Jump to content

problem updating from 1.65 to 1.70


Recommended Posts

I updated MBAM Pro from 1.65 to 1.70 and restarted the computer and everything seemed to work fine with MBAM set for real time. However, the next time that I started the computer, it stalled after the Windows chimes and would not display the desktop. I went to safe mode and restored the computer to a few days earlier and removed MBAM. Now the computer works OK. I have not reinstalled MBAM and don't want to take a chance of wrecking my computer unless I can be assured that it will work OK with MBAM real time.

I posted in the general forum, and daledoc1 instructed me to run dds. I downloaded and tried both dds.scr and dds.com. Neither would complete after 20 minutes of waiting and eventually froze the computer. In the first minute or two, I could hear the hard drive scanning but after that nothing--no logs. I had disabled Avast and Windows firewall and nothing else was running at the time of the scans.

Daledoc1 instructed me to post here.

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

Below is OTL.Txt:

OTL logfile created on: 1/26/2013 6:49:55 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\Desktop\OTL

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 81.95% Memory free

2.82 Gb Paging File | 2.63 Gb Available in Paging File | 93.22% Paging File free

Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 18.63 Gb Total Space | 5.17 Gb Free Space | 27.76% Space Free | Partition Type: NTFS

Drive E: | 3.72 Gb Total Space | 2.49 Gb Free Space | 66.84% Space Free | Partition Type: FAT32

Computer Name: DEFAULT | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/26 18:27:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL\OTL.exe

PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe

PRC - [2009/03/27 20:53:12 | 000,163,840 | ---- | M] () -- C:\Program Files\ProcessTamer\ProcessTamerTray.exe

PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2003/07/01 04:23:30 | 000,669,696 | ---- | M] (Tong Software Inc.) -- C:\Program Files\Anti Idle\AntiIdle.exe

PRC - [2003/05/22 23:38:58 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/26 13:14:31 | 002,049,536 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13012601\algo.dll

MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2010/07/04 16:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll

MOD - [2009/03/27 20:53:12 | 000,163,840 | ---- | M] () -- C:\Program Files\ProcessTamer\ProcessTamerTray.exe

MOD - [2005/12/19 09:08:16 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MBAMScheduler)

SRV - [2013/01/20 19:08:52 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2003/05/22 23:38:58 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2010/07/04 14:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)

DRV - [2008/09/28 18:31:36 | 000,037,781 | ---- | M] (SanDisk Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDSTOR2K.SYS -- (SDSTOR2K)

DRV - [2006/12/18 10:00:14 | 000,424,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2005/11/10 22:49:24 | 001,406,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)

DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)

DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2005/04/21 21:58:38 | 000,092,550 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (OZSCR)

DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)

DRV - [2003/05/22 23:23:00 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://ca.mg4.mail.yahoo.com/neo/l [binary data over 200 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/

IE - HKCU\..\SearchScopes,DefaultScope = {75119320-6490-4722-B24E-BEC5A43E58F0}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{425F9D02-2184-42E4-BCF5-D7BDB39AF46F}: "URL" = http://www.weather.com/search/enhanced?where={searchTerms}

IE - HKCU\..\SearchScopes\{75119320-6490-4722-B24E-BEC5A43E58F0}: "URL" = http://www.google.ca/search?hl=en&q={searchTerms}&btnG=Google+Search&meta=

IE - HKCU\..\SearchScopes\{8925599A-9A7F-4C18-A613-5DAECC8D8817}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Mozilla Add-ons"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/|http://us.mg.mail.yahoo.com/neo/launch|http://owensound.kijiji.ca/f-Classifieds-W0QQAdTypeZ2QQPriceAlternativeZ3|http://globefunddb.theglobeandmail.com/gishome/plsql/gis.process_fr?fr_mode=MYFUNDLIST&FR_PARAM1=|http://www.weatheroffice.gc.ca/city/pages/on-7_metric_e.html|"

FF - prefs.js..extensions.enabledAddons: adban%40ad-ban.appspot.com:2.3.1

FF - prefs.js..extensions.enabledAddons: %7B7f57cf46-4467-4c2d-adfa-0cba7c507e54%7D:2.0.8

FF - prefs.js..extensions.enabledAddons: fasttrans%40kemot:1.09.3

FF - prefs.js..extensions.enabledAddons: fdm_ffext%40freedownloadmanager.org:1.5.7.9

FF - prefs.js..extensions.enabledAddons: requestpolicy%40requestpolicy.com:0.5.27

FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.3

FF - prefs.js..extensions.enabledAddons: imageblock%40hemantvats.com:2.1

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9

FF - prefs.js..extensions.enabledItems: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:1.0.0.0

FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4

FF - prefs.js..extensions.enabledItems: {DAD0F81A-CF67-4eed-98D6-26F6E47274CA}:1.5

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {5C655500-E712-41e7-9349-CE462F844B19}:0.8.1

FF - prefs.js..extensions.enabledItems: vtzilla@virustotal.com:1.0

FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0

FF - prefs.js..network.proxy.backup.ftp: "141.39.131.48"

FF - prefs.js..network.proxy.backup.ftp_port: 80

FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"

FF - prefs.js..network.proxy.backup.gopher_port: 8080

FF - prefs.js..network.proxy.backup.socks: "141.39.131.48"

FF - prefs.js..network.proxy.backup.socks_port: 80

FF - prefs.js..network.proxy.backup.ssl: "141.39.131.48"

FF - prefs.js..network.proxy.backup.ssl_port: 80

FF - prefs.js..network.proxy.ftp: "184.22.116.237"

FF - prefs.js..network.proxy.ftp_port: 8888

FF - prefs.js..network.proxy.gopher: "212.33.237.113"

FF - prefs.js..network.proxy.gopher_port: 80

FF - prefs.js..network.proxy.http: "184.22.116.237"

FF - prefs.js..network.proxy.http_port: 8888

FF - prefs.js..network.proxy.no_proxies_on: ""

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "184.22.116.237"

FF - prefs.js..network.proxy.socks_port: 8888

FF - prefs.js..network.proxy.ssl: "184.22.116.237"

FF - prefs.js..network.proxy.ssl_port: 8888

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/20 19:08:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/20 19:08:35 | 000,000,000 | ---D | M]

[2010/01/23 23:39:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2013/01/24 22:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\extensions

[2012/08/28 18:37:42 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}

[2012/12/14 12:55:09 | 000,000,000 | ---D | M] (Fast Translation) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\extensions\fasttrans@kemot

[2012/03/28 19:13:09 | 000,035,733 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\extensions\adban@ad-ban.appspot.com.xpi

[2013/01/24 22:13:38 | 000,018,146 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\extensions\imageblock@hemantvats.com.xpi

[2012/10/26 21:11:28 | 000,091,555 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\extensions\printedit@DW-dev.xpi

[2013/01/18 15:07:54 | 000,172,839 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\extensions\requestpolicy@requestpolicy.com.xpi

[2013/01/10 22:52:50 | 000,347,812 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

[2013/01/19 11:16:24 | 000,533,221 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2012/12/11 15:30:04 | 000,526,889 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi

[2013/01/24 23:56:03 | 000,002,326 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\askcom.xml

[2013/01/24 23:56:03 | 000,002,276 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\bee-dictionary.xml

[2013/01/24 23:56:03 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\bing-canada.xml

[2013/01/24 23:56:04 | 000,001,838 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\bing-maps.xml

[2013/01/22 19:45:49 | 000,002,061 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\bing-news-ca-english.xml

[2013/01/24 23:56:04 | 000,002,094 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\canada-government.xml

[2013/01/24 23:55:58 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\cbc.xml

[2013/01/24 23:56:04 | 000,002,340 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\downloadcom---windows.xml

[2013/01/24 23:56:03 | 000,002,324 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\drugscom.xml

[2013/01/21 09:46:15 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\duckduckgo-ca-ssl-no-filter.xml

[2013/01/13 21:53:37 | 000,010,357 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\duckduckgo-html.xml

[2013/01/21 09:46:15 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\duckduckgo-lite-no-filter-no-js.xml

[2013/01/13 21:56:32 | 000,010,357 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\duckduckgo-lite.xml

[2013/01/21 09:46:15 | 000,002,230 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\duckduckgo-no-ssl.xml

[2013/01/21 09:46:23 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\duckduckgo-ssl-lite-no-filter.xml

[2013/01/13 17:13:06 | 000,010,316 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\duckduckgo.xml

[2013/01/24 23:55:59 | 000,001,252 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\globeandmailcom.xml

[2013/01/22 19:45:50 | 000,002,439 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\google-ca-en-ssl.xml

[2013/01/23 08:14:08 | 000,002,428 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\google-canada---from-canada.xml

[2013/01/22 19:45:49 | 000,002,189 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\google-canada-ssl.xml

[2013/01/24 23:56:03 | 000,002,381 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\google-canada.xml

[2013/01/24 23:56:04 | 000,002,184 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\google-maps-canada.xml

[2013/01/24 23:55:59 | 000,001,172 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\google-news-canada.xml

[2013/01/24 23:56:03 | 000,001,140 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\guardian-unlimited.xml

[2013/01/24 23:56:04 | 000,002,078 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\howtopedia-en---search.xml

[2013/01/24 23:56:04 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\internet-encyclopedia-of-philosophy.xml

[2013/01/24 23:56:04 | 000,002,018 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\medpedia-en.xml

[2010/05/23 11:48:41 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\mozilla-add-ons.xml

[2013/01/24 23:56:04 | 000,001,942 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\mycroft-project.xml

[2013/01/24 23:56:05 | 000,005,607 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\online-conversion.xml

[2013/01/24 23:56:01 | 000,001,186 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\the-free-dictionary---wikipedia.xml

[2013/01/24 23:56:05 | 000,002,192 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\the-free-library---literature.xml

[2013/01/24 23:56:05 | 000,002,292 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\the-weather-network.xml

[2013/01/24 23:56:05 | 000,002,270 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\thestarcom-toronto.xml

[2013/01/24 23:56:05 | 000,005,528 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\webmd.xml

[2013/01/24 23:56:05 | 000,002,224 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\wikianswers.xml

[2013/01/24 23:56:06 | 000,005,599 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\wikimapia.xml

[2013/01/24 23:56:06 | 000,001,298 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\wikipedia-en---search.xml

[2013/01/24 23:56:07 | 000,001,843 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\wiktionary-en.xml

[2013/01/24 23:56:02 | 000,001,166 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\yahoo-canada.xml

[2013/01/24 23:56:06 | 000,001,203 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\yahoo-dictionary.xml

[2013/01/24 23:56:03 | 000,001,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\yahoo-encyclopedia.xml

[2013/01/26 10:20:21 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\j8y8ians.default\searchplugins\yandex.xml

[2013/01/20 19:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/01/11 21:42:56 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSIONS\1.5.7.9

[2013/01/20 19:08:54 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[1999/12/31 17:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

[2013/01/20 19:08:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013/01/20 19:08:46 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2001/08/18 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [ProcessTamer] C:\Program Files\ProcessTamer\ProcessTamerTray.exe ()

O4 - HKCU..\Run: [AntiIdle] c:\program files\anti idle\AntiIdle.exe (Tong Software Inc.)

O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\Shortcut to aol.lnk = C:\Program Files\AOL 8.0\aol.exe (America Online, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 145

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()

O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()

O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/26 18:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\OTL

[2013/01/26 12:19:50 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.com

[2013/01/26 11:18:12 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.scr

[2013/01/26 11:17:05 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\user\Desktop\mbam-clean-1.60.2.0003.exe

[2013/01/25 11:59:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent

[2013/01/20 19:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013/01/14 23:30:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2013/01/14 23:30:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2013/01/14 23:30:56 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

[2013/01/12 12:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2013/01/11 22:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Mawer

[2013/01/11 21:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Free Download Manager

[2013/01/11 14:29:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FxsTmp

[2013/01/11 14:29:21 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxssend.exe

[2013/01/11 14:29:21 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe

[2013/01/11 14:29:20 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsclntR.dll

[2013/01/11 14:29:20 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll

[2013/01/11 14:29:20 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsroute.dll

[2013/01/11 14:29:20 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll

[2013/01/11 14:29:19 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscfgwz.dll

[2013/01/11 14:29:19 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll

[2013/01/10 10:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\test

[2013/01/08 22:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yandex

[2013/01/04 08:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software

[2013/01/01 22:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange PDF Viewer

[2012/12/29 10:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/26 18:51:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Clean System Memory.job

[2013/01/26 18:48:05 | 000,002,558 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MBAM instructions.rtf

[2013/01/26 18:21:20 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Free Download Manager.lnk

[2013/01/26 18:00:07 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\ERUNT AUTOBACK.job

[2013/01/26 17:23:17 | 000,372,391 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Bell-2013-1-24.pdf

[2013/01/26 17:20:25 | 000,369,970 | ---- | M] () -- C:\Documents and Settings\user\Desktop\PDF_144453750_2013-01-24_82.pdf

[2013/01/26 17:01:36 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2013/01/26 17:00:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/01/26 13:08:40 | 000,000,224 | ---- | M] () -- C:\WINDOWS\System32\CleanMem.ini

[2013/01/26 12:22:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.com

[2013/01/26 11:21:03 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.scr

[2013/01/26 11:17:15 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\user\Desktop\mbam-clean-1.60.2.0003.exe

[2013/01/25 15:53:12 | 000,133,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/01/25 15:46:57 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MBAM Exclusions.rtf

[2013/01/24 21:48:23 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\Shortcut to aol.lnk

[2013/01/24 13:21:12 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2013/01/24 09:23:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/01/22 22:38:24 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/01/22 22:38:23 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/01/22 20:32:05 | 000,003,044 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Metronome2.JPG

[2013/01/22 20:30:37 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Metronome3.JPG

[2013/01/22 20:29:36 | 000,414,774 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Metronome2.bmp

[2013/01/22 20:27:09 | 000,002,971 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Metronome.jpg

[2013/01/22 20:07:40 | 000,067,125 | ---- | M] () -- C:\Documents and Settings\user\Desktop\PAD Form.pdf

[2013/01/20 16:30:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\NTREGOPT.job

[2013/01/20 16:12:49 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Kijiji.rtf

[2013/01/20 15:14:51 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2013/01/18 14:56:37 | 000,409,023 | ---- | M] () -- C:\Documents and Settings\user\Desktop\YandexDisk.pdf

[2013/01/18 13:00:31 | 000,661,551 | ---- | M] () -- C:\Documents and Settings\user\Desktop\NelsonLinneaandMartinJohnFamily_2012-09-30.pdf

[2013/01/17 11:50:04 | 000,094,628 | ---- | M] () -- C:\fraglist.luar

[2013/01/15 21:27:22 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\user\Desktop\javacpl.exe.lnk

[2013/01/12 12:09:07 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll

[2013/01/12 12:09:07 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2013/01/11 21:48:46 | 000,177,595 | ---- | M] () -- C:\Documents and Settings\user\Desktop\bookmarks.htm

[2013/01/11 14:29:36 | 000,314,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/01/11 14:29:36 | 000,041,738 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/01/11 14:29:35 | 000,001,071 | ---- | M] () -- C:\WINDOWS\AWMODEM.INF

[2013/01/11 14:29:32 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf

[2013/01/06 22:13:23 | 000,024,738 | ---- | M] () -- C:\Documents and Settings\user\Desktop\message.ogg

[2013/01/06 00:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2013/01/05 14:37:25 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\user\Desktop\test3.rtf

[2012/12/28 23:19:38 | 000,589,172 | ---- | M] () -- C:\Documents and Settings\user\Desktop\tvo_schedule_jan_2013.pdf

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/26 18:21:20 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Free Download Manager.lnk

[2013/01/26 17:23:16 | 000,372,391 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Bell-2013-1-24.pdf

[2013/01/26 17:19:10 | 000,369,970 | ---- | C] () -- C:\Documents and Settings\user\Desktop\PDF_144453750_2013-01-24_82.pdf

[2013/01/26 13:08:35 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Clean System Memory.job

[2013/01/26 11:55:20 | 000,002,558 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MBAM instructions.rtf

[2013/01/25 15:53:12 | 000,133,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/01/25 15:46:57 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MBAM Exclusions.rtf

[2013/01/25 12:48:08 | 000,067,125 | ---- | C] () -- C:\Documents and Settings\user\Desktop\PAD Form.pdf

[2013/01/24 21:48:22 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\Shortcut to aol.lnk

[2013/01/22 20:32:05 | 000,003,044 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Metronome2.JPG

[2013/01/22 20:30:37 | 000,002,569 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Metronome3.JPG

[2013/01/22 20:29:35 | 000,414,774 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Metronome2.bmp

[2013/01/22 20:27:07 | 000,002,971 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Metronome.jpg

[2013/01/18 14:54:41 | 000,409,023 | ---- | C] () -- C:\Documents and Settings\user\Desktop\YandexDisk.pdf

[2013/01/18 12:58:10 | 000,661,551 | ---- | C] () -- C:\Documents and Settings\user\Desktop\NelsonLinneaandMartinJohnFamily_2012-09-30.pdf

[2013/01/17 11:50:04 | 000,094,628 | ---- | C] () -- C:\fraglist.luar

[2013/01/15 21:27:21 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\user\Desktop\javacpl.exe.lnk

[2013/01/12 13:02:09 | 000,177,595 | ---- | C] () -- C:\Documents and Settings\user\Desktop\bookmarks.htm

[2013/01/11 14:29:20 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2013/01/11 14:29:20 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\fxscount.h

[2013/01/06 22:13:22 | 000,024,738 | ---- | C] () -- C:\Documents and Settings\user\Desktop\message.ogg

[2013/01/05 14:37:24 | 000,000,161 | ---- | C] () -- C:\Documents and Settings\user\Desktop\test3.rtf

[2012/12/28 23:19:37 | 000,589,172 | ---- | C] () -- C:\Documents and Settings\user\Desktop\tvo_schedule_jan_2013.pdf

[2012/11/11 07:13:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll

[2012/09/13 01:23:20 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\ud-boot-time.ini

[2012/05/11 15:32:48 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI

[2012/02/27 21:24:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\.JavaPowUpload.properties

[2012/02/15 22:00:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/09/02 14:52:48 | 000,000,018 | ---- | C] () -- C:\WINDOWS\cmm.dat

[2011/01/02 16:00:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\WindowsXP-KB936929-SP3-x86-ENU.exe

[2011/01/01 22:40:15 | 000,000,452 | RHS- | C] () -- C:\Documents and Settings\user\ntuser.pol

[2010/12/14 11:09:22 | 000,008,758 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

[2010/05/19 22:38:44 | 000,000,549 | ---- | C] () -- C:\Documents and Settings\user\toonel.ini

[2010/05/05 20:54:01 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DonationCoder_processtamer_InstallInfo.dat

[2009/03/11 20:01:55 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\user\ccsetup217_slim.exe.dfast1

[2009/03/11 20:01:43 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\user\ccsetup217_slim.exe.dfast3

[2009/03/11 20:01:42 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\user\ccsetup217_slim.exe.dfast4

[2009/03/11 20:01:41 | 000,006,407 | ---- | C] () -- C:\Documents and Settings\user\ccsetup217_slim.exe.dfast2

[2008/07/19 15:36:16 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\user\ntuser.bak

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/06/27 12:36:54 | 000,000,212 | ---- | M] () -- C:\Boot.bak

[2011/01/23 16:46:13 | 000,000,282 | RHS- | M] () -- C:\boot.ini

[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr

[2008/07/19 15:25:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2011/04/22 17:16:32 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log

[2009/02/14 00:10:16 | 000,000,114 | R--- | M] () -- C:\filescan.avp

[2013/01/17 11:50:04 | 000,094,628 | ---- | M] () -- C:\fraglist.luar

[2008/07/19 15:25:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/07/19 15:25:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/07/20 13:51:08 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/07/20 16:17:10 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2011/07/06 19:54:41 | 000,262,144 | ---- | M] () -- C:\ntuser.dat

[2011/07/07 19:55:56 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG

[2013/01/26 17:00:17 | 1572,864,000 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

"NoAutoRebootWithLoggedOnUsers" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-01-16 04:27:56

< >

< End of report >

Link to post
Share on other sites

Below is Extras.Txt:

OTL Extras logfile created on: 1/26/2013 6:49:55 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\Desktop\OTL

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 81.95% Memory free

2.82 Gb Paging File | 2.63 Gb Available in Paging File | 93.22% Paging File free

Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 18.63 Gb Total Space | 5.17 Gb Free Space | 27.76% Space Free | Partition Type: NTFS

Drive E: | 3.72 Gb Total Space | 2.49 Gb Free Space | 66.84% Space Free | Partition Type: FAT32

Computer Name: DEFAULT | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [mplayerc.enqueue] -- "C:\Program Files\MPC HomeCinema\mpc-hc.exe" /add "%1" (MPC-HC Team)

Directory [mplayerc.play] -- "C:\Program Files\MPC HomeCinema\mpc-hc.exe" "%1" (MPC-HC Team)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Program Files\Opera Next\opera.exe" = C:\Program Files\Opera Next\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Program Files\PhraseExpress\phraseexpress.exe" = C:\Program Files\PhraseExpress\phraseexpress.exe:*:Disabled:PhraseExpress -- (Bartels Media GmbH)

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.0.2827

"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11

"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{39D5010F-1F25-4C5F-9A3C-1BD4304A855D}" = FirstClass Client

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{54B19DCE-232F-45A3-80D9-2141DEDF6D8F}" = Simple Adblock

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003

"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio

"{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver

"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"AC3Filter_is1" = AC3Filter 1.63b

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"All ATI Software" = ATI - Software Uninstall Utility

"America Online ca" = AOL (Choose which version to remove)

"Anti Idle" = Anti Idle

"ArsClip_is1" = ArsClip

"ATI Display Driver" = ATI Display Driver

"avast" = avast! Free Antivirus

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"Cablenut" = Cablenut 4.08

"CCleaner" = CCleaner

"CleanMem" = CleanMem

"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem

"DSincronizza" = DSincronizza

"DTaskManager" = DTaskManager

"ERUNT_is1" = ERUNT 1.1j

"FastStone Image Viewer" = FastStone Image Viewer 4.5

"FastStone Photo Resizer" = FastStone Photo Resizer 3.0

"FinePrint" = FinePrint

"Free Download Manager_is1" = Free Download Manager 3.9.2

"HaaliMkx" = Haali Media Splitter

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"ImageMate/SecureMate V5.08" = SanDisk ImageMate/SecureMate

"ImgBurn" = ImgBurn

"InstallShield_{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver

"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32

"Mozilla Firefox 18.0 (x86 en-US)" = Mozilla Firefox 18.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MWSnap 3" = MWSnap 3

"ND Software" = ND Software

"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition

"Opera 12.12.1707" = Opera Next 12.12

"Opera 12.12.1707_1" = Opera 12.12

"pdfFactory Pro" = pdfFactory Pro

"PhraseExpress_is1" = PhraseExpress v8.0.154

"Process Tamer_is1" = Process Tamer 2.11.01

"ProcessLasso" = Process Lasso

"ProxySwitcher Standard_is1" = ProxySwitcher Standard

"Purrint" = Purrint23 (remove only)

"RealPlayer 6.0" = RealPlayer Basic

"Secunia PSI" = Secunia PSI (2.0.0.3001)

"Send To Toys_is1" = Send To Toys v2.7

"Startup Delayer" = Startup Delayer v2.5 (build 138)

"UltraDefrag" = Ultra Defragmenter

"Unlocker" = Unlocker 1.9.1

"ViewpointMediaPlayer" = Viewpoint Media Player

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"ZSoft Uninstaller" = ZSoft Uninstaller 2.5

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/15/2012 10:17:07 PM | Computer Name = DEFAULT | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 11/15/2012 10:21:07 PM | Computer Name = DEFAULT | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 11/15/2012 10:21:07 PM | Computer Name = DEFAULT | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 11/15/2012 10:21:26 PM | Computer Name = DEFAULT | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 11/15/2012 10:21:26 PM | Computer Name = DEFAULT | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 11/15/2012 10:29:15 PM | Computer Name = DEFAULT | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 11/15/2012 10:29:15 PM | Computer Name = DEFAULT | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 11/29/2012 10:51:36 AM | Computer Name = DEFAULT | Source = Application Error | ID = 1000

Description = Faulting application mbamgui.exe, version 1.65.0.0, faulting module

mbamgui.exe, version 1.65.0.0, fault address 0x00038b98.

Error - 1/11/2013 11:11:33 AM | Computer Name = DEFAULT | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 18.0.0.4752, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2013 2:18:18 PM | Computer Name = DEFAULT | Source = COM+ | ID = 135763

Description = The run-time environment was unable to initialize for transactions

required to support transactional components. Make sure that MS-DTC is running.

(DtcGetTransactionManagerEx(): hr = 0x8004d01

[ System Events ]

Error - 1/25/2013 4:53:21 PM | Computer Name = DEFAULT | Source = Service Control Manager | ID = 7001

Description = The MBAMService service depends on the MBAMProtector service which

failed to start because of the following error: %%2

Error - 1/26/2013 11:04:22 AM | Computer Name = DEFAULT | Source = Service Control Manager | ID = 7000

Description = The MBAMProtector service failed to start due to the following error:

%%2

Error - 1/26/2013 11:04:22 AM | Computer Name = DEFAULT | Source = Service Control Manager | ID = 7000

Description = The MBAMScheduler service failed to start due to the following error:

%%3

Error - 1/26/2013 11:04:22 AM | Computer Name = DEFAULT | Source = Service Control Manager | ID = 7001

Description = The MBAMService service depends on the MBAMProtector service which

failed to start because of the following error: %%2

Error - 1/26/2013 12:57:58 PM | Computer Name = DEFAULT | Source = Service Control Manager | ID = 7000

Description = The MBAMScheduler service failed to start due to the following error:

%%3

Error - 1/26/2013 1:06:03 PM | Computer Name = DEFAULT | Source = Service Control Manager | ID = 7000

Description = The MBAMScheduler service failed to start due to the following error:

%%3

Error - 1/26/2013 1:15:13 PM | Computer Name = DEFAULT | Source = Service Control Manager | ID = 7000

Description = The MBAMScheduler service failed to start due to the following error:

%%3

Error - 1/26/2013 1:38:20 PM | Computer Name = DEFAULT | Source = Service Control Manager | ID = 7000

Description = The MBAMScheduler service failed to start due to the following error:

%%3

Error - 1/26/2013 2:04:53 PM | Computer Name = DEFAULT | Source = Service Control Manager | ID = 7000

Description = The MBAMScheduler service failed to start due to the following error:

%%3

Error - 1/26/2013 6:00:25 PM | Computer Name = DEFAULT | Source = Service Control Manager | ID = 7000

Description = The MBAMScheduler service failed to start due to the following error:

%%3

< End of report >

Link to post
Share on other sites

Hello greyowl. :)

Please note that I do not have MBAM installed at the present time. Is this OK with the OTL scans, or should it be installed?

That's fine. No need to have it installed for the present.

I notice you have a few proxies/IP addresses with your ports. Did you configure all of these settings?

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
    :Commands
    [EmptyTemp]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

In your reply please provide the contents of the OTL fix log and ComboFix.txt.

Link to post
Share on other sites

I cannot get ComboFix to work. It starts, does a system restore, and begins a scan for infected files, then stalls and freezes the computer. I left it for 90 minutes and it would not continue the scan. I tried it 3 times.

I completed the second OTL scan, and the log is below:

All processes killed

========== OTL ==========

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\secunia.com\ deleted successfully.

File ptyTemp] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01262013_222221

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Howdy greyowl,

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com).

  • There are 3 different versions. If one of them won't run then download and try to run the other one.
  • Vista and Win7 users need to right click and choose Run as Admin.
  • You only need to get one of them to run, not all of them.

rkill.exe

rkill.com

rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the Desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Before proceeding any further the processes that belong to Windows Recovery need to be terminated so that it does not interfere with the cleaning procedure.

Double-click on the RKill.exe icon in order to automatically attempt to stop any processes associated with Windows Recovery and other Rogue programs.

===

Please do not reboot your computer.

Then, please try ComboFix.

Link to post
Share on other sites

I followed your instructions. The rkill ran fine--below is the log.

ComboFix did the same as before, ie stalling on the initial scan.

Here is the rkill log:

Rkill 2.4.6 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/27/2013 11:39:06 AM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\System32\WLTRYSVC.EXE (PID: 996) [WD-HEUR]

* C:\WINDOWS\System32\bcmwltry.exe (PID: 1016) [WD-HEUR]

* C:\WINDOWS\wanmpsvc.exe (PID: 1432) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* DHCP Client (Dhcp) is not Running.

Startup Type set to: Disabled

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/27/2013 11:39:56 AM

Execution time: 0 hours(s), 0 minute(s), and 50 seconds(s)

Link to post
Share on other sites

Hey greyowl,

Well, Rkill found a couple of interesting things.

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

Hey greyowl,

Do I just move the Kaspersky download to the trash now?

You can if you like. When your computer seems clean I will run you through a thorough cleanup procedure of all the tools anyway.

Please download to the Desktop RogueKiller (by tigzy).

  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.

Link to post
Share on other sites

Here is the RougueKiller report:

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : user [Admin rights]

Mode : Scan -- Date : 01/28/2013 06:42:39

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: IC25N020ATMR04-0 +++++

--- User ---

[MBR] 0fe550576f5af1a9f1ad7f720262c61c

[bSP] 924c3ccc7cf16975da73c299d9d5d6d2 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19077 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01282013_02d0642.txt >>

RKreport[1]_S_01282013_02d0642.txt

Link to post
Share on other sites

Good morning greyowl,

  • Please re-run RogueKiller.
  • Click on the Delete button.
  • The report has been created on the Desktop. Please post it in your reply.

=====

Please read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:

Download Kaspersky Rescue Disk 10

How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?

How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

  • Please go to a clean computer
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • On the infected computer: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarise yourself with How to create a report file in Kaspersky Rescue Disk 10?

Then, please print the following directions:

Boot from Kaspersky Rescue Disk 10:

Restart your computer and put the disk in the drive while booting.

Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.

Select the required interface language using the arrow-keys on your keyboard.

Press the Enter key on the keyboard.

In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode

Click Enter.

Click 'A' to accept the agreement.

Select operating system from dropdown menu (select Windows whatever).

Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:

Click My Update Center and update.

Back to other tab and click Start Object Scan.

When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.

On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.

On the upper right hand corner of the Detailed report window, click on the Save button.

After clicking Detailed Report and 'SAVE', a browse window opens.

Double-click on the \

Click 'disks'.

All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.

Click on the Save button.

The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

=====

Please post the contents of the RogueKIller log plus the Detected portion of Kaspersky's report.

Link to post
Share on other sites

Here is the RogueKiller log:

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : user [Admin rights]

Mode : Remove -- Date : 01/28/2013 21:18:56

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: IC25N020ATMR04-0 +++++

--- User ---

[MBR] 0fe550576f5af1a9f1ad7f720262c61c

[bSP] 924c3ccc7cf16975da73c299d9d5d6d2 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19077 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_01282013_02d2118.txt >>

RKreport[1]_S_01282013_02d2118.txt ; RKreport[2]_D_01282013_02d2118.txt

Here is the Kaspersky report (note: I could not update the data base because I am on dialup internet):

Objects Scan: completed 1 hour ago (events: 2, objects: 203071, time: 01:22:14)

1/28/13 10:25 PM Task started

1/28/13 11:47 PM Task completed

Link to post
Share on other sites

Good morning greyowl,

ComboFix has just been pulled until further notice, due to a compromise.

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Here is the Eset log:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=a99d24429f363140bff7bd4903c3fc57

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-30 06:22:36

# local_time=2013-01-30 01:22:36 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=774 16777213 100 89 727738 135315228 0 0

# scanned=43669

# found=4

# cleaned=0

# scan_time=3541

C:\Documents and Settings\user\My Documents\Apps\Puran Defrag\v.7.5\PuranDefragFreeSetup.exe a variant of Win32/Toolbar.Babylon.A application 5895429B57F5706829BB2B343C67EC11DF1A3A4B I

C:\Documents and Settings\user\My Documents\Apps\Unlocker\Unlocker1.9.1.exe Win32/Adware.ADON application 6E45431B698CDB7BE8F1A41266BE7B327F33AD38 I

C:\Documents and Settings\user\My Documents\Apps\XP SmokerFree\Pro v.5.7\xpspro.exe Win32/Toolbar.Zugo application 901394A065096958E10527DD812E8D046EFF9F94 I

C:\Documents and Settings\user\My Documents\Apps\XP SmokerFree\xps5.7Free.exe Win32/Toolbar.Zugo application D670AA03433270C2B9CD4978192A25FB2D699241 I

ESETSmartInstaller@High as downloader log:

Can not open internet

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.