1\prxtbVgra.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...0A5001320BE0E55
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...75-688649A8E7A7
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\SearchScopes\{6FBF660E-A78D-4dc8-B9DA-302A931FFE66}: "URL" = http://websearch.qby...BC-9BFF238883C9
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...648740061937114
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ca
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3268934.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Vgrabber v1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...74095082892663"
FF - prefs.js..browser.search.selectedEngine: "Vgrabber v1 Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://search.condui...7-8B1F6F645AD5"
FF - prefs.js..extensions.enabledAddons: %7B7B58BD19-E278-444F-A5DD-13B1C38B47F0%7D:2.1.3
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7B7f7f82f1-7c95-47cd-814f-950b56d58fc3%7D:10.14.42.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.condui...95082892663&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/23 02:46:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/14 06:58:23 | 000,000,000 | ---D | M]

[2010/03/11 23:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/03/23 02:47:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\extensions
[2013/03/23 02:48:03 | 000,000,000 | ---D | M] (Vgrabber v1) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\extensions\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}
[2013/03/15 23:08:07 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\extensions\[email protected]
[2013/02/16 19:39:40 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\extensions\[email protected]
[2012/12/13 16:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\extensions\[email protected]
[2013/02/23 19:04:15 | 000,157,635 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\extensions\{7B58BD19-E278-444F-A5DD-13B1C38B47F0}.xpi
[2012/04/09 16:39:58 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\searchplugins\askcom.xml
[2013/03/23 02:48:06 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\searchplugins\conduit.xml
[2010/09/22 20:46:05 | 000,008,818 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\searchplugins\qbyrd.xml
[2013/03/07 20:02:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/07 20:02:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/03/07 20:02:42 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/15 23:08:57 | 000,006,507 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/10/13 11:17:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/19 11:35:07 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/23 02:29:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Vgrabber v1 Toolbar) - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files\Vgrabber_v1\prxtbVgra.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Vgrabber v1 Toolbar) - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files\Vgrabber_v1\prxtbVgra.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\Toolbar\WebBrowser: (Vgrabber v1 Toolbar) - {7F7F82F1-7C95-47CD-814F-950B56D58FC3} - C:\Program Files\Vgrabber_v1\prxtbVgra.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-21-507921405-1957994488-1606980848-1003..\Run: [Facebook Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-507921405-1957994488-1606980848-1003..\Run: [SearchProtect] C:\Documents and Settings\Owner\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-21-507921405-1957994488-1606980848-1003..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-507921405-1957994488-1606980848-1003..\Run: [Spark] C:\Program Files\Spark\Spark.exe (Jive Software)
O4 - HKU\S-1-5-21-507921405-1957994488-1606980848-1003..\Run: [Yontoo Desktop] C:\Documents and Settings\Owner\Application Data\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} http://10.20.193.11/...rols/ssTree.cab (Infragistics ActiveTreeView Control)
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} http://10.20.193.11/...rols/iemenu.cab (PopupMenu Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {977DBE03-F527-11D3-8F03-00C04FA3EB91} http://10.20.193.11/...ols/RtdCtrl.cab (RtdControl Class)
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} http://10.20.193.11/...eXViewerMod.cab (Crystal ActiveX Report Viewer Control 10.0)
O16 - DPF: {A3CAD586-00EF-4AEA-A6D4-C2E6B2D80915} http://10.20.193.11/...WrapperCtrl.CAB (ChartWrapperCtrl.ChartWrapperControl)
O16 - DPF: {BB710F17-F848-45AD-B1A4-A5244E944770} http://10.20.193.11/...rols/HRCtrl.CAB (HRCtrl.CtrlManager)
O16 - DPF: {BFC68136-FD58-466E-9377-AF523065C661} http://10.20.193.11/.../DTPWrapper.CAB (DTPWrapper.DTPickerCtrl)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0ED0BBA7-C09A-43C0-AAD9-B7CF94E8FAA8}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - (PRISMAPI.DLL) - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/12 00:34:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/20 23:59:16 | 000,000,044 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: yfvtlonf - C:\WINDOWS\system32\bnlkm.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/03/23 12:00:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/03/23 02:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Video Downloader
[2013/03/23 02:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\vGrabber-software
[2013/03/23 02:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/03/23 02:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/03/23 02:46:37 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013/03/23 02:46:36 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/03/23 02:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SearchProtect
[2013/03/23 02:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Vgrabber_v1
[2013/03/23 02:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
[2013/03/23 02:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Vgrabber_v1
[2013/03/23 02:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2013/03/23 02:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/03/23 02:15:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/03/23 02:12:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/03/23 02:12:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/03/23 02:12:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/03/23 02:12:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/03/23 02:12:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/23 02:11:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/03/21 18:18:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/03/21 18:18:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2013/03/20 10:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2013/03/20 10:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2013/03/20 10:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/03/20 10:17:34 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/17 23:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Avg2013
[2013/03/17 23:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\MFAData
[2013/03/15 23:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
[2013/03/15 23:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2013/03/15 23:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/03/15 23:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Babylon
[2013/03/15 23:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yontoo
[2013/03/15 23:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2013/03/15 23:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/03/15 23:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Movie2KDownloader.com
[2013/03/15 23:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\hdvidcodec.com
[2013/03/15 23:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\hdvidcodec.com
[2013/03/09 22:28:18 | 000,000,000 | ---D | C] -- C:\found.002
[2013/03/07 20:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/23 12:09:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/03/23 11:51:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/23 11:50:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/23 11:23:05 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1957994488-1606980848-1003UA.job
[2013/03/23 02:56:21 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2013/03/23 02:53:39 | 000,085,509 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2013/03/23 02:53:33 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Video Downloader.lnk
[2013/03/23 02:48:20 | 000,000,009 | ---- | M] () -- C:\END
[2013/03/23 02:40:46 | 001,169,609 | ---- | M] () -- C:\WINDOWS\unins000.exe
[2013/03/23 02:29:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/23 02:15:51 | 000,000,437 | RHS- | M] () -- C:\boot.ini
[2013/03/23 01:16:49 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/23 01:16:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/22 20:23:05 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1957994488-1606980848-1003Core.job
[2013/03/21 17:30:23 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/20 17:14:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/20 10:17:41 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2013/03/20 10:17:41 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/03/20 10:17:34 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/20 10:17:34 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/20 10:12:17 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HDVidCodec.lnk
[2013/03/20 00:16:01 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\March 11-15 call stats.rpt
[2013/03/19 08:39:26 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/19 08:20:03 | 001,773,990 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Stormy and snoop.jpg
[2013/03/06 06:38:36 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/03/06 06:38:36 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/23 02:53:38 | 001,169,609 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2013/03/23 02:53:37 | 000,085,509 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2013/03/23 02:53:30 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Video Downloader.lnk
[2013/03/23 02:48:19 | 000,000,009 | ---- | C] () -- C:\END
[2013/03/23 02:44:27 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2013/03/23 02:15:51 | 000,000,321 | ---- | C] () -- C:\Boot.bak
[2013/03/23 02:15:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/03/23 02:12:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/03/23 02:12:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/03/23 02:12:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/03/23 02:12:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/03/23 02:12:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/03/20 10:17:41 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2013/03/20 10:17:41 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/03/20 10:17:36 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/20 00:16:01 | 000,174,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\March 11-15 call stats.rpt
[2013/03/19 08:20:03 | 001,773,990 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Stormy and snoop.jpg
[2013/03/15 23:10:15 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/03/15 23:07:33 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HDVidCodec.lnk
[2011/05/10 21:50:24 | 000,515,072 | -HS- | C] () -- C:\WINDOWS\dx8vbwow.exe
[2011/04/24 23:17:28 | 000,005,758 | ---- | C] () -- C:\WINDOWS\System32\GnuHashes.ini
[2011/04/24 23:01:30 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/03/17 13:26:39 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\Owner\userdic.tlx
[2010/03/12 11:56:03 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/08/22 11:46:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 08:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/04/14 08:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 08:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 08:00:00 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 08:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 08:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/14 08:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 08:00:00 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 08:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 05:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 08:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 08:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 08:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 08:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 08:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/14 08:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2008/04/14 08:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 08:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 08:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/14 08:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 08:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 08:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 08:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/14 08:00:00 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2008/04/14 08:00:00 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 08:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 08:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 08:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 08:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/14 08:00:00 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 08:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 08:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 08:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 08:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 08:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 08:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/14 08:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 08:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/14 08:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SERVICES >
[2008/04/14 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/12/18 10:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\erdnt\cache\services.exe
[2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\system32\dllcache\services.exe
[2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.HTML >
[2010/09/14 20:51:10 | 000,009,413 | ---- | M] () MD5=87B4E3C3353C61B32677D5BD33118676 -- C:\Documents and Settings\Owner\My Documents\My Pictures\Robin's Work Folder\Jody's site\services.html

< MD5 for: SERVICES.LNK >
[2010/03/12 00:34:20 | 000,001,602 | ---- | M] () MD5=E8A020D15950F96A039345E9A961CD47 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008/04/14 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2008/04/14 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2008/04/14 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< End of report >

#4
andrerousselle123

Posted 23 March 2013 - 09:15 AM

New Member

Topic Starter
Member
8 posts

Extras.TXT

OTL Extras logfile created on: 3/23/2013 12:00:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 116.54 Mb Available Physical Memory | 22.85% Memory free
1.22 Gb Paging File | 0.67 Gb Available in Paging File | 54.98% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 34.97 Gb Free Space | 46.94% Space Free | Partition Type: NTFS
Drive D: | 62.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ANDRE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-507921405-1957994488-1606980848-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1930:TCP" = 1930:TCP:*:Enabled:imdsz

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\onex32.exe" = C:\WINDOWS\system32\onex32.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\fsusdwow.exe" = C:\WINDOWS\fsusdwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\rtutilswow.exe" = C:\WINDOWS\rtutilswow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\winsrvwow.exe" = C:\WINDOWS\winsrvwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\utildllwow.exe" = C:\WINDOWS\utildllwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\linkinfowow.exe" = C:\WINDOWS\linkinfowow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dpwsockxwow.exe" = C:\WINDOWS\dpwsockxwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\FA.tmp" = C:\WINDOWS\system32\FA.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\569.tmp" = C:\WINDOWS\system32\569.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\ddemlwow.exe" = C:\WINDOWS\ddemlwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\asycfiltwow.exe" = C:\WINDOWS\asycfiltwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\pmsplwow.exe" = C:\WINDOWS\pmsplwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\eapp3hstwow.exe" = C:\WINDOWS\eapp3hstwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\insengwow.exe" = C:\WINDOWS\insengwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdusxwow.exe" = C:\WINDOWS\kbdusxwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\xmllitewow.exe" = C:\WINDOWS\xmllitewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\tapiwow.exe" = C:\WINDOWS\tapiwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dmbandwow.exe" = C:\WINDOWS\dmbandwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\85.tmp" = C:\WINDOWS\system32\85.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\125.tmp" = C:\WINDOWS\system32\125.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\iasacctwow.exe" = C:\WINDOWS\iasacctwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\msr2cwow.exe" = C:\WINDOWS\msr2cwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\lzexpandwow.exe" = C:\WINDOWS\lzexpandwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\comaddinwow.exe" = C:\WINDOWS\comaddinwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\KBDALwow.exe" = C:\WINDOWS\KBDALwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\MSIMTFwow.exe" = C:\WINDOWS\MSIMTFwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\msdtcprxwow.exe" = C:\WINDOWS\msdtcprxwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\inetppwow.exe" = C:\WINDOWS\inetppwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ialmdd5wow.exe" = C:\WINDOWS\ialmdd5wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dpvacmwow.exe" = C:\WINDOWS\dpvacmwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ds32gtwow.exe" = C:\WINDOWS\ds32gtwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dx8vbwow.exe" = C:\WINDOWS\dx8vbwow.exe:*:Enabled:Windows Update Service -- ()
"C:\WINDOWS\wmvcorewow.exe" = C:\WINDOWS\wmvcorewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdmaoriwow.exe" = C:\WINDOWS\kbdmaoriwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\eapqecwow.exe" = C:\WINDOWS\eapqecwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\126.tmp" = C:\WINDOWS\system32\126.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\xactsrvwow.exe" = C:\WINDOWS\xactsrvwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\5D6.tmp" = C:\WINDOWS\system32\5D6.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\isign32wow.exe" = C:\WINDOWS\isign32wow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\5D7.tmp" = C:\WINDOWS\system32\5D7.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\692.tmp" = C:\WINDOWS\system32\692.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\693.tmp" = C:\WINDOWS\system32\693.tmp:*:Enabled:Windows Update Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\dx8vbwow.exe" = C:\WINDOWS\dx8vbwow.exe:*:Enabled:Windows Update Service -- ()
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Disabled:FrostWire -- (FrostWire)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java™ 6 Update 39
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.05
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = USB 2.0 Wireless LAN Card Utility
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{CA15D786-0A78-4CB1-BFE7-CC10701EB3DD}" = RPS CRT
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{E0724276-6980-47E2-8FF2-88F473805773}_is1" = WinUndelete 3.50
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"1ClickDownload" = HDVidCodec
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative VF0330" = Creative WebCam Vista Driver (1.00.03.00)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"FileZilla Client" = FileZilla Client 3.5.2
"FrostWire 5" = FrostWire 5.3.5
"Graboid Video" = Graboid Video 1.73
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"PROSet" = Intel® PRO Network Adapters and Drivers
"SearchProtect" = Search Protect by conduit
"Software Informer_is1" = Software Informer 1.0 BETA
"Spark 2.5.3" = Spark 2.5.3
"Vgrabber_v1 Toolbar" = Vgrabber v1 Toolbar
"Video Downloader" = Video Downloader
"Video Downloader_is1" = Video Downloader version 2.0
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507921405-1957994488-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/2/2013 2:05:57 PM | Computer Name = ANDRE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/2/2013 2:05:57 PM | Computer Name = ANDRE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 3/2/2013 2:05:57 PM | Computer Name = ANDRE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/2/2013 2:05:57 PM | Computer Name = ANDRE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 3/2/2013 2:58:54 PM | Computer Name = ANDRE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/2/2013 2:58:54 PM | Computer Name = ANDRE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 3/2/2013 2:58:54 PM | Computer Name = ANDRE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/2/2013 2:58:54 PM | Computer Name = ANDRE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 3/2/2013 2:58:54 PM | Computer Name = ANDRE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/2/2013 2:58:54 PM | Computer Name = ANDRE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ OSession Events ]
Error - 3/12/2011 8:20:10 PM | Computer Name = ANDRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/3/2011 10:31:41 PM | Computer Name = ANDRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 617
seconds with 540 seconds of active time. This session ended with a crash.

Error - 5/11/2011 7:07:30 PM | Computer Name = ANDRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 80678
seconds with 2100 seconds of active time. This session ended with a crash.

Error - 5/11/2011 8:31:06 PM | Computer Name = ANDRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4387
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/17/2011 6:04:07 PM | Computer Name = ANDRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4364
seconds with 120 seconds of active time. This session ended with a crash.

Error - 5/17/2011 6:11:02 PM | Computer Name = ANDRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 343
seconds with 300 seconds of active time. This session ended with a crash.

Error - 5/17/2011 8:16:33 PM | Computer Name = ANDRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 335
seconds with 180 seconds of active time. This session ended with a crash.

Error - 11/11/2011 11:11:50 PM | Computer Name = ANDRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 36
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/30/2011 11:54:32 AM | Computer Name = ANDRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6111
seconds with 180 seconds of active time. This session ended with a crash.

Error - 11/21/2012 8:28:22 PM | Computer Name = ANDRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 71
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/21/2013 6:59:18 PM | Computer Name = ANDRE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 3/22/2013 4:01:28 PM | Computer Name = ANDRE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/22/2013 4:01:59 PM | Computer Name = ANDRE | Source = Service Control Manager | ID = 7023
Description = The Manager Universal service terminated with the following error:
%%1114

Error - 3/22/2013 4:02:01 PM | Computer Name = ANDRE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/22/2013 9:30:41 PM | Computer Name = ANDRE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ANDRE-A7313CE8E that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{0ED0BBA7-C09. The master browser is stopping or an election is being
forced.

Error - 3/23/2013 1:17:18 AM | Computer Name = ANDRE | Source = Service Control Manager | ID = 7023
Description = The Manager Universal service terminated with the following error:
%%1114

Error - 3/23/2013 1:17:19 AM | Computer Name = ANDRE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/23/2013 1:17:25 AM | Computer Name = ANDRE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/23/2013 5:09:43 AM | Computer Name = ANDRE | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.2.10. The machine with the IP address 192.168.2.14 did not
allow the name to be claimed by this machine.

Error - 3/23/2013 5:12:17 AM | Computer Name = ANDRE | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{0ED0BBA7-C09A-43C0-AAD9-B7CF94E8FAA8}. The
backup browser is stopping.

< End of report >

#5
Essexboy

Posted 23 March 2013 - 09:46 AM

GeekU Moderator

Retired Staff
69,964 posts

Is this a pirated copy of XP ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Documents and Settings\Owner\Application Data\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - [2013/03/06 08:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2008/04/14 08:00:00 | 000,157,221 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\bnlkm.dll -- (yfvtlonf)
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...77-8B1F6F645AD5
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\URLSearchHook: {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files\Vgrabber_v1\prxtbVgra.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...0A5001320BE0E55
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...75-688649A8E7A7
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\SearchScopes\{6FBF660E-A78D-4dc8-B9DA-302A931FFE66}: "URL" = http://websearch.qby...BC-9BFF238883C9
IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...648740061937114
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Vgrabber v1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3268934&SearchSource=3&q={searchTerms}&CUI=UN37874095082892663"
FF - prefs.js..browser.search.selectedEngine: "Vgrabber v1 Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3268934&octid=CT3268934&SearchSource=61&CUI=UN37874095082892663&UM=UM_ID&UP=SP091CDC6F-94E1-4994-9977-8B1F6F645AD5"
FF - prefs.js..extensions.enabledAddons: %7B7B58BD19-E278-444F-A5DD-13B1C38B47F0%7D:2.1.3
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7B7f7f82f1-7c95-47cd-814f-950b56d58fc3%7D:10.14.42.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3268934&SearchSource=2&CUI=UN37874095082892663&q="
[2013/03/23 02:48:03 | 000,000,000 | ---D | M] (Vgrabber v1) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\extensions\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}
[2013/03/15 23:08:07 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\extensions\[email protected]
[2013/02/16 19:39:40 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\extensions\[email protected]
[2012/12/13 16:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\extensions\[email protected]
[2013/02/23 19:04:15 | 000,157,635 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\extensions\{7B58BD19-E278-444F-A5DD-13B1C38B47F0}.xpi
[2012/04/09 16:39:58 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\searchplugins\askcom.xml
[2013/03/23 02:48:06 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\searchplugins\conduit.xml
[2010/09/22 20:46:05 | 000,008,818 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y7l2ajea.default\searchplugins\qbyrd.xml
[2013/03/15 23:08:57 | 000,006,507 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Vgrabber v1 Toolbar) - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files\Vgrabber_v1\prxtbVgra.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vgrabber v1 Toolbar) - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files\Vgrabber_v1\prxtbVgra.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\..\Toolbar\WebBrowser: (Vgrabber v1 Toolbar) - {7F7F82F1-7C95-47CD-814F-950B56D58FC3} - C:\Program Files\Vgrabber_v1\prxtbVgra.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-21-507921405-1957994488-1606980848-1003..\Run: [SearchProtect] C:\Documents and Settings\Owner\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-21-507921405-1957994488-1606980848-1003..\Run: [Yontoo Desktop] C:\Documents and Settings\Owner\Application Data\Yontoo\YontooDesktop.exe (Yontoo LLC)
[2013/03/23 02:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Video Downloader
[2013/03/23 02:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\vGrabber-software
[2013/03/23 02:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/03/23 02:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/03/23 02:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SearchProtect
[2013/03/23 02:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Vgrabber_v1
[2013/03/23 02:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
[2013/03/23 02:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Vgrabber_v1
[2013/03/15 23:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/03/15 23:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Babylon
[2013/03/15 23:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yontoo
[2013/03/15 23:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2013/03/15 23:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/03/15 23:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\hdvidcodec.com
[2013/03/15 23:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\hdvidcodec.com
[2013/03/23 12:09:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/03/23 02:53:33 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Video Downloader.lnk
[2013/03/20 10:12:17 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HDVidCodec.lnk
[2011/05/10 21:50:24 | 000,515,072 | -HS- | C] () -- C:\WINDOWS\dx8vbwow.exe

:Reg
[HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[IE - HKU\S-1-5-21-507921405-1957994488-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-

:Files
C:\Documents and Settings\Owner\Application Data\SearchProtect
C:\Program Files\SearchProtect
C:\Program Files\Ask.com
C:\Documents and Settings\Owner\Application Data\Yontoo
C:\Program Files\Vgrabber_v1
C:\WINDOWS\system32\antiwpa.dll

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

#6
andrerousselle123

Posted 23 March 2013 - 01:10 PM

New Member

Topic Starter
Member
8 posts

I'm not sure if it is or not, Brought my pc to be formatted a few times, I don't know much about pc, so I couldn't tell you.

#7
Essexboy

Posted 23 March 2013 - 01:13 PM

GeekU Moderator

Retired Staff
69,964 posts

OK continue with the fix please

#8
andrerousselle123

Posted 23 March 2013 - 02:20 PM

New Member

Topic Starter
Member
8 posts

I've ran than fix, but now it logged me out and its asking for a product key, when I put in the product key that I have when I bought the pc, it says its wrong. what can i do now, hopefully I didn't loose all my pictures on this pc.

#9
Essexboy

Posted 23 March 2013 - 03:12 PM

GeekU Moderator

Retired Staff
69,964 posts

OK you will need to validate the system by phone (free)

How to activate Windows XP by phone
To contact a Microsoft customer service representative to activate Windows by phone, follow these steps:

1.Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Activate Windows.
Or, click the Windows Activation icon in the notification area.
2.Click Yes, I want to telephone a customer service representative to active Windows now.
3.Click Read the Windows Product Activation Privacy Statement, click Back, and then click Next.
4.Follow the steps in the Activate Windows by phone dialog box, and then click Next.
Note The number appears now and differs based on the location that you select.
5.When activation is completed and you receive the following message, click OK.
You have successfully activated your copy of Windows.

#10
andrerousselle123

Posted 23 March 2013 - 03:27 PM

New Member

Topic Starter
Member
8 posts

ok, but if it was a pirated copy of xp, when the previous technician installed on my pc , am I gonna get in trouble? Cause I have been looking for my original copy of xp, but I bought the pc almost 10 years ago, I can't find my original copy,

#11
andrerousselle123

Posted 23 March 2013 - 03:35 PM

New Member

Topic Starter
Member
8 posts

really all I'm worried about is my pictures on that pc. If theres a way to get them I would love to know.

#12
Essexboy

Posted 23 March 2013 - 04:01 PM

GeekU Moderator

Retired Staff
69,964 posts

We can recover them.. Is the a sticker on your computer that looks like this

[attachment=63919:coasticker.jpg]

#13
andrerousselle123

Posted 23 March 2013 - 04:08 PM

New Member

Topic Starter
Member
8 posts

yes

#14
Essexboy

Posted 23 March 2013 - 04:10 PM

GeekU Moderator

Retired Staff
69,964 posts

OK that is the number that you will probably need to give to MS over the phone when you get validated

#15
Essexboy

Posted 27 March 2013 - 03:36 PM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.