Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech Forums - Register now for FREE

We're your place for tech questions. Join 87501 others, and join the conversation. Ask questions. Find answers. Share your ideas and opinions. Browse our community. You'll find experts who enjoy helping others. Who explain technical issues in a non-technical way that anyone can understand. Create an account today (it's 100% free)!

Create an Account Login to Account


Photo

Infected with XP defender plus 2013 (Solved)


  • This topic is locked This topic is locked
17 replies to this topic

#1 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 23 February 2013 - 08:36 PM

Infected with XP Defender Plus 2013. Managed to find an activation key that at least gave me control of the computer back.
I need help cleaning up this machine. It is responding very slowly, I imagine there are several issues.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:27:14 PM, on 2/23/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\ffd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gayle Perry\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3239904
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
R3 - URLSearchHook: SocialSearchBar_App Toolbar - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files\SocialSearchBar_App\prxtbSoc0.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SocialSearchBar_App - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files\SocialSearchBar_App\prxtbSoc0.dll
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: UnfriendApp - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files\UnfriendApp\IE\common.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: SocialSearchBar_App Toolbar - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files\SocialSearchBar_App\prxtbSoc0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15753 bytes

#2 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 24 February 2013 - 01:37 AM

Hi and Welcome!! sLeven7 :)

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please be adviced, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.


IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! ;)

#3 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 24 February 2013 - 08:56 AM

I'm ready to follow your instructions :) Another symtom developed this morning. Now when I try to open Chrome I get this error message: The parameter is incorrect. and Chrome fails to open.

Edited by sLeven7, 24 February 2013 - 09:06 AM.


#4 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 24 February 2013 - 09:36 AM

Hi sLeven7 ;)

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===========================================

Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    DRIVES
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

=============================== Next =======================================


Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

On your next reply please post :
  • Checkup.txt
  • OTL.txt
  • Extras.txt
  • aswMBR log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

#5 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 24 February 2013 - 12:50 PM

Checkup.txt

Results of screen317's Security Check version 0.99.59
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 6 Update 17
Java™ SE Runtime Environment 6 Update 1
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 24.0.1312.57
Google Chrome 25.0.1364.97
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````




OTL logfile created on: 2/24/2013 1:33:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gayle Perry\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 378.74 Mb Available Physical Memory | 37.34% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.63% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 59.25 Gb Free Space | 63.60% Space Free | Partition Type: NTFS
Drive D: | 1.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GAYLE | User Name: Gayle Perry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Gayle Perry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe (Netscape Communications Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()


========== Services (SafeList) ==========

SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (NCUpdateSvc) -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe (Netscape Communications Corporation)


========== Driver Services (SafeList) ==========

DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (aswMBR) -- C:\DOCUME~1\GAYLEP~1\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (V0230VID) -- C:\WINDOWS\system32\drivers\V0230VID.sys (Creative Technology Ltd.)
DRV - (V0230Vfx) -- C:\WINDOWS\system32\drivers\V0230Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.)
DRV - (cdrbsvsd) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Company)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.99searchengines.com/?op [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3239904
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files\SocialSearchBar_App\prxtbSoc0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...amp;Form=IE8SRC
IE - HKCU\..\SearchScopes\{14D166C7-3F4D-4261-A3C1-7117FFEB4668}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{2D37E082-6FB8-4CC1-9B09-7B6570FA76C3}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{33F025C6-193B-4E50-A2A3-AAC77F3985FE}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{97811D0C-8BEE-4B63-933C-A2A837E994E3}: "URL" = http://www.dealio.co...d={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...;ctid=CT3239904
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....amp;fr=chr-tyc8
IE - HKCU\..\SearchScopes\{F4FC0811-AB17-4759-9E77-BA12542D28F3}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{FE190563-3211-40AE-A99A-5B3386B655D0}: "URL" = http://www.google.co...amp;rlz=1I7HPID
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/02 09:41:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/21 20:14:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@unfriendapp.com: C:\Program Files\UnfriendApp\Firefox\ [2013/01/23 20:35:35 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://search.imesh.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{g
oogle:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.imesh.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: UnfriendApp = C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.65263_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Gmail = C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O2 - BHO: (SocialSearchBar_App Toolbar) - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files\SocialSearchBar_App\prxtbSoc0.dll (Conduit Ltd.)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (UnfriendApp) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files\UnfriendApp\IE\common.dll (UnfriendApp)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O2 - BHO: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (SocialSearchBar_App Toolbar) - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files\SocialSearchBar_App\prxtbSoc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SocialSearchBar_App Toolbar) - {2421D847-721C-404F-87B4-BBD2B95D1087} - C:\Program Files\SocialSearchBar_App\prxtbSoc0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe (Creative Technology Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A998300-9DC8-42E4-8824-68041F057F79}: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{862FA24B-CAFC-44E9-806B-FDF4317F6B0F}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = QW] -- "C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\ffd.exe" -a "%1" %* ()
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/24 12:57:13 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Gayle Perry\Desktop\aswMBR.exe
[2013/02/24 12:47:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gayle Perry\Desktop\OTL.exe
[2013/02/23 21:24:55 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Gayle Perry\Desktop\HiJackThis.exe
[2013/02/23 21:00:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gayle Perry\Recent
[2013/02/07 18:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gayle Perry\My Documents\RealPlayer Downloads
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/24 13:34:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2013/02/24 13:28:26 | 000,000,490 | ---- | M] () -- C:\Documents and Settings\Gayle Perry\Desktop\MBR.zip
[2013/02/24 13:26:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Gayle Perry\Desktop\MBR.dat
[2013/02/24 13:23:03 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/02/24 12:57:13 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Gayle Perry\Desktop\aswMBR.exe
[2013/02/24 12:47:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gayle Perry\Desktop\OTL.exe
[2013/02/24 12:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/24 12:38:40 | 000,881,935 | ---- | M] () -- C:\Documents and Settings\Gayle Perry\Desktop\SecurityCheck.exe
[2013/02/24 12:27:55 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-43951139-821738831-4022988679-1005.job
[2013/02/24 12:27:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/24 12:27:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/24 12:27:22 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-43951139-821738831-4022988679-1005.job
[2013/02/24 12:27:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/24 12:27:12 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/24 09:35:19 | 000,015,346 | -HS- | M] () -- C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\6o4v7yr6ikfw18072u
[2013/02/24 09:35:19 | 000,015,346 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6o4v7yr6ikfw18072u
[2013/02/23 21:57:26 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/02/23 21:25:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Gayle Perry\Desktop\HiJackThis.exe
[2013/02/23 21:09:08 | 000,232,902 | ---- | M] () -- C:\Documents and Settings\Gayle Perry\My Documents\cc_20130223_210855.reg
[2013/02/23 20:52:46 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-43951139-821738831-4022988679-1005.job
[2013/02/23 20:15:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/02/22 20:22:21 | 000,242,688 | ---- | M] () -- C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\ffd.exe
[2013/02/21 20:06:43 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-43951139-821738831-4022988679-1005.job
[2013/02/07 18:56:51 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-43951139-821738831-4022988679-1005.job
[2013/02/05 21:14:27 | 000,000,044 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2013/02/02 23:26:56 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Gayle Perry\My Documents\spider.sav
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/24 13:28:26 | 000,000,490 | ---- | C] () -- C:\Documents and Settings\Gayle Perry\Desktop\MBR.zip
[2013/02/24 13:26:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Gayle Perry\Desktop\MBR.dat
[2013/02/24 12:38:39 | 000,881,935 | ---- | C] () -- C:\Documents and Settings\Gayle Perry\Desktop\SecurityCheck.exe
[2013/02/23 21:09:01 | 000,232,902 | ---- | C] () -- C:\Documents and Settings\Gayle Perry\My Documents\cc_20130223_210855.reg
[2013/02/23 20:06:58 | 1063,768,064 | -HS- | C] () -- C:\hiberfil.sys
[2013/02/22 20:22:26 | 000,015,346 | -HS- | C] () -- C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\6o4v7yr6ikfw18072u
[2013/02/22 20:22:26 | 000,015,346 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6o4v7yr6ikfw18072u
[2013/02/22 20:22:21 | 000,242,688 | ---- | C] () -- C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\ffd.exe
[2013/02/07 19:03:18 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-43951139-821738831-4022988679-1005.job
[2013/02/07 18:57:10 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-43951139-821738831-4022988679-1005.job
[2013/02/07 18:57:09 | 000,000,320 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-43951139-821738831-4022988679-1005.job
[2013/02/07 18:56:50 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-43951139-821738831-4022988679-1005.job
[2007/08/05 17:40:53 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/03 20:04:35 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/29 14:13:37 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\Gayle Perry\Application Data\ViewerApp.dat
[2005/07/25 03:32:49 | 000,001,646 | ---- | C] () -- C:\Documents and Settings\Gayle Perry\Application Data\wklnhst.dat
[2005/07/25 03:21:46 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\Gayle Perry\secedit.INTEG.RAW

========== ZeroAccess Check ==========

[2004/08/07 08:09:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2006/10/23 10:34:22 | 001,497,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 03:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/28 19:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\171C5
[2011/07/22 21:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2007/02/24 19:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/07/22 21:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2008/10/02 16:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2005/04/18 14:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2005/12/07 19:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2013/01/09 20:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/15 17:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/07/22 21:14:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0ACE0403-C75D-488C-A403-7A57E9848B62}
[2010/04/20 06:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 17:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 17:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/22 21:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gayle Perry\Application Data\imeshbandmltbpi
[2005/08/11 16:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gayle Perry\Application Data\InterVideo
[2008/11/28 13:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gayle Perry\Application Data\iWin
[2005/08/14 13:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gayle Perry\Application Data\Leadertech
[2012/02/21 20:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gayle Perry\Application Data\mediabarim
[2012/09/18 20:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gayle Perry\Application Data\OpenOffice.org
[2009/08/14 08:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gayle Perry\Application Data\SpinTop
[2005/07/25 03:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gayle Perry\Application Data\Template

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2005/11/13 15:06:53 | 000,260,608 | ---- | M] () -- C:\bejewel_patch.exe
[2005/08/21 08:45:56 | 001,008,608 | ---- | M] (Microsoft Corp.) -- C:\Pandora10a.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\system32\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2004/08/04 03:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2004/08/04 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: TOSHIBA MK1031GAS
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 93.00GB
Starting Offset: 32256
Hidden sectors: 0


========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B97C9F84
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B00D439
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3597A698
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACFF27B
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6

< End of report >

OTL Extras logfile created on: 2/24/2013 1:33:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gayle Perry\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 378.74 Mb Available Physical Memory | 37.34% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.63% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 59.25 Gb Free Space | 63.60% Space Free | Partition Type: NTFS
Drive D: | 1.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GAYLE | User Name: Gayle Perry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = QW] -- C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\ffd.exe ()
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
"C:\Program Files\att-nap\McciBrowser.exe" = C:\Program Files\att-nap\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)
"C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{06ECCCF4-9295-468E-851C-9529A7C181E8}" = HP User Guides 0001
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risk II
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D3543CC-82B3-447E-B7D5-430C41946A54}" = Hoyle Puzzle Games 2003
"{5F5FA055-84C1-459B-B0B6-D48D210AE50A}" = Hoyle Casino 2003
"{618F637A-5D4D-48F4-9679-D02F45BD4315}" = LS_HSI
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = TIxx21
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B2
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{EE35B247-F872-4FFD-BCD1-1970C7E86C84}" = GPS Image Tracker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}" = Netscape Internet Service
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Advanced Video FX Engine" = Advanced Video FX Engine
"Alchemy and Bejeweled Pack" = Alchemy and Bejeweled Pack
"Bejeweled 2" = Bejeweled 2
"blstoolbar" = BellSouth Toolbar 2.0
"BroadJump Client Foundation" = BroadJump Client Foundation
"Canon iP90 Setup Utility" = Canon iP90 Setup Utility
"CANONBJ_Deinstall_CNMCP71.DLL" = Canon iP90
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C" = Soft Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Live! Cam Video IM Pro User's Guide English" = Creative Live! Cam Video IM Pro User's Guide (English)
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Photo Manager" = Creative Photo Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0230" = Creative Live! Cam Video IM Pro Driver (1.00.07.0725)
"Defraggler" = Defraggler
"Dynasty" = Dynasty (remove only)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Free Pandora" = Free Pandora 1.0
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Hoyle Board Games 3" = Hoyle Board Games 3
"Hoyle Card Games 4" = Hoyle Card Games 4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"iMesh" = iMesh
"iMesh 1 MediaBar" = MediaBar
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{5D3543CC-82B3-447E-B7D5-430C41946A54}" = Hoyle Puzzle Games 2003
"InstallShield_{5F5FA055-84C1-459B-B0B6-D48D210AE50A}" = Hoyle Casino 2003
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = Texas Instruments PCIxx21/x515 drivers.
"Jewel Quest" = Jewel Quest
"Jewel Quest® II" = Jewel Quest® II
"Jewel Quest® III" = Jewel Quest® III
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Luxor" = Luxor
"Luxor - Amun Rising" = Luxor - Amun Rising (remove only)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pandora's Box 1.0" = Microsoft Pandora's Box
"Puzzle Inlay" = Puzzle Inlay
"RealPlayer 16.0" = RealPlayer
"SCRABBLE" = SCRABBLE
"SightSpeed" = SightSpeed (remove only)
"SocialSearchBar_App Toolbar" = SocialSearchBar_App Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"The Weather Channel App" = The Weather Channel App
"UnfriendApp" = UnfriendApp
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"XLS Converter_is1" = XLS Converter 1.5.9
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/20/2013 10:58:08 PM | Computer Name = GAYLE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/20/2013 10:58:09 PM | Computer Name = GAYLE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16594

Error - 2/20/2013 10:58:09 PM | Computer Name = GAYLE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16594

Error - 2/21/2013 9:15:06 PM | Computer Name = GAYLE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/21/2013 9:15:06 PM | Computer Name = GAYLE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16047

Error - 2/21/2013 9:15:06 PM | Computer Name = GAYLE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16047

Error - 2/22/2013 9:16:18 PM | Computer Name = GAYLE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/22/2013 9:16:18 PM | Computer Name = GAYLE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 86488359

Error - 2/22/2013 9:16:18 PM | Computer Name = GAYLE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 86488359

Error - 2/23/2013 9:47:37 PM | Computer Name = GAYLE | Source = Application Error | ID = 1000
Description = Faulting application reimagerepair.exe, version 1.2.6.1, faulting
module unknown, version 0.0.0.0, fault address 0x010233e7.

[ System Events ]
Error - 2/23/2013 9:09:33 PM | Computer Name = GAYLE | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%1053

Error - 2/23/2013 9:14:04 PM | Computer Name = GAYLE | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 2/23/2013 9:52:41 PM | Computer Name = GAYLE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WebClient service to
connect.

Error - 2/23/2013 9:52:42 PM | Computer Name = GAYLE | Source = Service Control Manager | ID = 7000
Description = The WebClient service failed to start due to the following error:
%%1053

Error - 2/23/2013 9:57:29 PM | Computer Name = GAYLE | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 2/24/2013 12:56:18 AM | Computer Name = GAYLE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.5 on
the Network Card with network address 0012F06D9E1C.

Error - 2/24/2013 10:46:37 AM | Computer Name = GAYLE | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 2/24/2013 11:43:26 AM | Computer Name = GAYLE | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 2/24/2013 12:38:12 PM | Computer Name = GAYLE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.5 on
the Network Card with network address 0012F06D9E1C.

Error - 2/24/2013 1:32:47 PM | Computer Name = GAYLE | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-24 13:02:14
-----------------------------
13:02:14.343 OS Version: Windows 5.1.2600 Service Pack 2
13:02:14.343 Number of processors: 1 586 0xD08
13:02:14.343 ComputerName: GAYLE UserName:
13:02:14.828 Initialize success
13:08:38.046 AVAST engine defs: 13022400
13:10:14.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:10:14.796 Disk 0 Vendor: TOSHIBA_MK1031GAS AA204C Size: 95396MB BusType: 3
13:10:14.828 Disk 0 MBR read successfully
13:10:14.843 Disk 0 MBR scan
13:10:14.953 Disk 0 unknown MBR code
13:10:14.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95385 MB offset 63
13:10:14.968 Disk 0 scanning sectors +195350400
13:10:15.078 Disk 0 scanning C:\WINDOWS\system32\drivers
13:10:31.843 Service scanning
13:11:07.468 Modules scanning
13:12:05.578 Disk 0 trace - called modules:
13:12:05.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:12:05.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f44ab8]
13:12:06.218 3 CLASSPNP.SYS[f761d05b] -> nt!IofCallDriver -> \Device\00000079[0x86f57778]
13:12:06.234 5 ACPI.sys[f7493620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86fa7d98]
13:12:07.578 AVAST engine scan C:\WINDOWS
13:12:15.062 AVAST engine scan C:\WINDOWS\system32
13:14:57.359 AVAST engine scan C:\WINDOWS\system32\drivers
13:15:18.375 AVAST engine scan C:\Documents and Settings\Gayle Perry
13:23:51.234 AVAST engine scan C:\Documents and Settings\All Users
13:26:06.281 Scan finished successfully
13:26:44.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gayle Perry\Desktop\MBR.dat"
13:26:44.656 The log file has been saved successfully to "C:\Documents and Settings\Gayle Perry\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   490bytes   94 downloads


#6 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 25 February 2013 - 02:49 PM

Hi sLeven7 ;)

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={sea...ferrer:source?}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&a...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.99searchengines.com/?op [Binary data over 200 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3239904
    IE - HKCU\..\URLSearchHook: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files\SocialSearchBar_App\prxtbSoc0.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={sea...amp;Form=IE8SRC
    IE - HKCU\..\SearchScopes\{2D37E082-6FB8-4CC1-9B09-7B6570FA76C3}: "URL" = http://rover.ebay.com/rover/1/711-43047-14...e={searchTerms}
    IE - HKCU\..\SearchScopes\{33F025C6-193B-4E50-A2A3-AAC77F3985FE}: "URL" = http://delicious.com/search?p={searchTerms}
    IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=Y7xK1VO...q={searchTerms}
    IE - HKCU\..\SearchScopes\{97811D0C-8BEE-4B63-933C-A2A837E994E3}: "URL" = http://www.dealio.com/products.html?kwd={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&a...q={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?...;ctid=CT3239904
    CHR - homepage: http://search.imesh.com/
    O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
    O2 - BHO: (UnfriendApp) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files\UnfriendApp\IE\common.dll (UnfriendApp)
    O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
    O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
    O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
    O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
    [2013/02/24 09:35:19 | 000,015,346 | -HS- | M] () -- C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\6o4v7yr6ikfw18072u
    [2013/02/24 09:35:19 | 000,015,346 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6o4v7yr6ikfw18072u
    [2013/02/22 20:22:26 | 000,015,346 | -HS- | C] () -- C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\6o4v7yr6ikfw18072u
    [2013/02/22 20:22:26 | 000,015,346 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6o4v7yr6ikfw18072u
    [2011/07/22 21:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iMesh
    [2011/07/22 21:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gayle Perry\Application Data\imeshbandmltbpi
    
    :Files
    ipconfig /flushdns /c
    
    
    :Commands
    [EMPTYFLASH]
    [REBOOT]
    [RESETHOSTS]
    [CREATERESTOREPOINT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.

=============================== Next =======================================



AdwCleaner

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=============================== Next =======================================

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

http://tigzy.geeksto...ueKillerX64.exe <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.



On your next reply please post :
  • OTL log after fix
  • AdwCleaner log
  • JRT report
  • RogueKiller report

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

#7 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 25 February 2013 - 04:30 PM

Thanks for the help Robybel.

I should have told you this in the previous post but forgot. I can only run .exe files by right clicking and using 'Run As', if I double click on the icon it either does nothing or it returns the following message:

The parameter is incorrect

I ran OTL using the 'Run As', pasted the instructions in and ran, 'Run Fix'
It as to reboot, when OTL started I hit run only to get the, 'The parameter is incorrect'
When I tried to restart it using 'Run As' it returned the following error message:

Error creating log file

OTL will not run now, it keeps saying, 'Error creating log file'

The other three programs ran with no problems, here are the reports:

# AdwCleaner v2.113 - Logfile created 02/25/2013 at 17:02:20
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Gayle Perry - GAYLE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Gayle Perry\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\Gayle Perry\Application Data\iWin
Folder Deleted : C:\Documents and Settings\Gayle Perry\Application Data\mediabarim
Folder Deleted : C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\SocialSearchBar_App
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\FunWebProducts
Folder Deleted : C:\Program Files\iMesh Applications\Mediabar
Folder Deleted : C:\Program Files\SocialSearchBar_App

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2421D847-721C-404F-87B4-BBD2B95D1087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2421D847-721C-404F-87B4-BBD2B95D1087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A87B991-A31F-4130-AE72-6D0C294BF082}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E35B874C-B20C-4C4F-A656-525AE9218388}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E908B145-C847-4E85-B315-07E2E70DECF8}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SocialSearchBar_App
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E35B874C-B20C-4C4F-A656-525AE9218388}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3239904
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{124FDF10-3D39-455C-A655-8493BAA8F3A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84B273D1-6E53-426A-BBC1-41029F54B186}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMesh 1 MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SocialSearchBar_App Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2421D847-721C-404F-87B4-BBD2B95D1087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E35B874C-B20C-4C4F-A656-525AE9218388}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SocialSearchBar_App Toolbar
Key Deleted : HKLM\Software\SocialSearchBar_App
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2421D847-721C-404F-87B4-BBD2B95D1087}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2421D847-721C-404F-87B4-BBD2B95D1087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.9] : homepage = "hxxp://search.imesh.com/",
Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://search.imesh.com/", "hxxp://www.99searchengines.com[...]
Deleted [l.1679] : homepage = "hxxp://search.imesh.com/",
Deleted [l.1997] : urls_to_restore_on_startup = [ "hxxp://search.imesh.com/", "hxxp://www.99searchengines.com/?o[...]

*************************

AdwCleaner[S1].txt - [10358 octets] - [25/02/2013 17:02:20]

########## EOF - C:\AdwCleaner[S1].txt - [10419 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Microsoft Windows XP x86
Ran by Gayle Perry on Mon 02/25/2013 at 17:07:49.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin
Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Gayle Perry\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files\imesh applications"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/25/2013 at 17:13:26.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Gayle Perry [Admin rights]
Mode : Scan -- Date : 02/25/2013 17:19:38
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 15 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SHELLSPWN] HKCU\[...]\command : ("C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\ffd.exe" -a "%1" %*) -> FOUND
[SHELLSPWN] HKUS\S-1-5-21-43951139-821738831-4022988679-1005[...]\command : ("C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\ffd.exe" -a "%1" %*) -> FOUND
[SHELLSPWN] HKCR\[...]\command : ("C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\ffd.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...].exe : (QW) -> FOUND
[FILEASSO] HKCU\[...]\.exe : (QW) -> FOUND
[FILEASSO] HKUS\S-1-5-21-43951139-821738831-4022988679-1005[...]\.exe : (QW) -> FOUND
[FILEASSO] HKLM\[...]\command : ("C:\Documents and Settings\Gayle Perry\Local Settings\Application Data\ffd.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") [-] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

˙ţ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1031GAS +++++
--- User ---
[MBR] 290d72a0aead2ea3e54b6bde74035594
[BSP] a38db434fd2429542f6455ae0b5f665e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95385 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02252013_02d1719.txt >>
RKreport[1]_S_02252013_02d1719.txt

#8 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 26 February 2013 - 12:21 PM

Hi sLeven7 ;)

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

#9 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 26 February 2013 - 01:07 PM

ComboFix 13-02-26.01 - Gayle Perry 02/26/2013 13:46:40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.696 [GMT -5:00]
Running from: c:\documents and settings\Gayle Perry\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\3B00D439.TMP
c:\documents and settings\Gayle Perry\Local Settings\Application Data\ffd.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-26 to 2013-02-26 )))))))))))))))))))))))))))))))
.
.
2013-02-25 22:07 . 2013-02-25 22:07 -------- d-----w- c:\windows\ERUNT
2013-02-25 22:07 . 2013-02-25 22:07 -------- d-----w- C:\JRT
2013-02-25 21:27 . 2013-02-25 21:27 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn7\yt.dll" [2012-11-26 1525088]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-22 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-07 149280]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]
"V0230Mon.exe"="c:\windows\system32\V0230Mon.exe" [2006-07-19 36961]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-8-25 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-25 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gayle Perry^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\documents and settings\Gayle Perry\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gayle Perry^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Gayle Perry\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 16:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-03-17 01:58 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
2006-06-09 06:11 24576 ------w- c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
2002-09-11 01:26 368706 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 08:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-06-27 22:35 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 03:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 07:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-12-17 13:50 19968 ------w- c:\windows\LOGI_MWX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-12-09 02:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-18 22:25 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2007-11-29 00:51 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-01-22 01:13 295072 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 8:31 PM 38608]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/28/2006 8:59 AM 30192]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [1/13/2007 2:58 PM 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [1/13/2007 2:58 PM 498464]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-24 02:51 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
2013-02-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 00:53]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 14:41]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 14:41]
.
2013-02-07 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-43951139-821738831-4022988679-1005.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-30 01:33]
.
2013-02-26 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-43951139-821738831-4022988679-1005.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 01:31]
.
2013-02-22 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-43951139-821738831-4022988679-1005.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 01:31]
.
2013-02-26 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-43951139-821738831-4022988679-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30]
.
2013-02-26 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-43951139-821738831-4022988679-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30]
.
.
------- Supplementary Scan -------
.
uStart Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
AddRemove-Pandora's Box 1.0 - c:\program files\Microsoft Games\Pandora's Box\setup
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-26 13:56
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ?,?B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3292)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Netscape Internet Service\ncupdatesvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HPQ\SHARED\HPQWMI.exe
.
**************************************************************************
.
Completion time: 2013-02-26 14:01:52 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-26 19:01
.
Pre-Run: 63,757,160,448 bytes free
Post-Run: 64,270,508,032 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 59DB801091A0DEB10E5D1D03BC97AA00

#10 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 27 February 2013 - 05:51 AM

Hi sLeven7 ;)

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=============================== Next =======================================



ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push Posted Image

Please let me know how your machine is running and if there are any outstanding issues


On your next reply please post :
  • MBAM log
  • Eset report

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

#11 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 27 February 2013 - 01:47 PM

As far as I can tell I have control over the computer again, thank you. Here are the reports: Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.27.09 Windows XP Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18702 Gayle Perry :: GAYLE [administrator] Protection: Enabled 2/27/2013 12:23:27 PM mbam-log-2013-02-27 (12-23-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 221006 Time elapsed: 6 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.27.09 Windows XP Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18702 Gayle Perry :: GAYLE [administrator] Protection: Enabled 2/27/2013 12:23:27 PM mbam-log-2013-02-27 (12-23-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 221006 Time elapsed: 6 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) C:\Qoobox\Quarantine\C\Documents and Settings\Gayle Perry\Local Settings\Application Data\ffd.exe.vir a variant of Win32/Kryptik.AVCB trojan C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP483\A0125560.exe a variant of Win32/Kryptik.AVCB trojan

#12 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 27 February 2013 - 11:33 PM

Hi sLeven7 ;)

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

#13 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 28 February 2013 - 05:52 AM

Thank you Robybel so much for helping me clean this machine up. In addition to resetting the system restore, I have, Updated to SP3 Installed all the security updates Installed Microsoft Essentials for the anti-virus Installed Wise Care 365 for daily cleaning and optimization Is there anything I haven't addressed in keeping it protected and clean?

#14 sLeven7

sLeven7

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 28 February 2013 - 05:53 AM

Thank you Robybel so much for helping me clean this machine up. In addition to resetting the system restore, I have, Updated to SP3 Installed all the security updates Installed Microsoft Essentials for the anti-virus Installed Wise Care 365 for daily cleaning and optimization Is there anything I haven't addressed in keeping it protected and clean?

#15 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 28 February 2013 - 12:13 PM

Hi sLeven7 ;)

Very good job :)

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :) SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :)

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

    Posted Image


Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Unistall AdwCleaner

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site http://java.com/en/ and click on "Do I have Java"
  • It will check your current version and then offer to update to the latest version
  • Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if there are - remove them.


Java is very easily exploited these days and it's a good idea to disable Java in the browser

Please read here


Adobe Update to the latest version

On your computer exist an old version of Adobe products:

Adobe reader 9
Adobe Flash Player 10
  • Please go to this page, http://www.adobe.com...nloads/updates/
  • In Find product updates, scroll down the menu until you find the product you want to update.
  • Select it and click go.
  • At this point you will be directed to the update page, scroll down until you Updates/Programs and select the latest version of the product.
  • It will be 'directed to the download page, and then click proceed to download and follow the instructions.
  • Follow these steps for all products that require upgrade.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free
Agnitum Outpost Firewall Free


5.SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:
6. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

7. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.



Similar Topics: Infected with XP defender plus 2013 (Solved)     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users