Jump to content

Probable PC infection


Recommended Posts

Hello

I believe my pc was inadvertently infected with some virus/malware from a flash drive: I have Malwarebytes Anti-Malware (free version), Microsoft Security Essentials and WinPatrol running.

Enclosed are the logs from the DDS.scr run, your help is much appreciated in advance:

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/22/2012 2:41:34 AM

System Uptime: 6/7/2013 2:32:24 PM (9 hours ago)

.

Motherboard: Dell Computer Corp. | | 0CF458

Processor: Intel® Celeron® CPU 2.53GHz | Microprocessor | 2527/533mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 71 GiB total, 2.483 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Modem

Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0

Manufacturer:

Name: PCI Modem

PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0

Service:

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/100 VE Network Connection

Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01D51028&REV_02\4&1C660DD6&0&40F0

Manufacturer: Intel

Name: Intel® PRO/100 VE Network Connection

PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01D51028&REV_02\4&1C660DD6&0&40F0

Service: E100B

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

RP191: 4/27/2013 11:30:51 AM - Software Distribution Service 3.0

RP192: 4/28/2013 3:27:06 PM - Software Distribution Service 3.0

RP193: 4/30/2013 4:42:03 PM - Software Distribution Service 3.0

RP194: 5/1/2013 5:42:39 PM - Software Distribution Service 3.0

RP195: 5/2/2013 8:13:12 PM - Software Distribution Service 3.0

RP196: 5/3/2013 9:59:01 PM - Software Distribution Service 3.0

RP197: 5/5/2013 12:21:27 AM - Software Distribution Service 3.0

RP198: 5/6/2013 2:16:20 PM - Software Distribution Service 3.0

RP199: 5/7/2013 7:33:17 AM - Software Distribution Service 3.0

RP200: 5/8/2013 7:08:15 AM - Software Distribution Service 3.0

RP201: 5/9/2013 7:44:22 AM - Software Distribution Service 3.0

RP202: 5/10/2013 7:17:56 AM - Software Distribution Service 3.0

RP203: 5/11/2013 8:48:16 AM - Software Distribution Service 3.0

RP204: 5/12/2013 7:23:39 AM - Software Distribution Service 3.0

RP205: 5/13/2013 8:34:32 AM - Software Distribution Service 3.0

RP206: 5/14/2013 4:59:56 PM - Software Distribution Service 3.0

RP207: 5/15/2013 7:27:54 PM - Software Distribution Service 3.0

RP208: 5/16/2013 8:03:02 PM - System Checkpoint

RP209: 5/17/2013 6:50:25 AM - Software Distribution Service 3.0

RP210: 5/18/2013 4:31:09 PM - Software Distribution Service 3.0

RP211: 5/19/2013 6:07:28 PM - System Checkpoint

RP212: 5/20/2013 6:00:11 AM - Software Distribution Service 3.0

RP213: 5/20/2013 6:39:14 AM - Software Distribution Service 3.0

RP214: 5/21/2013 7:42:47 AM - Software Distribution Service 3.0

RP215: 5/22/2013 6:55:36 AM - Software Distribution Service 3.0

RP216: 5/23/2013 9:35:04 AM - Software Distribution Service 3.0

RP217: 5/24/2013 5:09:06 PM - Software Distribution Service 3.0

RP218: 5/25/2013 8:50:44 PM - System Checkpoint

RP219: 5/26/2013 1:20:41 AM - Software Distribution Service 3.0

RP220: 5/27/2013 8:43:39 AM - Software Distribution Service 3.0

RP221: 5/28/2013 2:48:22 PM - Software Distribution Service 3.0

RP222: 5/28/2013 4:38:43 PM - Installed Windows Media Player 11

RP223: 5/28/2013 4:41:04 PM - Software Distribution Service 3.0

RP224: 5/29/2013 12:35:11 AM - Software Distribution Service 3.0

RP225: 5/29/2013 2:54:47 PM - Software Distribution Service 3.0

RP226: 5/30/2013 4:43:15 PM - Software Distribution Service 3.0

RP227: 5/31/2013 6:33:32 AM - Software Distribution Service 3.0

RP228: 6/1/2013 1:08:46 PM - Software Distribution Service 3.0

RP229: 6/2/2013 3:19:23 PM - System Checkpoint

RP230: 6/2/2013 11:41:59 PM - Software Distribution Service 3.0

RP231: 6/4/2013 9:11:31 AM - Software Distribution Service 3.0

RP232: 6/5/2013 9:59:03 AM - Software Distribution Service 3.0

RP233: 6/6/2013 11:56:26 AM - Software Distribution Service 3.0

RP234: 6/7/2013 6:38:24 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

7-Zip 9.22beta

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03)

Any Video Converter 5 5.0.3

BrowserDefender

Cisco Systems VPN Client 5.0.07.0290

Delta Chrome Toolbar

Delta toolbar

Google Chrome

Google Chrome Frame

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.4.0.1083

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows XP (KB908673)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB981793)

HP Deskjet 6500

HP Software Update

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Java 7 Update 21

Java Auto Updater

LG CyberLink LabelPrint

LG CyberLink Power2Go

LG CyberLink PowerBackup

LG CyberLink YouCam

LG ODD Auto Firmware Update

LG Power Tools

Machete Lite 3.8

Malwarebytes Anti-Malware version 1.75.0.1300

Media Player Codec Pack 4.2.7

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Communicator 2007 R2

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Security Client

Microsoft Security Essentials

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSN

MSXML 6.0 Parser (KB933579)

Project Viewer 2010 SP2

Project64 1.6

Samsung AllShare

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Skype Click to Call

Skype™ 6.1

SoundMAX

TornTV

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB898461)

Update for Windows XP (KB914882)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebCake 3.00

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

WinPatrol

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

6/2/2013 10:59:37 AM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 001320C5CE71 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

5/31/2013 5:46:59 AM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 001320C5CE71 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2

Run by Home at 23:00:25 on 2013-06-07

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1278.830 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ================

.

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\Samsung\AllShare\AllShareAgent.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Home.VALPC\Application Data\WebCake\WebCakeDesktop.exe

C:\WINDOWS\system32\C2MP\UpdateChecker.exe

C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.msn.com

uInternet Connection Wizard,ShellNext = iexplore

uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll

BHO: WebCake: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - c:\program files\webcake\WebCakeIEClient_2.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\27.0.1453.110\npchrome_frame.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [WebCake Desktop] "c:\documents and settings\home.valpc\application data\webcake\WebCakeDesktop.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [AllShareAgent] c:\program files\samsung\allshare\AllShareAgent.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\codecp~1.lnk - c:\windows\system32\c2mp\UpdateChecker.exe

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353569541390

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353639941156

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\27.0.1453.110\npchrome_frame.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs= c:\docume~1\alluse~1.win\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\home.valpc\application data\mozilla\firefox\profiles\22xopynb.default\

FF - prefs.js: browser.search.selectedEngine - Delta Search

FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=E099001320C5CE71

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.124\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.webcake.installId, 8763d175-5258-46ba-b7ef-fa0399e93578

FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc

FF - user.js: extentions.webcake.installId - 8763d175-5258-46ba-b7ef-fa0399e93578

FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 195296]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-25 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-25 701512]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users.windows\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-23 22856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2012-3-2 25504]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]

S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2012-3-2 27584]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 BrowserDefendert;BrowserDefendert;c:\documents and settings\all users.windows\application data\browserdefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2013-6-6 2827728]

.

=============== Created Last 30 ================

.

2013-06-07 10:38:45 7016152 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{202bd642-f331-44b7-a861-81ab745114df}\mpengine.dll

2013-06-07 02:01:29 -------- d-----w- C:\P

2013-06-07 02:01:29 -------- d-----w- C:\Downloads

2013-06-06 23:16:21 -------- d-----w- c:\documents and settings\all users.windows\application data\BrowserDefender

2013-06-06 23:16:04 -------- d-----w- c:\program files\Delta

2013-06-06 23:15:54 -------- d-----w- c:\documents and settings\home.valpc\application data\BabSolution

2013-06-06 23:15:45 -------- d-----w- c:\documents and settings\home.valpc\application data\Delta

2013-06-06 23:15:10 -------- d-----w- c:\documents and settings\home.valpc\application data\Babylon

2013-06-06 23:15:10 -------- d-----w- c:\documents and settings\all users.windows\application data\Babylon

2013-06-06 23:14:34 -------- d-----w- c:\documents and settings\home.valpc\application data\WebCake

2013-06-06 23:14:32 -------- d-----w- c:\program files\WebCake

2013-06-06 23:14:09 -------- d-----w- c:\documents and settings\all users.windows\application data\Tarma Installer

2013-06-06 23:13:59 -------- d-----w- c:\program files\TornTV.com

2013-06-06 15:56:34 7016152 ------w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-05-28 21:24:34 -------- d-----w- c:\windows\system32\C2MP

2013-05-28 20:44:36 221184 ----a-w- c:\windows\system32\wmpns.dll

2013-05-11 10:37:28 209472 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2013-05-14 22:38:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-14 22:38:25 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-16 10:35:04 3915776 ----a-w- c:\windows\system32\ffmpeg.dll

2013-04-16 10:33:50 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2013-04-16 10:33:32 3501568 ----a-w- c:\windows\system32\ffdshow.ax

2013-04-16 10:32:28 157184 ----a-w- c:\windows\system32\ff_unrar.dll

2013-04-16 10:32:24 271360 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2013-04-16 10:32:18 99840 ----a-w- c:\windows\system32\ff_wmv9.dll

2013-04-16 10:32:16 211968 ----a-w- c:\windows\system32\ff_libdts.dll

2013-04-16 10:32:16 147456 ----a-w- c:\windows\system32\ff_libmad.dll

2013-04-16 10:32:14 1525760 ----a-w- c:\windows\system32\ff_samplerate.dll

2013-04-16 10:32:14 114688 ----a-w- c:\windows\system32\ff_liba52.dll

2013-04-16 10:32:10 136704 ----a-w- c:\windows\system32\libmpeg2_ff.dll

2013-04-13 12:23:50 7788672 ----a-w- c:\windows\system32\avcodec-lav-55.dll

2013-04-13 12:23:50 7788672 ----a-w- c:\windows\system32\avcodec-53.dll

2013-04-13 12:23:50 424624 ----a-w- c:\windows\system32\LAVSplitter.ax

2013-04-13 12:23:50 400592 ----a-w- c:\windows\system32\swscale-lav-2.dll

2013-04-13 12:23:50 284336 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll

2013-04-13 12:23:50 272192 ----a-w- c:\windows\system32\avutil-lav-52.dll

2013-04-13 12:23:50 272192 ----a-w- c:\windows\system32\avutil-51.dll

2013-04-13 12:23:50 244400 ----a-w- c:\windows\system32\LAVAudio.ax

2013-04-13 12:23:50 194632 ----a-w- c:\windows\system32\avfilter-lav-3.dll

2013-04-13 12:23:50 172728 ----a-w- c:\windows\system32\avresample-lav-1.dll

2013-04-13 12:23:50 1300152 ----a-w- c:\windows\system32\avformat-lav-55.dll

2013-04-13 12:23:50 1185456 ----a-w- c:\windows\system32\LAVVideo.ax

2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-04 09:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

============= FINISH: 23:02:37.09 ===============

Thanks

Link to post
Share on other sites

Hello

I believe my pc was inadvertently infected with some virus/malware from a flash drive: I have Malwarebytes Anti-Malware (free version), Microsoft Security Essentials and WinPatrol running.

Enclosed are the logs from the DDS.scr run, your help is much appreciated in advance:

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/22/2012 2:41:34 AM

System Uptime: 6/7/2013 2:32:24 PM (9 hours ago)

.

Motherboard: Dell Computer Corp. | | 0CF458

Processor: Intel® Celeron® CPU 2.53GHz | Microprocessor | 2527/533mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 71 GiB total, 2.483 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Modem

Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0

Manufacturer:

Name: PCI Modem

PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0

Service:

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/100 VE Network Connection

Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01D51028&REV_02\4&1C660DD6&0&40F0

Manufacturer: Intel

Name: Intel® PRO/100 VE Network Connection

PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01D51028&REV_02\4&1C660DD6&0&40F0

Service: E100B

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

RP191: 4/27/2013 11:30:51 AM - Software Distribution Service 3.0

RP192: 4/28/2013 3:27:06 PM - Software Distribution Service 3.0

RP193: 4/30/2013 4:42:03 PM - Software Distribution Service 3.0

RP194: 5/1/2013 5:42:39 PM - Software Distribution Service 3.0

RP195: 5/2/2013 8:13:12 PM - Software Distribution Service 3.0

RP196: 5/3/2013 9:59:01 PM - Software Distribution Service 3.0

RP197: 5/5/2013 12:21:27 AM - Software Distribution Service 3.0

RP198: 5/6/2013 2:16:20 PM - Software Distribution Service 3.0

RP199: 5/7/2013 7:33:17 AM - Software Distribution Service 3.0

RP200: 5/8/2013 7:08:15 AM - Software Distribution Service 3.0

RP201: 5/9/2013 7:44:22 AM - Software Distribution Service 3.0

RP202: 5/10/2013 7:17:56 AM - Software Distribution Service 3.0

RP203: 5/11/2013 8:48:16 AM - Software Distribution Service 3.0

RP204: 5/12/2013 7:23:39 AM - Software Distribution Service 3.0

RP205: 5/13/2013 8:34:32 AM - Software Distribution Service 3.0

RP206: 5/14/2013 4:59:56 PM - Software Distribution Service 3.0

RP207: 5/15/2013 7:27:54 PM - Software Distribution Service 3.0

RP208: 5/16/2013 8:03:02 PM - System Checkpoint

RP209: 5/17/2013 6:50:25 AM - Software Distribution Service 3.0

RP210: 5/18/2013 4:31:09 PM - Software Distribution Service 3.0

RP211: 5/19/2013 6:07:28 PM - System Checkpoint

RP212: 5/20/2013 6:00:11 AM - Software Distribution Service 3.0

RP213: 5/20/2013 6:39:14 AM - Software Distribution Service 3.0

RP214: 5/21/2013 7:42:47 AM - Software Distribution Service 3.0

RP215: 5/22/2013 6:55:36 AM - Software Distribution Service 3.0

RP216: 5/23/2013 9:35:04 AM - Software Distribution Service 3.0

RP217: 5/24/2013 5:09:06 PM - Software Distribution Service 3.0

RP218: 5/25/2013 8:50:44 PM - System Checkpoint

RP219: 5/26/2013 1:20:41 AM - Software Distribution Service 3.0

RP220: 5/27/2013 8:43:39 AM - Software Distribution Service 3.0

RP221: 5/28/2013 2:48:22 PM - Software Distribution Service 3.0

RP222: 5/28/2013 4:38:43 PM - Installed Windows Media Player 11

RP223: 5/28/2013 4:41:04 PM - Software Distribution Service 3.0

RP224: 5/29/2013 12:35:11 AM - Software Distribution Service 3.0

RP225: 5/29/2013 2:54:47 PM - Software Distribution Service 3.0

RP226: 5/30/2013 4:43:15 PM - Software Distribution Service 3.0

RP227: 5/31/2013 6:33:32 AM - Software Distribution Service 3.0

RP228: 6/1/2013 1:08:46 PM - Software Distribution Service 3.0

RP229: 6/2/2013 3:19:23 PM - System Checkpoint

RP230: 6/2/2013 11:41:59 PM - Software Distribution Service 3.0

RP231: 6/4/2013 9:11:31 AM - Software Distribution Service 3.0

RP232: 6/5/2013 9:59:03 AM - Software Distribution Service 3.0

RP233: 6/6/2013 11:56:26 AM - Software Distribution Service 3.0

RP234: 6/7/2013 6:38:24 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

7-Zip 9.22beta

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03)

Any Video Converter 5 5.0.3

BrowserDefender

Cisco Systems VPN Client 5.0.07.0290

Delta Chrome Toolbar

Delta toolbar

Google Chrome

Google Chrome Frame

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.4.0.1083

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows XP (KB908673)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB981793)

HP Deskjet 6500

HP Software Update

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Java 7 Update 21

Java Auto Updater

LG CyberLink LabelPrint

LG CyberLink Power2Go

LG CyberLink PowerBackup

LG CyberLink YouCam

LG ODD Auto Firmware Update

LG Power Tools

Machete Lite 3.8

Malwarebytes Anti-Malware version 1.75.0.1300

Media Player Codec Pack 4.2.7

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Communicator 2007 R2

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Security Client

Microsoft Security Essentials

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSN

MSXML 6.0 Parser (KB933579)

Project Viewer 2010 SP2

Project64 1.6

Samsung AllShare

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Skype Click to Call

Skype™ 6.1

SoundMAX

TornTV

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB898461)

Update for Windows XP (KB914882)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebCake 3.00

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

WinPatrol

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

6/2/2013 10:59:37 AM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 001320C5CE71 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

5/31/2013 5:46:59 AM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 001320C5CE71 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2

Run by Home at 23:00:25 on 2013-06-07

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1278.830 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ================

.

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\Samsung\AllShare\AllShareAgent.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Home.VALPC\Application Data\WebCake\WebCakeDesktop.exe

C:\WINDOWS\system32\C2MP\UpdateChecker.exe

C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.msn.com

uInternet Connection Wizard,ShellNext = iexplore

uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll

BHO: WebCake: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - c:\program files\webcake\WebCakeIEClient_2.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\27.0.1453.110\npchrome_frame.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [WebCake Desktop] "c:\documents and settings\home.valpc\application data\webcake\WebCakeDesktop.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [AllShareAgent] c:\program files\samsung\allshare\AllShareAgent.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\codecp~1.lnk - c:\windows\system32\c2mp\UpdateChecker.exe

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353569541390

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353639941156

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\27.0.1453.110\npchrome_frame.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs= c:\docume~1\alluse~1.win\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\home.valpc\application data\mozilla\firefox\profiles\22xopynb.default\

FF - prefs.js: browser.search.selectedEngine - Delta Search

FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=E099001320C5CE71

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.124\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.webcake.installId, 8763d175-5258-46ba-b7ef-fa0399e93578

FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc

FF - user.js: extentions.webcake.installId - 8763d175-5258-46ba-b7ef-fa0399e93578

FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 195296]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-25 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-25 701512]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users.windows\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-23 22856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2012-3-2 25504]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]

S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2012-3-2 27584]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 BrowserDefendert;BrowserDefendert;c:\documents and settings\all users.windows\application data\browserdefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2013-6-6 2827728]

.

=============== Created Last 30 ================

.

2013-06-07 10:38:45 7016152 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{202bd642-f331-44b7-a861-81ab745114df}\mpengine.dll

2013-06-07 02:01:29 -------- d-----w- C:\P

2013-06-07 02:01:29 -------- d-----w- C:\Downloads

2013-06-06 23:16:21 -------- d-----w- c:\documents and settings\all users.windows\application data\BrowserDefender

2013-06-06 23:16:04 -------- d-----w- c:\program files\Delta

2013-06-06 23:15:54 -------- d-----w- c:\documents and settings\home.valpc\application data\BabSolution

2013-06-06 23:15:45 -------- d-----w- c:\documents and settings\home.valpc\application data\Delta

2013-06-06 23:15:10 -------- d-----w- c:\documents and settings\home.valpc\application data\Babylon

2013-06-06 23:15:10 -------- d-----w- c:\documents and settings\all users.windows\application data\Babylon

2013-06-06 23:14:34 -------- d-----w- c:\documents and settings\home.valpc\application data\WebCake

2013-06-06 23:14:32 -------- d-----w- c:\program files\WebCake

2013-06-06 23:14:09 -------- d-----w- c:\documents and settings\all users.windows\application data\Tarma Installer

2013-06-06 23:13:59 -------- d-----w- c:\program files\TornTV.com

2013-06-06 15:56:34 7016152 ------w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-05-28 21:24:34 -------- d-----w- c:\windows\system32\C2MP

2013-05-28 20:44:36 221184 ----a-w- c:\windows\system32\wmpns.dll

2013-05-11 10:37:28 209472 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2013-05-14 22:38:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-14 22:38:25 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-16 10:35:04 3915776 ----a-w- c:\windows\system32\ffmpeg.dll

2013-04-16 10:33:50 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2013-04-16 10:33:32 3501568 ----a-w- c:\windows\system32\ffdshow.ax

2013-04-16 10:32:28 157184 ----a-w- c:\windows\system32\ff_unrar.dll

2013-04-16 10:32:24 271360 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2013-04-16 10:32:18 99840 ----a-w- c:\windows\system32\ff_wmv9.dll

2013-04-16 10:32:16 211968 ----a-w- c:\windows\system32\ff_libdts.dll

2013-04-16 10:32:16 147456 ----a-w- c:\windows\system32\ff_libmad.dll

2013-04-16 10:32:14 1525760 ----a-w- c:\windows\system32\ff_samplerate.dll

2013-04-16 10:32:14 114688 ----a-w- c:\windows\system32\ff_liba52.dll

2013-04-16 10:32:10 136704 ----a-w- c:\windows\system32\libmpeg2_ff.dll

2013-04-13 12:23:50 7788672 ----a-w- c:\windows\system32\avcodec-lav-55.dll

2013-04-13 12:23:50 7788672 ----a-w- c:\windows\system32\avcodec-53.dll

2013-04-13 12:23:50 424624 ----a-w- c:\windows\system32\LAVSplitter.ax

2013-04-13 12:23:50 400592 ----a-w- c:\windows\system32\swscale-lav-2.dll

2013-04-13 12:23:50 284336 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll

2013-04-13 12:23:50 272192 ----a-w- c:\windows\system32\avutil-lav-52.dll

2013-04-13 12:23:50 272192 ----a-w- c:\windows\system32\avutil-51.dll

2013-04-13 12:23:50 244400 ----a-w- c:\windows\system32\LAVAudio.ax

2013-04-13 12:23:50 194632 ----a-w- c:\windows\system32\avfilter-lav-3.dll

2013-04-13 12:23:50 172728 ----a-w- c:\windows\system32\avresample-lav-1.dll

2013-04-13 12:23:50 1300152 ----a-w- c:\windows\system32\avformat-lav-55.dll

2013-04-13 12:23:50 1185456 ----a-w- c:\windows\system32\LAVVideo.ax

2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-04 09:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

============= FINISH: 23:02:37.09 ===============

Thanks

Forgot to mention that i noticed that BrowserDefender, TornTV are installed (not tried to uninstall) and WebCakes keeps trying to run its service automatically on start, also on Google chrome the default search was changed to Delta-search (changed that back to google)

Link to post
Share on other sites

Hello badpc! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall the following applications:

Delta Chrome Toolbar

Delta toolbar

TornTV

WebCake 3.00

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • a new fresh DDS log

Link to post
Share on other sites

Hi Maniac

Thanks for your assistance, I uninstalled the programs advised and ran JRT, AdwCleaner and DDS.

The logs for JRT and DDS are enclosed, however, when i ran AdwCleaner the log file did not open after the system was restarted, i looked in the C:\ and i also searched for the file, to no avail, maybe i ran it incorrectly, do i need to run AdwCleaner again.

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Microsoft Windows XP x86

Ran by Home on Sat 06/08/2013 at 21:39:23.85

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{66EAE1D2-BBEF-49FA-A5B8-D73E62F0A8BA}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\application data\babylon"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\application data\installmate"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\application data\tarma installer"

Successfully deleted: [Folder] "C:\Documents and Settings\Home.VALPC\Application Data\babylon"

Successfully deleted: [Folder] "C:\Documents and Settings\Home.VALPC\Local Settings\Application Data\visi_coupon"

~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Home.VALPC\Application Data\mozilla\firefox\profiles\22xopynb.default\user.js

Successfully deleted: [File] C:\Documents and Settings\Home.VALPC\Application Data\mozilla\firefox\profiles\22xopynb.default\searchplugins\babylon.xml

Successfully deleted: [Folder] C:\Documents and Settings\Home.VALPC\Application Data\mozilla\firefox\profiles\22xopynb.default\extensions\ffxtlbr@babylon.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 06/08/2013 at 21:45:27.45

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2

Run by Home at 22:16:39 on 2013-06-08

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1278.568 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ================

.

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\Samsung\AllShare\AllShareAgent.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\C2MP\UpdateChecker.exe

C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = iexplore

uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\27.0.1453.110\npchrome_frame.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [AllShareAgent] c:\program files\samsung\allshare\AllShareAgent.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\codecp~1.lnk - c:\windows\system32\c2mp\UpdateChecker.exe

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353569541390

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353639941156

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\27.0.1453.110\npchrome_frame.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\home.valpc\application data\mozilla\firefox\profiles\22xopynb.default\

FF - prefs.js: browser.startup.homepage -

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.124\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 195296]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-25 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-25 701512]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users.windows\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-23 22856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2012-3-2 25504]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]

S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2012-3-2 27584]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-06-09 01:33:58 -------- d-----w- c:\windows\ERUNT

2013-06-09 01:33:13 -------- d-----w- C:\JRT

2013-06-08 11:36:06 7016152 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{eb7c5765-547e-4e74-a0e9-88dcd5d17ea4}\mpengine.dll

2013-06-07 10:38:45 7016152 ------w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-06-07 02:01:29 -------- d-----w- C:\P

2013-06-07 02:01:29 -------- d-----w- C:\Downloads

2013-05-28 21:24:34 -------- d-----w- c:\windows\system32\C2MP

2013-05-28 20:44:36 221184 ----a-w- c:\windows\system32\wmpns.dll

2013-05-11 10:37:28 209472 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2013-05-14 22:38:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-14 22:38:25 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-16 10:35:04 3915776 ----a-w- c:\windows\system32\ffmpeg.dll

2013-04-16 10:33:50 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2013-04-16 10:33:32 3501568 ----a-w- c:\windows\system32\ffdshow.ax

2013-04-16 10:32:28 157184 ----a-w- c:\windows\system32\ff_unrar.dll

2013-04-16 10:32:24 271360 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2013-04-16 10:32:18 99840 ----a-w- c:\windows\system32\ff_wmv9.dll

2013-04-16 10:32:16 211968 ----a-w- c:\windows\system32\ff_libdts.dll

2013-04-16 10:32:16 147456 ----a-w- c:\windows\system32\ff_libmad.dll

2013-04-16 10:32:14 1525760 ----a-w- c:\windows\system32\ff_samplerate.dll

2013-04-16 10:32:14 114688 ----a-w- c:\windows\system32\ff_liba52.dll

2013-04-16 10:32:10 136704 ----a-w- c:\windows\system32\libmpeg2_ff.dll

2013-04-13 12:23:50 7788672 ----a-w- c:\windows\system32\avcodec-lav-55.dll

2013-04-13 12:23:50 7788672 ----a-w- c:\windows\system32\avcodec-53.dll

2013-04-13 12:23:50 424624 ----a-w- c:\windows\system32\LAVSplitter.ax

2013-04-13 12:23:50 400592 ----a-w- c:\windows\system32\swscale-lav-2.dll

2013-04-13 12:23:50 284336 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll

2013-04-13 12:23:50 272192 ----a-w- c:\windows\system32\avutil-lav-52.dll

2013-04-13 12:23:50 272192 ----a-w- c:\windows\system32\avutil-51.dll

2013-04-13 12:23:50 244400 ----a-w- c:\windows\system32\LAVAudio.ax

2013-04-13 12:23:50 194632 ----a-w- c:\windows\system32\avfilter-lav-3.dll

2013-04-13 12:23:50 172728 ----a-w- c:\windows\system32\avresample-lav-1.dll

2013-04-13 12:23:50 1300152 ----a-w- c:\windows\system32\avformat-lav-55.dll

2013-04-13 12:23:50 1185456 ----a-w- c:\windows\system32\LAVVideo.ax

2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-04 09:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

============= FINISH: 22:17:42.54 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/22/2012 2:41:34 AM

System Uptime: 6/8/2013 9:55:58 PM (1 hours ago)

.

Motherboard: Dell Computer Corp. | | 0CF458

Processor: Intel® Celeron® CPU 2.53GHz | Microprocessor | 2527/533mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 71 GiB total, 2.511 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Modem

Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0

Manufacturer:

Name: PCI Modem

PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0

Service:

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/100 VE Network Connection

Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01D51028&REV_02\4&1C660DD6&0&40F0

Manufacturer: Intel

Name: Intel® PRO/100 VE Network Connection

PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01D51028&REV_02\4&1C660DD6&0&40F0

Service: E100B

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

RP191: 4/27/2013 11:30:51 AM - Software Distribution Service 3.0

RP192: 4/28/2013 3:27:06 PM - Software Distribution Service 3.0

RP193: 4/30/2013 4:42:03 PM - Software Distribution Service 3.0

RP194: 5/1/2013 5:42:39 PM - Software Distribution Service 3.0

RP195: 5/2/2013 8:13:12 PM - Software Distribution Service 3.0

RP196: 5/3/2013 9:59:01 PM - Software Distribution Service 3.0

RP197: 5/5/2013 12:21:27 AM - Software Distribution Service 3.0

RP198: 5/6/2013 2:16:20 PM - Software Distribution Service 3.0

RP199: 5/7/2013 7:33:17 AM - Software Distribution Service 3.0

RP200: 5/8/2013 7:08:15 AM - Software Distribution Service 3.0

RP201: 5/9/2013 7:44:22 AM - Software Distribution Service 3.0

RP202: 5/10/2013 7:17:56 AM - Software Distribution Service 3.0

RP203: 5/11/2013 8:48:16 AM - Software Distribution Service 3.0

RP204: 5/12/2013 7:23:39 AM - Software Distribution Service 3.0

RP205: 5/13/2013 8:34:32 AM - Software Distribution Service 3.0

RP206: 5/14/2013 4:59:56 PM - Software Distribution Service 3.0

RP207: 5/15/2013 7:27:54 PM - Software Distribution Service 3.0

RP208: 5/16/2013 8:03:02 PM - System Checkpoint

RP209: 5/17/2013 6:50:25 AM - Software Distribution Service 3.0

RP210: 5/18/2013 4:31:09 PM - Software Distribution Service 3.0

RP211: 5/19/2013 6:07:28 PM - System Checkpoint

RP212: 5/20/2013 6:00:11 AM - Software Distribution Service 3.0

RP213: 5/20/2013 6:39:14 AM - Software Distribution Service 3.0

RP214: 5/21/2013 7:42:47 AM - Software Distribution Service 3.0

RP215: 5/22/2013 6:55:36 AM - Software Distribution Service 3.0

RP216: 5/23/2013 9:35:04 AM - Software Distribution Service 3.0

RP217: 5/24/2013 5:09:06 PM - Software Distribution Service 3.0

RP218: 5/25/2013 8:50:44 PM - System Checkpoint

RP219: 5/26/2013 1:20:41 AM - Software Distribution Service 3.0

RP220: 5/27/2013 8:43:39 AM - Software Distribution Service 3.0

RP221: 5/28/2013 2:48:22 PM - Software Distribution Service 3.0

RP222: 5/28/2013 4:38:43 PM - Installed Windows Media Player 11

RP223: 5/28/2013 4:41:04 PM - Software Distribution Service 3.0

RP224: 5/29/2013 12:35:11 AM - Software Distribution Service 3.0

RP225: 5/29/2013 2:54:47 PM - Software Distribution Service 3.0

RP226: 5/30/2013 4:43:15 PM - Software Distribution Service 3.0

RP227: 5/31/2013 6:33:32 AM - Software Distribution Service 3.0

RP228: 6/1/2013 1:08:46 PM - Software Distribution Service 3.0

RP229: 6/2/2013 3:19:23 PM - System Checkpoint

RP230: 6/2/2013 11:41:59 PM - Software Distribution Service 3.0

RP231: 6/4/2013 9:11:31 AM - Software Distribution Service 3.0

RP232: 6/5/2013 9:59:03 AM - Software Distribution Service 3.0

RP233: 6/6/2013 11:56:26 AM - Software Distribution Service 3.0

RP234: 6/7/2013 6:38:24 AM - Software Distribution Service 3.0

RP235: 6/8/2013 7:35:58 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

7-Zip 9.22beta

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03)

Any Video Converter 5 5.0.3

Cisco Systems VPN Client 5.0.07.0290

Google Chrome

Google Chrome Frame

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.4.0.1083

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows XP (KB908673)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB981793)

HP Deskjet 6500

HP Software Update

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Java 7 Update 21

Java Auto Updater

LG CyberLink LabelPrint

LG CyberLink Power2Go

LG CyberLink PowerBackup

LG CyberLink YouCam

LG ODD Auto Firmware Update

LG Power Tools

Machete Lite 3.8

Malwarebytes Anti-Malware version 1.75.0.1300

Media Player Codec Pack 4.2.7

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Communicator 2007 R2

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Security Client

Microsoft Security Essentials

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSN

MSXML 6.0 Parser (KB933579)

Project Viewer 2010 SP2

Project64 1.6

Samsung AllShare

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Skype Click to Call

Skype™ 6.1

SoundMAX

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB898461)

Update for Windows XP (KB914882)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

WinPatrol

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

6/8/2013 9:40:16 PM, error: Service Control Manager [7034] - The Skype Updater service terminated unexpectedly. It has done this 1 time(s).

6/4/2013 8:58:05 AM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 001320C5CE71 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

6/3/2013 7:30:00 AM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 001320C5CE71 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Regards

Badpc

Link to post
Share on other sites

Hi Maniac

Ran AdwCleaner again and the log file opened this time after the reboot, contents enclosed:

AdwCleaner[s2].txt

# AdwCleaner v2.303 - Logfile created 06/09/2013 at 23:05:17

# Updated 08/06/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)

# User : Home - VALPC

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Home.VALPC\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

-\\ Google Chrome v27.0.1453.110

*************************

AdwCleaner[s2].txt - [606 octets] - [09/06/2013 23:05:17]

########## EOF - C:\AdwCleaner[s2].txt - [665 octets] ##########

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.

    [*]Check "YES, I accept the Terms of Use."

    [*]Click the Start button.

    [*]Accept any security warnings from your browser.

    [*]Under Scan Settings, check "Scan Archives" and "Remove found threats"

    [*]Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, click List Threats

    [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Click the Back button.

    [*]Click the Finish button.

Link to post
Share on other sites

Okay, try this one:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Downloaded and ran the AVPTool, it ran for a while (over 5 hours), it found two threats which were deleted, unfortunately the tool was closed off before the detected threats report could be captured.

I guess there is no way to recapture that information, will i need to run it again.

Please advise

Link to post
Share on other sites

The pc is loading and running alot quicker now, however the avptool installs itself each time the pc is started up, can this be uninstalled or removed, also the torntv shortcut is still in the program files menu can i delete this manually.

Please advise

Link to post
Share on other sites

AdwCleaner and JRT run again

AdwCleaner log file

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 18:50:14

# Updated 08/06/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)

# User : Home - VALPC

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Home.VALPC\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

-\\ Google Chrome v27.0.1453.110

*************************

AdwCleaner[s2].txt - [733 octets] - [09/06/2013 23:05:17]

AdwCleaner[s3].txt - [665 octets] - [12/06/2013 18:50:14]

########## EOF - C:\AdwCleaner[s3].txt - [724 octets] ##########

JRT log file

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Microsoft Windows XP x86

Ran by Home on Wed 06/12/2013 at 19:02:08.45

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 06/12/2013 at 19:12:26.04

End of JRT log

Please advise regarding the Kaspersky Virus removal tool, how can it be uninstalled.

Regards

Link to post
Share on other sites

No, you should manually delete it. When we are done here, I will let you know how to clean all of these tools.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Ran OTL with no issues, log files created below:

OTL.txt

OTL logfile created on: 6/13/2013 11:15:42 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Home.VALPC\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 44.49% Memory free

2.98 Gb Paging File | 2.42 Gb Available in Paging File | 81.30% Paging File free

Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.46 Gb Total Space | 1.56 Gb Free Space | 2.18% Space Free | Partition Type: NTFS

Computer Name: VALPC | User Name: Home | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/13 11:13:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home.VALPC\Desktop\OTL.exe

PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2013/04/18 18:38:34 | 000,048,248 | ---- | M] () -- C:\WINDOWS\system32\C2MP\UpdateChecker.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/09/20 00:02:24 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

PRC - [2012/03/01 23:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareAgent.exe

PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2009/12/15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/10/01 18:43:12 | 000,548,864 | ---- | M] (BL) -- C:\Program Files\lg_fwupdate\fwupdate.exe

PRC - [2006/01/13 20:38:36 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

PRC - [2006/01/13 20:38:35 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2013/04/18 18:38:34 | 000,048,248 | ---- | M] () -- C:\WINDOWS\system32\C2MP\UpdateChecker.exe

MOD - [2013/02/26 01:09:23 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll

MOD - [2013/02/25 18:49:27 | 000,758,784 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e30ded9b9c19a264a974b1cc40d7d2cc\System.Runtime.Remoting.ni.dll

MOD - [2013/02/25 18:30:02 | 013,006,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll

MOD - [2013/02/25 18:29:38 | 001,651,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll

MOD - [2013/02/25 18:28:46 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll

MOD - [2013/02/25 18:28:11 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll

MOD - [2013/02/25 18:28:01 | 000,973,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll

MOD - [2013/02/25 18:27:32 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll

MOD - [2013/02/25 18:27:20 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll

MOD - [2013/02/25 18:27:00 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll

MOD - [2012/06/20 17:23:00 | 000,599,419 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll

MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll

MOD - [2010/03/23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll

MOD - [2009/12/15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/12/15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2013/06/12 13:38:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/12/09 03:05:09 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)

SRV - [2012/03/02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)

SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKLM\..\SearchScopes\{8BB84F8C-E30A-4304-A4AF-2D415EE55A9E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1454471165-1409082233-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-1454471165-1409082233-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1454471165-1409082233-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1454471165-1409082233-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 77 87 31 C7 0D CE 01 [binary data]

IE - HKU\S-1-5-21-1454471165-1409082233-1417001333-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1454471165-1409082233-1417001333-1003\..\SearchScopes,DefaultScope = {8BB84F8C-E30A-4304-A4AF-2D415EE55A9E}

IE - HKU\S-1-5-21-1454471165-1409082233-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKU\S-1-5-21-1454471165-1409082233-1417001333-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1454471165-1409082233-1417001333-1003\..\SearchScopes\{8BB84F8C-E30A-4304-A4AF-2D415EE55A9E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_enUS524

IE - HKU\S-1-5-21-1454471165-1409082233-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121012015120

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..browser.startup.homepage:

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Home.VALPC\Local Settings\Application Data\Citrix\Plugins\94\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/09 03:05:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/15 00:44:27 | 000,000,000 | ---D | M]

[2012/11/26 23:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home.VALPC\Application Data\Mozilla\Extensions

[2013/06/08 21:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home.VALPC\Application Data\Mozilla\Firefox\Profiles\22xopynb.default\extensions

[2013/01/19 09:58:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Home.VALPC\Application Data\Mozilla\Firefox\Profiles\22xopynb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2013/06/06 19:14:03 | 000,213,470 | ---- | M] () (No name found) -- C:\Documents and Settings\Home.VALPC\Application Data\Mozilla\Firefox\Profiles\22xopynb.default\extensions\torntv2@torntv.com.xpi

[2013/06/06 19:15:26 | 000,006,470 | ---- | M] () -- C:\Documents and Settings\Home.VALPC\Application Data\Mozilla\Firefox\Profiles\22xopynb.default\searchplugins\BrowserDefender.xml

[2012/12/09 03:01:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/12/09 03:05:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/11/20 02:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/11/20 02:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=E099001320C5CE71

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

CHR - Extension: Google Drive = C:\Documents and Settings\Home.VALPC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Documents and Settings\Home.VALPC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Documents and Settings\Home.VALPC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Gmail = C:\Documents and Settings\Home.VALPC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2001/08/23 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll (Google Inc.)

O4 - HKLM..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)

O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BL)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - HKU\S-1-5-21-1454471165-1409082233-1417001333-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()

O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk = C:\WINDOWS\system32\C2MP\UpdateChecker.exe ()

O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()

O4 - Startup: C:\Documents and Settings\Home.VALPC\Start Menu\Programs\Startup\_uninst_37597791.lnk = C:\Documents and Settings\Home.VALPC\Local Settings\Temp\_uninst_37597791.bat ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1454471165-1409082233-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O15 - HKU\S-1-5-21-1454471165-1409082233-1417001333-1003\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353569541390 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353639941156 (MUWebControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0315F29-7D78-4C4C-A320-5449F7249F36}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll (Google Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/10/12 15:56:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{67041b06-2e0c-11e2-98c2-001320c5ce71}\Shell\AutoRun\command - "" = E:\Setup.exe

O33 - MountPoints2\{67041b06-2e0c-11e2-98c2-001320c5ce71}\Shell\Install\command - "" = E:\Setup.exe

O33 - MountPoints2\{b69bee36-b302-11e0-94cf-001320c5ce71}\Shell - "" = AutoRun

O33 - MountPoints2\{b69bee36-b302-11e0-94cf-001320c5ce71}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{b69bee36-b302-11e0-94cf-001320c5ce71}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.hta

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/13 11:14:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home.VALPC\Desktop\OTL.exe

[2013/06/13 11:07:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2013/06/10 16:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2013/06/10 16:02:17 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Home.VALPC\Desktop\esetsmartinstaller_enu.exe

[2013/06/08 21:33:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2013/06/08 21:33:13 | 000,000,000 | ---D | C] -- C:\JRT

[2013/06/07 23:00:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home.VALPC\Start Menu\Programs\Administrative Tools

[2013/06/07 22:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home.VALPC\Desktop\V_removal

[2013/06/06 22:01:29 | 000,000,000 | ---D | C] -- C:\P

[2013/06/06 22:01:29 | 000,000,000 | ---D | C] -- C:\Downloads

[2013/06/06 19:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home.VALPC\Start Menu\Programs\TornTV.com

[2013/06/06 18:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home.VALPC\Desktop\E.T HOMEWORK

[2013/05/28 17:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Media Player - Codec Pack

[2013/05/28 17:24:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP

[2013/05/28 15:20:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/13 11:13:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home.VALPC\Desktop\OTL.exe

[2013/06/13 11:06:46 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk

[2013/06/13 11:06:45 | 000,000,265 | ---- | M] () -- C:\WINDOWS\lgfwup.ini

[2013/06/13 11:06:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/06/13 11:06:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/06/13 11:04:56 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job

[2013/06/13 10:41:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/06/13 10:37:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/06/13 06:51:52 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2013/06/13 06:45:22 | 000,475,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/06/13 06:45:22 | 000,076,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/06/13 06:40:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/06/12 21:16:32 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk

[2013/06/11 19:50:21 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Home.VALPC\My Documents\spider.sav

[2013/06/11 16:32:29 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\Home.VALPC\My Documents\my folder.pst

[2013/06/11 16:32:28 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\Home.VALPC\My Documents\archive.pst

[2013/06/11 11:40:31 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\Home.VALPC\Start Menu\Programs\Startup\_uninst_37597791.lnk

[2013/06/11 11:18:42 | 172,286,960 | ---- | M] () -- C:\Documents and Settings\Home.VALPC\Desktop\setup_11.0.0.1245.x01_2013_06_11_17_01.exe

[2013/06/10 16:02:29 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Home.VALPC\Desktop\esetsmartinstaller_enu.exe

[2013/06/08 21:52:23 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\Home.VALPC\Desktop\AdwCleaner.exe

[2013/06/05 12:16:54 | 000,001,128 | -H-- | M] () -- C:\Documents and Settings\Home.VALPC\My Documents\Default.rdp

[2013/05/28 17:42:39 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Home.VALPC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/05/28 17:26:24 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk

[2013/05/28 17:05:29 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Home.VALPC\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2013/05/28 16:49:01 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2013/05/28 16:49:01 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2013/05/28 16:44:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/05/28 16:42:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/11 11:40:31 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\Home.VALPC\Start Menu\Programs\Startup\_uninst_37597791.lnk

[2013/06/11 11:37:05 | 172,286,960 | ---- | C] () -- C:\Documents and Settings\Home.VALPC\Desktop\setup_11.0.0.1245.x01_2013_06_11_17_01.exe

[2013/06/09 22:59:06 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\Home.VALPC\Desktop\AdwCleaner.exe

[2013/05/28 17:26:24 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk

[2013/04/16 06:35:04 | 003,915,776 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll

[2013/04/16 06:33:50 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2013/04/16 06:32:28 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll

[2013/04/16 06:32:24 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2013/04/16 06:32:18 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2013/04/16 06:32:16 | 000,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll

[2013/04/16 06:32:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll

[2013/04/16 06:32:14 | 001,525,760 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll

[2013/04/16 06:32:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll

[2013/04/16 06:32:10 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2013/04/13 08:23:50 | 007,788,672 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-55.dll

[2013/04/13 08:23:50 | 007,788,672 | ---- | C] () -- C:\WINDOWS\System32\avcodec-53.dll

[2013/04/13 08:23:50 | 001,300,152 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-55.dll

[2013/04/13 08:23:50 | 000,400,592 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll

[2013/04/13 08:23:50 | 000,272,192 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-52.dll

[2013/04/13 08:23:50 | 000,272,192 | ---- | C] () -- C:\WINDOWS\System32\avutil-51.dll

[2013/04/13 08:23:50 | 000,194,632 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-3.dll

[2013/04/13 08:23:50 | 000,172,728 | ---- | C] () -- C:\WINDOWS\System32\avresample-lav-1.dll

[2013/02/19 07:54:19 | 000,012,066 | ---- | C] () -- C:\WINDOWS\hpdj6500.ini

[2013/02/04 19:56:47 | 000,060,864 | ---- | C] () -- C:\Documents and Settings\Home.VALPC\g2mdlhlpx.exe

[2012/12/10 22:33:15 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Home.VALPC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/11/27 22:47:48 | 000,000,265 | ---- | C] () -- C:\WINDOWS\lgfwup.ini

[2012/11/22 03:08:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2012/11/22 02:41:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012/11/22 02:33:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2012/11/21 22:23:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2012/11/21 22:21:55 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/09/29 18:47:28 | 000,000,178 | ---- | C] () -- C:\WINDOWS\System32\Formats.ini

[2012/06/17 17:15:04 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\spdif_test.exe

[2012/06/17 17:14:58 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe

[2012/06/17 17:14:42 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll

[2011/12/07 15:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll

[2011/09/24 20:39:23 | 000,074,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/09/08 10:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll

[2011/09/08 10:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll

[2011/09/08 10:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll

[2011/09/08 10:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll

[2011/09/08 10:00:34 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe

[2011/09/08 10:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll

[2011/09/08 10:00:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe

[2011/09/08 10:00:06 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe

[2011/09/08 09:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll

[2011/09/08 09:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll

[2011/06/23 23:58:32 | 000,242,259 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011/06/23 23:58:04 | 000,877,296 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

========== ZeroAccess Check ==========

[2013/01/01 02:24:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2009/01/07 18:20:52 | 001,497,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 00:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2011/09/24 20:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Allmyapps

[2012/11/13 23:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon

[2010/11/21 19:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2012/11/27 22:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Temp

[2012/08/23 17:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\.minecraft

[2012/08/03 17:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/11/13 23:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Memeo

[2012/11/13 23:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Seagate

[2012/11/01 01:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Softland

[2012/10/23 00:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Uniblue

[2012/04/13 14:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Unity

[2013/02/09 14:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home.VALPC\Application Data\AnvSoft

[2012/12/11 22:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home.VALPC\Application Data\Machete Lite

[2013/02/25 19:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home.VALPC\Application Data\Project Viewer 2010 SP2

[2013/02/26 20:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home.VALPC\Application Data\Samsung

[2012/11/23 02:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home.VALPC\Application Data\WinPatrol

[2012/11/13 23:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Seagate

[2012/11/01 01:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland

[2013/01/01 02:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Samsung

[2012/09/05 13:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\.mono

[2012/11/14 19:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Memeo

[2012/10/08 21:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Pokémon Trading Card Game Online

[2012/11/14 19:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Seagate

[2011/08/03 18:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Unity

[2013/05/14 20:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew.VALPC\Application Data\Unity

[2012/12/08 18:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew.VALPC\Application Data\WinPatrol

[2012/09/05 09:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\.minecraft

[2012/11/15 22:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Memeo

[2012/11/15 22:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Seagate

[2013/01/31 18:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul.VALPC\Application Data\WinPatrol

[2012/11/15 06:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudolph\Application Data\Memeo

[2012/11/15 06:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudolph\Application Data\Seagate

[2012/12/11 23:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudolph.VALPC\Application Data\Machete Lite

[2012/11/23 06:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudolph.VALPC\Application Data\WinPatrol

========== Purity Check ==========

< End of report >

Extras.txt

OTL Extras logfile created on: 6/13/2013 11:15:42 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Home.VALPC\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 44.49% Memory free

2.98 Gb Paging File | 2.42 Gb Available in Paging File | 81.30% Paging File free

Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.46 Gb Total Space | 1.56 Gb Free Space | 2.18% Space Free | Partition Type: NTFS

Computer Name: VALPC | User Name: Home | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1454471165-1409082233-1417001333-1003\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"54010:TCP" = 54010:TCP:*:Enabled:Samsung AllShare SlideShow Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"D:\EasySetupAssistant\wr741n\EasySetupAssistant.exe" = D:\EasySetupAssistant\wr741n\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)

"C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe" = C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe:*:Enabled:Samsung AllShare Service -- (Samsung Electronics Co., Ltd.)

"C:\Program Files\Samsung\AllShare\AllShare.exe" = C:\Program Files\Samsung\AllShare\AllShare.exe:*:Enabled:Samsung AllShare Player -- (Samsung Electronics Co., Ltd.)

"C:\Program Files\Samsung\AllShare\AllShareAgent.exe" = C:\Program Files\Samsung\AllShare\AllShareAgent.exe:*:Enabled:Samsung AllShare Agent -- (Samsung Electronics Co., Ltd.)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Office Communicator -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D50E33F-0DB8-4E3B-B75C-2B872A33D87B}" = HP Deskjet 6500

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)

"{AC7E7CBF-805B-430C-A839-BB611EA8635B}" = Project Viewer 2010 SP2

"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup

"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare

"{E84D1C9D-6669-4156-992B-17557D64F1D3}" = Microsoft Office Communicator 2007 R2

"{F05CE84D-4C4C-4EA7-840B-BAB0C72B60E2}" = Machete Lite 3.8

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"7-Zip" = 7-Zip 9.22beta

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Any Video Converter 5_is1" = Any Video Converter 5 5.0.3

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"Google Chrome" = Google Chrome

"Google Chrome Frame" = Google Chrome Frame

"ie8" = Windows Internet Explorer 8

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint

"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Media Player - Codec Pack" = Media Player Codec Pack 4.2.7

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"PROSet" = Intel® PRO Network Adapters and Drivers

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-1409082233-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GoToMeeting" = GoToMeeting 5.4.0.1083

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/8/2013 9:37:55 PM | Computer Name = VALPC | Source = SamsungAllShareV2.0 | ID = 0

Description = Service cannot be started. System.Runtime.InteropServices.COMException

(0x80010002): Call was canceled by the message filter. (Exception from HRESULT:

0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32

errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at

System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize()

at System.Management.ManagementEventWatcher.Start() at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()

at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize() at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()

at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance() at AllShareDMS.AllShareDMS.DoStart()

at AllShareDMS.AllShareDMS.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 6/8/2013 9:57:52 PM | Computer Name = VALPC | Source = SamsungAllShareV2.0 | ID = 0

Description = Service cannot be started. System.Runtime.InteropServices.COMException

(0x80010002): Call was canceled by the message filter. (Exception from HRESULT:

0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32

errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at

System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize()

at System.Management.ManagementEventWatcher.Start() at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()

at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize() at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()

at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance() at AllShareDMS.AllShareDMS.DoStart()

at AllShareDMS.AllShareDMS.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 6/9/2013 11:16:20 AM | Computer Name = VALPC | Source = SamsungAllShareV2.0 | ID = 0

Description = Service cannot be started. System.Runtime.InteropServices.COMException

(0x80010002): Call was canceled by the message filter. (Exception from HRESULT:

0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32

errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at

System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize()

at System.Management.ManagementEventWatcher.Start() at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()

at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize() at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()

at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance() at AllShareDMS.AllShareDMS.DoStart()

at AllShareDMS.AllShareDMS.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 6/9/2013 9:32:26 PM | Computer Name = VALPC | Source = SamsungAllShareV2.0 | ID = 0

Description = Service cannot be started. System.Runtime.InteropServices.COMException

(0x80010002): Call was canceled by the message filter. (Exception from HRESULT:

0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32

errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at

System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize()

at System.Management.ManagementEventWatcher.Start() at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()

at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize() at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()

at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance() at AllShareDMS.AllShareDMS.DoStart()

at AllShareDMS.AllShareDMS.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 6/9/2013 11:08:03 PM | Computer Name = VALPC | Source = SamsungAllShareV2.0 | ID = 0

Description = Service cannot be started. System.Runtime.InteropServices.COMException

(0x80010002): Call was canceled by the message filter. (Exception from HRESULT:

0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32

errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at

System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize()

at System.Management.ManagementEventWatcher.Start() at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()

at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize() at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()

at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance() at AllShareDMS.AllShareDMS.DoStart()

at AllShareDMS.AllShareDMS.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 6/10/2013 3:41:52 PM | Computer Name = VALPC | Source = SamsungAllShareV2.0 | ID = 0

Description = Service cannot be started. System.Runtime.InteropServices.COMException

(0x80010002): Call was canceled by the message filter. (Exception from HRESULT:

0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32

errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at

System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize()

at System.Management.ManagementEventWatcher.Start() at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()

at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize() at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()

at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance() at AllShareDMS.AllShareDMS.DoStart()

at AllShareDMS.AllShareDMS.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 6/11/2013 10:49:53 AM | Computer Name = VALPC | Source = SamsungAllShareV2.0 | ID = 0

Description = Service cannot be started. System.Runtime.InteropServices.COMException

(0x80010002): Call was canceled by the message filter. (Exception from HRESULT:

0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32

errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at

System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize()

at System.Management.ManagementEventWatcher.Start() at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()

at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize() at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()

at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance() at AllShareDMS.AllShareDMS.DoStart()

at AllShareDMS.AllShareDMS.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 6/12/2013 10:47:07 AM | Computer Name = VALPC | Source = SamsungAllShareV2.0 | ID = 0

Description = Service cannot be started. System.Runtime.InteropServices.COMException

(0x80010002): Call was canceled by the message filter. (Exception from HRESULT:

0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32

errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at

System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize()

at System.Management.ManagementEventWatcher.Start() at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()

at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize() at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()

at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance() at AllShareDMS.AllShareDMS.DoStart()

at AllShareDMS.AllShareDMS.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 6/12/2013 6:53:25 PM | Computer Name = VALPC | Source = SamsungAllShareV2.0 | ID = 0

Description = Service cannot be started. System.Runtime.InteropServices.COMException

(0x80010002): Call was canceled by the message filter. (Exception from HRESULT:

0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32

errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at

System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize()

at System.Management.ManagementEventWatcher.Start() at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()

at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize() at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()

at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance() at AllShareDMS.AllShareDMS.DoStart()

at AllShareDMS.AllShareDMS.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 6/13/2013 6:42:15 AM | Computer Name = VALPC | Source = SamsungAllShareV2.0 | ID = 0

Description = Service cannot be started. System.Runtime.InteropServices.COMException

(0x80010002): Call was canceled by the message filter. (Exception from HRESULT:

0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32

errorCode) at System.Management.ManagementScope.InitializeGuts(Object o) at

System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize()

at System.Management.ManagementEventWatcher.Start() at AllShareDmsUtil.Manager.AllShareDmsManager.InitEventWatcher()

at AllShareDmsUtil.Manager.AllShareDmsManager.Initialize() at AllShareDmsUtil.Manager.AllShareDmsManager..ctor()

at AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance() at AllShareDMS.AllShareDMS.DoStart()

at AllShareDMS.AllShareDMS.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

[ OSession Events ]

Error - 2/3/2013 10:31:19 AM | Computer Name = VALPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47

seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/24/2013 4:43:12 PM | Computer Name = VALPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 6/8/2013 8:44:49 PM | Computer Name = VALPC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.5 for the Network Card with network

address 001320C5CE71 has been denied by the DHCP server 192.168.1.1 (The DHCP Server

sent a DHCPNACK message).

Error - 6/8/2013 9:40:16 PM | Computer Name = VALPC | Source = Service Control Manager | ID = 7034

Description = The Skype Updater service terminated unexpectedly. It has done this

1 time(s).

Error - 6/9/2013 11:14:54 AM | Computer Name = VALPC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

address 001320C5CE71 has been denied by the DHCP server 192.168.1.1 (The DHCP Server

sent a DHCPNACK message).

Error - 6/9/2013 9:31:08 PM | Computer Name = VALPC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.3 for the Network Card with network

address 001320C5CE71 has been denied by the DHCP server 192.168.1.1 (The DHCP Server

sent a DHCPNACK message).

Error - 6/9/2013 9:33:51 PM | Computer Name = VALPC | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

Error - 6/10/2013 3:40:22 PM | Computer Name = VALPC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

address 001320C5CE71 has been denied by the DHCP server 192.168.1.1 (The DHCP Server

sent a DHCPNACK message).

Error - 6/10/2013 3:42:22 PM | Computer Name = VALPC | Source = DCOM | ID = 10010

Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register

with DCOM within the required timeout.

Error - 6/12/2013 10:45:52 AM | Computer Name = VALPC | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring

the volume.

Error - 6/12/2013 10:47:10 AM | Computer Name = VALPC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

IntelIde

Error - 6/12/2013 10:49:53 AM | Computer Name = VALPC | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

< End of report >

Regards

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2013/06/06 19:14:03 | 000,213,470 | ---- | M] () (No name found) -- C:\Documents and Settings\Home.VALPC\Application Data\Mozilla\Firefox\Profiles\22xopynb.default\extensions\torntv2@torntv.com.xpi
    [2013/06/06 19:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home.VALPC\Start Menu\Programs\TornTV.com
    [2010/11/21 19:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    :files
    ipconfig /flushdns /c
    :Commands
    [emptytemp]
    [clearallrestorepoints]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

I applied the updates to OTL and it appears to run, then all the icons disappear from the desktop and nothing else happens, the pc has been like that for over 2 hours, should I reboot and look for the text file. (i'm using my laptop).

Link to post
Share on other sites

I havent run ComboFix before for this problem, i was using OTL (question: Do i need to disable the internet connection and MicroSoft Essentials before running OTL).

For ComboFix are there any specific fix updates that need to be applied?

Regards

Badpc

Link to post
Share on other sites

Hi Maniac

 

Ran OTL in SAFE mode with no issues, here are the results:

 

All processes killed
========== OTL ==========
C:\Documents and Settings\Home.VALPC\Application Data\Mozilla\Firefox\Profiles\22xopynb.default\extensions\torntv2@torntv.com.xpi moved successfully.
C:\Documents and Settings\Home.VALPC\Start Menu\Programs\TornTV.com folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\sounds\stream folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\sounds folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\puzzles folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\images\upsell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\images\mainmenubkg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\images\backdrops folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\images folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\data folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PopCap folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Home.VALPC\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Home.VALPC\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->FireFox cache emptied: 3374531 bytes
->Flash cache emptied: 321 bytes
 
User: Administrator.VALPC
->Temp folder emptied: 12296 bytes
->Temporary Internet Files folder emptied: 26709912 bytes
 
User: ADMINI~1~VAL
 
User: All Users
 
User: All Users.WINDOWS
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Home
->Temp folder emptied: 5431336 bytes
->Temporary Internet Files folder emptied: 39168659 bytes
->FireFox cache emptied: 231299062 bytes
->Google Chrome cache emptied: 218084037 bytes
->Flash cache emptied: 44071 bytes
 
User: Home.VALPC
->Temp folder emptied: 662635314 bytes
->Temporary Internet Files folder emptied: 62767598 bytes
->FireFox cache emptied: 281810112 bytes
->Google Chrome cache emptied: 150956080 bytes
->Flash cache emptied: 2000 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: LocalService.NT AUTHORITY
->Temp folder emptied: 66097 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Matthew
->Temp folder emptied: 42012 bytes
->Temporary Internet Files folder emptied: 73289942 bytes
->FireFox cache emptied: 636496157 bytes
->Flash cache emptied: 81418 bytes
 
User: Matthew.VALPC
->Temp folder emptied: 38927219 bytes
->Temporary Internet Files folder emptied: 250905725 bytes
->Google Chrome cache emptied: 7739360 bytes
->Flash cache emptied: 136802 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService.NT AUTHORITY
->Temp folder emptied: 2301836 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Paul
->Temp folder emptied: 258693 bytes
->Temporary Internet Files folder emptied: 327974 bytes
->FireFox cache emptied: 688897181 bytes
->Flash cache emptied: 63218 bytes
 
User: Paul.VALPC
->Temp folder emptied: 8842468 bytes
->Temporary Internet Files folder emptied: 540143933 bytes
->FireFox cache emptied: 8914510 bytes
->Google Chrome cache emptied: 43810035 bytes
->Flash cache emptied: 74019 bytes
 
User: Rudolph
->Temp folder emptied: 160044 bytes
->Temporary Internet Files folder emptied: 59254997 bytes
->FireFox cache emptied: 659487332 bytes
->Flash cache emptied: 10610175 bytes
 
User: Rudolph.VALPC
->Temp folder emptied: 50416830 bytes
->Temporary Internet Files folder emptied: 1477939314 bytes
->Google Chrome cache emptied: 132980660 bytes
->Flash cache emptied: 522339 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 19068945 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40757201 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 146941794 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 38364372 bytes
 
Total Files Cleaned = 6,316.00 mb
 
Unable to start System Restore Service. Error code 10
 
OTL by OldTimer - Version 3.2.69.0 log created on 06202013_080459
 
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Home\Local Settings\Temp\Temporary Internet Files\Content.IE5\9YCTBBAU\ore_core.config_core.io_core.json_core.legacy_core.log_core.prefs_core.util_globals_l10n-en-GB_opensocial-data_rpc_shindig.auth_yahoo.credits_yahoo.internal.urlrewrite_yahoo.l10n[1] not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
Regards
 
Badpc
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.