Jump to content

tkatavic

Honorary Members
  • Posts

    43
  • Joined

  • Last visited

Reputation

0 Neutral
  1. How does that technically work? It just live within the browser application's file system (or plug-ins/add-ons, etc.)? Thomas
  2. Okay, I uninstalled Firefox and downloaded/installed a fresh copy. Any immediate next steps? Thanks so much, Thomas
  3. Things seem to be pretty good so far. Let me continue monitoring today and let you know tonight/tomorrow morning if I ever see the re-direct occur again. Thomas
  4. Okay -- just did this. I'll let you know if I see the re-direct again today/tomorrow. Thomas
  5. I am using a router. Wouldn't I experience the re-direct on other laptops connected to it if it were at that level? I'll try your reset instructions tonight. Thomas
  6. Results: SystemLook 30.07.11 by jpshortstuff Log created at 19:59 on 22/04/2012 by Administrator Administrator - Elevation successful ========== filefind ========== Searching for "happili" No files found. -= EOF =-
  7. Unfortunately, earlier this morning, i experienced yet another happili re-direct, so it looks like it's still around. Thanks for your persistent help on this, Thomas
  8. Here's the latest log: All processes killed ========== OTL ========== ========== COMMANDS ========== [EMPTYFLASH] User: Administrator ->Flash cache emptied: 8254415 bytes User: All Users User: Default User ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 8.00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 2421317 bytes ->Temporary Internet Files folder emptied: 378490 bytes ->Java cache emptied: 380217 bytes ->FireFox cache emptied: 68288864 bytes ->Google Chrome cache emptied: 167742204 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 3424871 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 33251 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 232.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.40.0 log created on 04182012_200200 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  9. OTL log: === OTL logfile created on: 4/18/2012 7:22:26 PM - Run 1 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.14% Memory free 3.84 Gb Paging File | 3.47 Gb Available in Paging File | 90.30% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.54 Gb Total Space | 11.21 Gb Free Space | 15.04% Space Free | Partition Type: NTFS Computer Name: COMPUTER | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\TP-LINK\TWCU\COMMON\TWCU.exe () PRC - C:\Program Files\TP-LINK\TWCU\COMMON\RegistryWriter.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.) PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\TortoiseSVN\bin\libsasl32.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Program Files\TP-LINK\TWCU\COMMON\TWCU.exe () MOD - C:\Program Files\TP-LINK\TWCU\COMMON\acAuth.dll () MOD - C:\Program Files\TP-LINK\TWCU\COMMON\RegistryWriter.exe () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe () SRV - (wampapache) -- c:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe (Apache Software Foundation) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (RalinkRegistryWriter) -- C:\Program Files\TP-LINK\TWCU\COMMON\RegistryWriter.exe () SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys () DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.) DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation) DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation) DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation) DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation) DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation) DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation) DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation) DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation) DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation) DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation) DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation) DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation) DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation) DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation) DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation) DRV - (Symmpi) -- C:\WINDOWS\system32\drivers\symmpi.sys (LSI Logic) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2012/03/15 00:26:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/15 23:40:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/18 18:29:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A0A1B70A-7A2F-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{A0A1B70A-7A2F-11E1-826D-B8AC6F996F26}\ [2012/03/30 02:14:38 | 000,000,000 | ---D | M] [2011/01/24 20:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2012/03/25 20:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1f0zh2nm.default\extensions [2011/12/23 09:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/06/12 23:58:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1F0ZH2NM.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012/03/30 02:14:38 | 000,000,000 | ---D | M] (Translate This!) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{A0A1B70A-7A2F-11E1-826D-B8AC6F996F26} [2012/03/15 23:40:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/27 19:08:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/02/22 23:30:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/22 23:30:29 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/04/15 21:00:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll (Core Services) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services) O3 - HKCU\..\Toolbar\WebBrowser: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LayoutM] C:\WINDOWS\KLayMgr.exe (Chicony) O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TP-LINK Wireless Utility.lnk = C:\Program Files\TP-LINK\TWCU\COMMON\TWCU.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{823F4B8C-8DD6-4FC0-AD6E-DE74E77C9AC8}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2BEDC0C-A0AB-4D38-A202-734CDCB47899}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/04/18 19:20:18 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2012/04/18 18:16:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/04/18 18:16:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/04/18 18:16:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/04/18 18:16:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/04/18 18:16:41 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/04/16 17:57:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/04/12 22:22:18 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/04/04 15:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2012/03/30 02:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{A0A1B70A-7A2F-11E1-826D-B8AC6F996F26} [2012/03/24 18:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TP-LINK [2012/03/24 18:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\TP-LINK [2012/03/24 18:42:13 | 000,650,624 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys [2012/03/24 18:42:13 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll [2012/03/24 18:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TP-LINK Driver ========== Files - Modified Within 30 Days ========== [2012/04/18 19:20:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2012/04/18 19:17:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-274765018-2503423405-4002033684-500UA.job [2012/04/18 19:15:20 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs [2012/04/18 18:26:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/04/18 18:26:00 | 2138,574,848 | -HS- | M] () -- C:\hiberfil.sys [2012/04/18 18:26:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/04/18 06:17:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-274765018-2503423405-4002033684-500Core.job [2012/04/16 20:14:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/15 21:00:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/04/15 11:31:46 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2012/04/14 21:19:38 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk [2012/04/11 00:34:34 | 000,481,634 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/04/11 00:34:34 | 000,079,708 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/04/11 00:27:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/03/26 18:21:34 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Adobe PNG Format CS5 Prefs [2012/03/24 18:43:04 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TP-LINK Wireless Utility.lnk [2012/03/24 18:42:58 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe ========== Files Created - No Company Name ========== [2012/04/18 18:16:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/04/18 18:16:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/04/18 18:16:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/04/18 18:16:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/04/18 18:16:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/04/18 17:52:16 | 2138,574,848 | -HS- | C] () -- C:\hiberfil.sys [2012/04/12 18:30:48 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2012/03/24 18:43:04 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TP-LINK Wireless Utility.lnk [2012/03/24 18:42:58 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2012/03/24 18:42:10 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2012/02/16 12:09:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/07/18 23:02:59 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe IllExport Filter CS5 Prefs [2011/06/12 23:59:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011/06/08 00:56:59 | 007,988,838 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-274765018-2503423405-4002033684-500-0.dat [2011/06/08 00:56:58 | 000,324,230 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2011/05/26 21:49:30 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011/03/23 20:50:30 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe PNG Format CS5 Prefs [2011/03/06 21:04:32 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe GIF Format CS5 Prefs [2011/02/14 01:45:13 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND [2011/02/12 18:14:22 | 000,021,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/01/30 13:52:48 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe BMP Format CS5 Prefs [2011/01/25 20:18:06 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs [2011/01/24 20:10:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/12/10 14:45:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2010/12/10 14:43:27 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\std201mt.dll [2010/12/10 14:41:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2010/12/10 14:41:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2010/12/10 14:41:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2010/12/10 14:41:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2010/12/10 14:41:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2010/12/10 14:41:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2010/12/10 14:27:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2010/12/10 14:26:53 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2010/12/10 14:26:48 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2010/12/10 14:26:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2010/12/10 14:25:17 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2010/12/10 14:16:13 | 000,001,065 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini ========== LOP Check ========== [2011/06/07 19:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Axure [2011/05/27 19:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1 [2011/09/18 17:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blender Foundation [2011/01/29 04:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/04/18 18:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox [2012/04/17 22:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla [2011/03/20 23:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo [2011/02/04 21:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org [2011/01/26 23:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera [2011/07/17 22:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sports Interactive [2011/01/29 02:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/01/02 19:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion [2011/04/07 19:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer [2011/06/07 19:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Axure [2011/01/24 20:25:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/07/12 17:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2012/04/18 19:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2012/03/24 18:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK Driver [2011/01/30 20:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2011/06/20 12:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/06/07 19:07:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B4E81CDC-FC54-4176-962E-4391297C464F} [2011/09/30 03:45:00 | 000,000,588 | ---- | M] () -- C:\WINDOWS\Tasks\Lecture 12.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2011/07/15 19:01:07 | 000,000,644 | ---- | M] () -- C:\bar.emf [2010/12/10 12:01:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2011/07/11 18:12:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2011/03/22 21:40:56 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT [2012/04/18 18:26:00 | 2138,574,848 | -HS- | M] () -- C:\hiberfil.sys [2010/12/10 14:41:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/12/10 14:41:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/12/10 12:46:26 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/04/18 18:25:58 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2012/04/18 18:13:36 | 000,000,359 | ---- | M] () -- C:\rkill.log [2012/04/12 18:34:43 | 000,082,786 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_12.04.2012_18.31.04_log.txt < %systemroot%\Fonts\*.com > [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2004/08/09 09:32:58 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav > [2004/08/09 09:20:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2004/08/09 09:20:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2004/08/09 09:20:10 | 000,864,256 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x > [2010/12/10 12:49:54 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini < %systemroot%\system32\config\systemprofile\*.dat /x > < %systemroot%\*.config > < %systemroot%\system32\*.db > < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x > [2010/12/10 13:00:38 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini [2004/08/09 14:42:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf < %USERPROFILE%\Desktop\*.exe > [2012/04/18 19:20:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2011/08/15 22:14:50 | 000,139,264 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\Administrator\Desktop\Pageant.exe < %PROGRAMFILES%\Common Files\*.* > < %systemroot%\*.src > < %systemroot%\install\*.* > < %systemroot%\system32\DLL\*.* > < %systemroot%\system32\HelpFiles\*.* > < %systemroot%\system32\rundll\*.* > < %systemroot%\winn32\*.* > < %systemroot%\Java\*.* > < %systemroot%\system32\test\*.* > < %systemroot%\system32\Rundll32\*.* > < %systemroot%\AppPatch\Custom\*.* > < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x > < %PROGRAMFILES%\PC-Doctor\Downloads\*.* > < %PROGRAMFILES%\Internet Explorer\*.tmp > < %PROGRAMFILES%\Internet Explorer\*.dat > < %USERPROFILE%\My Documents\*.exe > [2011/01/24 20:09:53 | 004,622,344 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Administrator\My Documents\avg_free_stb_all_2011_1191_cnet.exe [2011/01/24 20:09:01 | 008,582,536 | ---- | M] (Mozilla) -- C:\Documents and Settings\Administrator\My Documents\Firefox Setup 3.6.13.exe < %USERPROFILE%\*.exe > [2011/02/19 02:57:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\gosetup.exe < %systemroot%\ADDINS\*.* > < %systemroot%\assembly\*.bak2 > < %systemroot%\Config\*.* > < %systemroot%\REPAIR\*.bak2 > < %systemroot%\SECURITY\Database\*.sdb /x > < %systemroot%\SYSTEM\*.bak2 > < %systemroot%\Web\*.bak2 > < %systemroot%\Driver Cache\*.* > < %PROGRAMFILES%\Mozilla Firefox\0*.exe > < %ProgramFiles%\Microsoft Common\*.* > < %ProgramFiles%\TinyProxy. > < %USERPROFILE%\Favorites\*.url /x > [2010/12/10 13:00:38 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini < %systemroot%\system32\*.bk > < %systemroot%\*.te > < %systemroot%\system32\system32\*.* > < %ALLUSERSPROFILE%\*.dat /x > < %systemroot%\system32\drivers\*.rmv > < dir /b "%systemroot%\system32\*.exe" | find /i " " /c > < dir /b "%systemroot%\*.exe" | find /i " " /c > < %PROGRAMFILES%\Microsoft\*.* > < %systemroot%\System32\Wbem\proquota.exe > < %PROGRAMFILES%\Mozilla Firefox\*.dat > < %USERPROFILE%\Cookies\*.txt /x > [2012/04/18 18:26:05 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat < %SystemRoot%\system32\fonts\*.* > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-11 04:36:28 < End of report > === Extras: === OTL Extras logfile created on: 4/18/2012 7:22:26 PM - Run 1 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.14% Memory free 3.84 Gb Paging File | 3.47 Gb Available in Paging File | 90.30% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.54 Gb Total Space | 11.21 Gb Free Space | 15.04% Space Free | Partition Type: NTFS Computer Name: COMPUTER | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe" = C:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.) "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Program Files\Steam\steamapps\common\football manager 2011\fm.exe" = C:\Program Files\Steam\steamapps\common\football manager 2011\fm.exe:*:Enabled:Football Manager 2011 -- (Sports Interactive) "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- () "C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0515803B-5068-4599-8666-963E143C7381}" = HP Smart Card Security for ProtectTools "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1 "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29 "{2C65D0D7-2B7E-4788-ADB0-8693F344460B}" = Axure RP Pro 6 "{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Management Programs "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A504FB1-9593-48B4-81AE-D39F37EF7139}" = TortoiseSVN 1.7.3.22386 (32 bit) "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{55559ABB-AB08-416F-A227-6319B545AF83}" = VitalSource Bookshelf "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{78E42E4F-021F-4E10-B1C2-09CA19487330}_is1" = SketchUp to OpenSceneGraph Exporter Plugin version 1.5.1 "{79770F05-E3B8-4DAA-BEDB-9EBF29EAF527}" = Keyboard Layout Management Application "{7EF80615-639D-4BD0-B612-E347096452AD}" = TP-LINK Wireless Utility "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007 "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 1.00 C2 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F66CAE05-FA3A-EF04-DF5E-F11B9DD58B12}" = Balsamiq Mockups For Desktop "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Axure RP Pro 6" = Axure RP Pro 6 "BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1" = Balsamiq Mockups For Desktop "Blender" = Blender "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DebugBar" = DebugBar v5.4.1 for Internet Explorer (remove only) "Fiddler2" = Fiddler2 "FileZilla Client" = FileZilla Client 3.3.5.1 "ie8" = Windows Internet Explorer 8 "IETester" = IETester v0.4.7 (remove only) "InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Management Programs "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "matplotlib-py2.6" = Python 2.6 matplotlib-1.0.1 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US) "numpy-py2.6" = Python 2.6 numpy-1.5.1 "Opera 11.60.1185" = Opera 11.60 "PIL-py2.6" = Python 2.6 PIL-1.1.7 "Software Setup" = Software Setup "Steam App 34220" = Football Manager 2011 "TeamViewer 6" = TeamViewer 6 "uTorrent" = µTorrent "Vim 7.3" = Vim 7.3 (self-installing) "VISPRO" = Microsoft Office Visio Professional 2007 "VLC media player" = VLC media player 1.1.6 "WampServer 2_is1" = WampServer 2.1 "Windows XP Service Pack" = Windows XP Service Pack 3 "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{BD5F3A9C-22D5-4C1D-AEA0-ED1BE83A1E67}_is1" = Ruby 1.9.2-p290 "Dropbox" = Dropbox "Google Chrome" = Google Chrome "Layar3D Model Converter" = Layar3D Model Converter ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/27/2011 12:44:00 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978. Error - 12/27/2011 12:44:11 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978. Error - 12/27/2011 12:47:46 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978. Error - 12/27/2011 12:48:11 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978. Error - 12/27/2011 12:48:52 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978. Error - 12/27/2011 12:48:58 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978. Error - 12/27/2011 12:49:15 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978. Error - 12/31/2011 11:08:13 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000 Description = Faulting application fm.exe, version 11.3.0.47461, faulting module fm.exe, version 11.3.0.47461, fault address 0x0103f9c2. Error - 1/6/2012 9:09:20 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000 Description = Faulting application photoshop.exe, version 12.0.0.0, faulting module adobeswfl.dll, version 2.0.0.7489, fault address 0x00013db9. Error - 1/16/2012 1:42:18 PM | Computer Name = COMPUTER | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown [ System Events ] Error - 4/15/2012 2:14:47 AM | Computer Name = COMPUTER | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 4/18/2012 8:11:04 AM | Computer Name = COMPUTER | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 4/18/2012 8:11:58 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7001 Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: %%31 Error - 4/18/2012 8:11:58 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7001 Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 4/18/2012 8:11:58 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error - 4/18/2012 8:11:58 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7001 Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 4/18/2012 8:11:58 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7001 Description = The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 4/18/2012 8:11:58 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 4/18/2012 8:11:58 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip WS2IFSL Error - 4/18/2012 8:14:50 AM | Computer Name = COMPUTER | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} < End of report >
  10. I successfully rkill.exe. Its log showed that it didn't terminate any processes. I then tried to run ComboFix.exe and DDS again. Same problem.
  11. Tried running it in both normal and safe mode with AntiVir guard disabled. Still freezing up like ComboFix. :\
  12. I updated and then ran the scan. As for my computer, I noticed the hapili re-direct while Google searching yesterday. --- Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.16.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: COMPUTER [administrator] 4/16/2012 8:15:15 PM mbam-log-2012-04-16 (20-15-15).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 285856 Time elapsed: 38 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  13. I tried running combofix directly from the chameleon folder following that and it froze out again (I let it run about 40 mins). Thomas
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.