WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Chrome can not access internet

Started by Makofan , Nov 10 2012 10:41 AM

This topic is locked

7 replies to this topic

#1 Makofan

Authentic Member

Authentic Member
94 posts

Posted 10 November 2012 - 10:41 AM

Problem: Chrome can not access internet. Removed it, then went to reinstall and Chrome Installer can not access internet

The story: Last night, I was trying to speed up an old laptop, so I went into MSCONFIG and disabled on Startup most non-Microsoft tools. This morning, Chrome could not access the internet (I tried both google.ca and facebook.com). I reloaded MSCONFIG and set it back to defauts, rebooted, but have same problem.

I tried Internet Explorer, and it worked. I checked Chrome settings for a proxy, but there was none set. I then uninstalled Chrome, and tried to reinstall, but the installer could not connect to the internet. I tried renaming the directories in Users\App Data\Google so it could recreate them, but no luck.

At this point I suspected a virus attached to chrome, downloaded OTL and did a scan. Here are the logs. (PS - this is not a work computer,although it started out that way a long time ago - it was retired about 5 years ago).

OTL

OTL logfile created on: 11/10/2012 10:56:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jhitchen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.33 Mb Total Physical Memory | 251.27 Mb Available Physical Memory | 49.24% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 76.03% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.34 Gb Total Space | 25.41 Gb Free Space | 48.56% Space Free | Partition Type: NTFS
Drive E: | 7.49 Gb Total Space | 1.91 Gb Free Space | 25.49% Space Free | Partition Type: FAT32

Computer Name: HELEN-LAPTOPXP | User Name: jhitchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\jhitchen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()

========== Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (IMFservice) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (CrypKey License) -- C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (IntelliAdminRC4) -- C:\Program Files\IntelliAdmin4\Agent\Agent32.exe ()
SRV - (IntelliAdminRC3) -- C:\WINDOWS\IntelliAdminRC3\Agent32.exe ()
SRV - (CcmExec) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (Inspect) -- C:\WINDOWS\system32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()
DRV - (FileMonitor) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys ()
DRV - (UrlFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys (IObit.com)
DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys ()
DRV - (RsFx0150) -- C:\WINDOWS\system32\drivers\RsFx0150.sys (Microsoft Corporation)
DRV - (NetWorkX) -- C:\WINDOWS\system32\Ckldrv.sys ()
DRV - (NxDrv) -- C:\WINDOWS\system32\drivers\NxDrv.sys (SonicWALL Inc.)
DRV - (SSLDrv) -- C:\WINDOWS\system32\drivers\SSLDrv.sys (SonicWALL Inc.)
DRV - (prepdrvr) -- C:\WINDOWS\system32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (SEM43XX) -- C:\WINDOWS\system32\drivers\semwl5.SYS (Broadcom Corporation)
DRV - (SEMWModem) -- C:\WINDOWS\system32\drivers\GCXX.sys (Broadcom Corporation)
DRV - (SEMWWNIC) -- C:\WINDOWS\system32\drivers\GCXXNet.sys (Broadcom Corporation)
DRV - (Sony_EricssonWWSC) -- C:\WINDOWS\system32\drivers\GCXXSC.sys (Broadcom Corporation)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (DeviceGuys, Inc.)
DRV - (RT2500) -- C:\WINDOWS\system32\drivers\RT2500.sys (Ralink Technology Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...amp;Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55515

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.ca/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: npNELaunch@sonicwall.com:4.0.0.78
FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:3.3.433
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:7.2.8
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\jhitchen\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\jhitchen\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\jhitchen\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\jhitchen\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/25 20:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/25 20:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/31 09:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/25 20:11:37 | 000,000,000 | ---D | M]

[2010/12/18 12:39:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jhitchen\Application Data\Mozilla\Extensions
[2011/04/26 12:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jhitchen\Application Data\Mozilla\Firefox\Profiles\ewk4c1ve.default\extensions
[2011/01/14 11:15:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jhitchen\Application Data\Mozilla\Firefox\Profiles\ewk4c1ve.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/20 13:33:25 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Documents and Settings\jhitchen\Application Data\Mozilla\Firefox\Profiles\ewk4c1ve.default\extensions\activegs@freetoolsassociation.com
[2010/12/23 17:55:04 | 000,000,000 | ---D | M] (NetExtender Launcher) -- C:\Documents and Settings\jhitchen\Application Data\Mozilla\Firefox\Profiles\ewk4c1ve.default\extensions\npNELaunch@sonicwall.com
[2011/10/23 20:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/30 10:33:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/23 20:02:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/31 09:46:56 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/25 20:07:42 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/12/31 09:46:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/31 09:46:49 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{g
oogle:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\jhitchen\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\jhitchen\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\jhitchen\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\jhitchen\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\jhitchen\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\jhitchen\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\jhitchen\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\jhitchen\Local Settings\Application Data\Google\xChrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\jhitchen\Local Settings\Application Data\Google\xChrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\jhitchen\Local Settings\Application Data\Google\xChrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\jhitchen\Local Settings\Application Data\Google\xChrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/05/27 09:47:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Windows Defender] c:\program files\windows defender\msascui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html File not found
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - Reg Error: Value error. File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - Reg Error: Value error. File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: ceu ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: crabtree-evelyn.ca ([retail] http in Local intranet)
O15 - HKCU\..Trusted Domains: crabtree-evelyn.co.uk ([retail] http in Local intranet)
O15 - HKCU\..Trusted Domains: crabtree-evelyn.co.uk ([www] http in Local intranet)
O15 - HKCU\..Trusted Domains: crabtree-evelyn.com ([barracuda] http in Local intranet)
O15 - HKCU\..Trusted Domains: crabtree-evelyn.com ([emea] http in Local intranet)
O15 - HKCU\..Trusted Domains: crabtree-evelyn.com ([imagenet] http in Local intranet)
O15 - HKCU\..Trusted Domains: crabtree-evelyn.com ([otrs] https in Local intranet)
O15 - HKCU\..Trusted Domains: crabtree-evelyn.com ([printers] http in Local intranet)
O15 - HKCU\..Trusted Domains: crabtree-evelyn.com ([qcglobal] http in Local intranet)
O15 - HKCU\..Trusted Domains: crabtree-evelyn.com ([retail] http in Local intranet)
O15 - HKCU\..Trusted Domains: crabtree-evelyn.com ([sharepoint] http in Local intranet)
O15 - HKCU\..Trusted Domains: crabtree-evelyn.com ([www] http in Local intranet)
O15 - HKCU\..Trusted Domains: crabtree-evelyn.com.au ([www] http in Local intranet)
O15 - HKCU\..Trusted Domains: ctree.net ([ceu] https in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1292274449669 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1292338430639 (MUWebControl Class)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://ssl-vpn.crab...yn.com/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://ssl-vpn.crab...acheCleaner.cab (WebCacheCleaner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} https://ssl-vpn.crab....1/matn5250.cab (Matn5250 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ctree.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{229DEDE7-1FA9-45BA-9DCE-E936DC02BA69}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{229DEDE7-1FA9-45BA-9DCE-E936DC02BA69}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDCA5D3E-086B-4F59-920A-F0FEB7E3F2FD}: NameServer = 8.26.56.26,156.154.70.22
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/19 17:55:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/10 10:54:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jhitchen\Desktop\OTL.exe
[2012/11/10 10:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/11/09 18:18:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/10/28 13:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/28 13:53:32 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/28 13:53:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/28 13:53:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/28 13:53:12 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

========== Files - Modified Within 30 Days ==========

[2012/11/10 11:10:12 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-801793170-613679141-314601362-1984UA.job
[2012/11/10 10:54:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jhitchen\Desktop\OTL.exe
[2012/11/10 10:36:03 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/10 10:35:10 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/11/10 10:30:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/10 10:14:28 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012/11/10 10:13:41 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-801793170-613679141-314601362-1984.job
[2012/11/10 10:13:32 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2012/11/10 10:13:32 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2012/11/10 10:13:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/10 10:13:24 | 000,000,453 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2012/11/10 10:12:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/09 19:03:03 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-801793170-613679141-314601362-1984Core.job
[2012/11/09 18:22:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/11/04 11:04:03 | 000,573,942 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/04 11:04:03 | 000,115,184 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/03 21:53:04 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-801793170-613679141-314601362-1984.job
[2012/10/28 13:52:48 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/28 13:52:45 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/10/28 13:52:45 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/10/28 13:52:45 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/28 13:52:45 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/28 13:52:45 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/28 13:52:45 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

========== Files Created - No Company Name ==========

[2012/11/10 10:25:34 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/10 10:25:33 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/03 19:19:14 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\jhitchen\g2mdlhlpx.exe
[2011/09/24 12:15:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/09/24 12:14:55 | 000,000,087 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/09/24 12:14:52 | 000,023,360 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/09/24 12:14:52 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/08/20 19:01:24 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/08/20 19:01:24 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/08/20 19:01:23 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/08/20 18:25:21 | 000,035,685 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011/08/20 15:13:13 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2011/07/10 13:30:57 | 000,135,104 | ---- | C] () -- C:\WINDOWS\Tab16d20.dll
[2011/07/10 13:30:57 | 000,118,784 | ---- | C] () -- C:\WINDOWS\DLL32.DLL
[2011/07/10 13:30:57 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dll2kusb.dll
[2011/07/10 13:30:57 | 000,048,176 | ---- | C] () -- C:\WINDOWS\Imp16d20.dll
[2011/07/10 13:30:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\USBPRN.DLL
[2011/07/10 13:30:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\UninFolder.dll
[2011/07/10 13:30:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\SSTHUNK.DLL
[2011/07/10 13:30:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\NTFAX.EXE
[2011/07/10 13:30:57 | 000,012,800 | ---- | C] () -- C:\WINDOWS\SS16FT.DLL
[2011/07/10 13:30:57 | 000,011,079 | ---- | C] () -- C:\WINDOWS\LxUsbOpn.dll
[2011/07/10 13:30:57 | 000,002,770 | ---- | C] () -- C:\WINDOWS\SSDS32.INI
[2011/07/10 13:30:57 | 000,002,767 | ---- | C] () -- C:\WINDOWS\SSDEF32.INI
[2011/07/10 13:30:57 | 000,002,554 | ---- | C] () -- C:\WINDOWS\SSDS16.INI
[2011/07/10 13:30:57 | 000,002,478 | ---- | C] () -- C:\WINDOWS\ssnew05.ini
[2011/07/10 13:30:57 | 000,002,478 | ---- | C] () -- C:\WINDOWS\ssnew04.ini
[2011/07/10 13:30:57 | 000,002,477 | ---- | C] () -- C:\WINDOWS\ssnew01.ini
[2011/07/10 13:30:57 | 000,002,474 | ---- | C] () -- C:\WINDOWS\ssnew03.ini
[2011/07/10 13:30:57 | 000,002,474 | ---- | C] () -- C:\WINDOWS\ssnew02.ini
[2011/07/10 13:30:57 | 000,002,267 | ---- | C] () -- C:\WINDOWS\SSDEF16.INI
[2011/07/10 13:30:57 | 000,001,593 | ---- | C] () -- C:\WINDOWS\PORTEX16.DLL
[2011/07/10 13:30:57 | 000,000,272 | ---- | C] () -- C:\WINDOWS\MyScan.ini
[2011/06/28 22:04:49 | 000,169,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/16 10:43:43 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/06/16 10:43:36 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/05/24 10:31:56 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/05/24 10:31:56 | 000,001,208 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/05/14 21:56:07 | 000,000,224 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2011/04/29 11:11:33 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\jhitchen\.recently-used.xbel
[2011/04/26 12:09:47 | 000,011,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/04/10 17:59:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/06 11:04:52 | 000,000,407 | ---- | C] () -- C:\WINDOWS\MORDOR.INI
[2011/04/06 11:04:43 | 000,002,573 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2011/04/06 11:04:26 | 000,090,702 | ---- | C] () -- C:\WINDOWS\SETUP1.EXE
[2011/04/02 21:03:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/02/22 19:13:08 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\jhitchen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/02 13:48:35 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\jhitchen\Local Settings\Application Data\fusioncache.dat
[2010/12/18 12:38:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/05 11:34:32 | 000,003,942 | RHS- | C] () -- C:\Documents and Settings\jhitchen\ntuser.pol
[2005/01/19 19:02:28 | 000,021,439 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2005/01/21 12:25:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/20 14:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/04/01 19:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2011/04/08 20:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/12/28 01:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/08/07 21:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Out of the Park Developments
[2011/01/02 12:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/04/21 10:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/04/21 20:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/04/20 21:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhitchen\Application Data\Blackberry Desktop
[2012/01/10 23:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhitchen\Application Data\DAoC Portal
[2010/12/28 01:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhitchen\Application Data\Downloaded Installations
[2012/01/11 00:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhitchen\Application Data\Electronic Arts
[2010/12/28 01:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhitchen\Application Data\Foxit Software
[2011/04/29 11:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhitchen\Application Data\gtk-2.0
[2011/06/23 14:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhitchen\Application Data\HexWar Launcher
[2011/12/04 10:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhitchen\Application Data\IObit
[2010/12/14 20:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhitchen\Application Data\Leadertech
[2012/04/01 19:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhitchen\Application Data\MyHeritage
[2010/12/28 15:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhitchen\Application Data\Nitro PDF
[2012/06/02 23:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhitchen\Application Data\Oracle
[2011/08/07 21:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhitchen\Application Data\Out of the Park Developments
[2011/05/20 18:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhitchen\Application Data\Research In Motion
[2011/04/21 20:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhitchen\Application Data\RoboForm

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.DESIGNER.VB >
[2009/12/21 10:28:26 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\Documents and Settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.designer.vb
[2009/12/21 10:28:26 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\Documents and Settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.designer.vb

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: EXPLORER.EXE.000 >
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe.000

< MD5 for: EXPLORER.EXE-02121B1A.PF >
[2012/11/10 10:08:09 | 000,045,248 | ---- | M] () MD5=B5D8B4813192279B515BF3E09D0F5D0F -- C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf

< MD5 for: EXPLORER.RESX >
[2009/12/21 10:28:26 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\Documents and Settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.resx
[2009/12/21 10:28:26 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\Documents and Settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.resx

< MD5 for: EXPLORER.SCF >
[2001/08/23 07:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: EXPLORER.VB >
[2009/12/21 10:28:26 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\Documents and Settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vb
[2009/12/21 10:28:26 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\Documents and Settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vb

< MD5 for: EXPLORER.VSTEMPLATE >
[2009/12/21 10:28:26 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\Documents and Settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vstemplate
[2009/12/21 10:28:26 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\Documents and Settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vstemplate

< MD5 for: EXPLORER.ZIP >
[2009/12/21 10:28:28 | 000,024,306 | ---- | M] () MD5=1EFEA00EC1042E059C5602E46DA33421 -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\ItemTemplates\VisualBasic\Windows Forms\1033\Explorer.zip
[2006/03/06 22:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

< MD5 for: IEXPLORE.CHM >
[2009/02/21 01:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2004/07/17 11:40:18 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie7\iexplore.chm
[2004/07/17 11:40:18 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ServicePackFiles\i386\iexplore.chm
[2006/09/01 07:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\WINDOWS\ie8\iexplore.chm

< MD5 for: IEXPLORE.EXE >
[2009/06/29 02:25:31 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=02E2754D3E566C11A4934825920C47DD -- C:\WINDOWS\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
[2009/04/25 00:27:50 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=092A7F2B49A19ECCE5369D3CB2276148 -- C:\WINDOWS\ie7updates\KB972260-IE7\iexplore.exe
[2009/06/29 03:35:10 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=3CFC56F73D494FC1AA2B6E981DF15ACD -- C:\WINDOWS\ie7updates\KB982381-IE7\iexplore.exe
[2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2009/02/27 23:54:41 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=A251068640DDB69FD7805B57D89D7FF7 -- C:\WINDOWS\ie7updates\KB969897-IE7\iexplore.exe
[2010/04/16 06:08:29 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B24A4E23A2FEDB6976EB04D334AD82B2 -- C:\WINDOWS\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\ERDNT\cache\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2009/02/27 23:54:44 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=BCD8E48709BE4A79606F0B6E8E9A6162 -- C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[2009/04/25 00:27:39 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=C0503FD8D163652735C1EE900672A75C -- C:\WINDOWS\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[2010/04/16 06:43:25 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=C4BA5E36FB57F547117305BF1E0FE454 -- C:\WINDOWS\ie8\iexplore.exe
[2007/08/13 17:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe
[2004/08/04 00:56:52 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
[2004/08/04 00:56:52 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ie7\iexplore.exe

< MD5 for: IEXPLORE.EXE.000 >
[2010/04/16 06:43:25 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=C4BA5E36FB57F547117305BF1E0FE454 -- C:\WINDOWS\ie8\iexplore.exe.000

< MD5 for: IEXPLORE.EXE.MUI >
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
[2007/08/13 17:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\WINDOWS\ie8\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-2D97EBE6.PF >
[2012/11/10 10:23:57 | 000,091,276 | ---- | M] () MD5=61F03D944D8591563F83E8B7AE73C0DB -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf

< MD5 for: IEXPLORE.HLP >
[2001/08/23 07:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp

< MD5 for: SERVICES >
[2001/08/23 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.EXE.000 >
[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe.000

< MD5 for: SERVICES.H >
[2011/03/31 14:36:18 | 000,001,008 | ---- | M] () MD5=62DA1F2270CF73E0DA79DD0748D7E36B -- C:\Program Files\MySQL\MySQL Server 5.5\include\mysql\services.h

< MD5 for: SERVICES.INI >
[2011/04/26 23:06:08 | 000,003,453 | ---- | M] () MD5=9972CC995D29D674065E8B2AEBB2F131 -- C:\Program Files\IObit\Advanced SystemCare 4\services.ini

< MD5 for: SERVICES.LNK >
[2011/08/20 14:26:07 | 000,001,602 | ---- | M] () MD5=ED839B415989309AA476612E271F520B -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2001/08/23 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2005/01/19 17:55:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/01/19 18:19:25 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/11/09 18:22:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2005/01/19 17:55:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2005/01/19 17:55:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/01/19 17:55:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/01/19 18:12:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/12/14 08:46:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/11/10 10:12:50 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2008/12/22 12:08:27 | 000,000,557 | ---- | M] () -- C:\Pltfrm2.ini
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/01/19 17:54:57 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2008/11/21 09:14:00 | 000,001,538 | -H-- | M] () -- C:\Documents and Settings\jhitchen\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/01/19 11:27:10 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/01/19 11:27:10 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/01/19 11:27:10 | 000,397,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/12/14 09:00:32 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/11/05 11:34:56 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\jhitchen\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/11/05 11:34:54 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\jhitchen\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/11/10 10:54:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jhitchen\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0
"AUOptions" = 3
"ScheduledInstallDay" = 7
"ScheduledInstallTime" = 16
"NoAutoRebootWithLoggedOnUsers" = 1
"UseWUServer" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-14 17:04:14

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\WINDOWS:nlsPreferences

< End of report >

Advertisements

Register to Remove

#2 Makofan

Authentic Member

Authentic Member
94 posts

Posted 10 November 2012 - 10:42 AM

EXTRAS

OTL Extras logfile created on: 11/10/2012 10:56:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jhitchen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.33 Mb Total Physical Memory | 251.27 Mb Available Physical Memory | 49.24% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 76.03% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.34 Gb Total Space | 25.41 Gb Free Space | 48.56% Space Free | Partition Type: NTFS
Drive E: | 7.49 Gb Total Space | 1.91 Gb Free Space | 25.49% Space Free | Partition Type: FAT32

Computer Name: HELEN-LAPTOPXP | User Name: jhitchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"425508:UDP:172.16.7.0/24,172.16.5.0/24,172.16.10.0/24,172.16.11.0/24,172.16.13.0/24,172.16.0.0/22:enabled:Etrust Discovery" = 425508:UDP:172.16.7.0/24,172.16.5.0/24,172.16.10.0/24,172.16.11.0/24,172.16.13.0/24,172.16.0.0/22:enabled:Etrust Discovery

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = localsubnet,172.16.7.0/24,localsubnet,172.16.5.0/24,localsubnet,172.16.10.0/24,localsubnet,172.16.11.0/24,localsubnet,172.16.13.0/24,localsubnet,172.16.7.20/24,localsubnet,172.16.0.0/22

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = localsubnet,172.16.7.0/24,localsubnet,172.16.5.0/24,localsubnet,172.16.10.0/24,localsubnet,172.16.11.0/24,localsubnet,172.16.13.0/24,localsubnet,172.16.7.20/24,localsubnet,172.16.0.0/22

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = localsubnet,172.16.7.0/24,localsubnet,172.16.5.0/24,localsubnet,172.16.10.0/24,localsubnet,172.16.11.0/24,localsubnet,172.16.13.0/24,localsubnet,172.16.7.20/24,localsubnet,172.16.0.0/22

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"57302:TCP" = 57302:TCP:*:Enabled:Pando Media Booster
"57302:UDP" = 57302:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"57302:TCP" = 57302:TCP:*:Enabled:Pando Media Booster
"57302:UDP" = 57302:UDP:*:Enabled:Pando Media Booster
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\IntelliAdminRC3\Agent32.exe" = C:\WINDOWS\IntelliAdminRC3\Agent32.exe:*:Enabled:IntelliAdmin Remote Control Agent -- ()
"C:\Program Files\IntelliAdmin4\Agent\Agent32.exe" = C:\Program Files\IntelliAdmin4\Agent\Agent32.exe:*:Enabled:IntelliAdmin Remote Control 4 -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\IntelliAdminRC3\Agent32.exe" = C:\WINDOWS\IntelliAdminRC3\Agent32.exe:*:Enabled:IntelliAdmin Remote Control Agent -- ()
"C:\Program Files\IntelliAdmin4\Agent\Agent32.exe" = C:\Program Files\IntelliAdmin4\Agent\Agent32.exe:*:Enabled:IntelliAdmin Remote Control 4 -- ()
"C:\Documents and Settings\jhitchen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\jhitchen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 Management Studio
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2EDE81-878F-400D-A5C3-3EC445F47750}" = Samsung SCX-4x16 Series (TWAIN)
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 Management Studio
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{286033D3-C1C2-458A-B42B-0AC9C4E62B90}" = Scid
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{32A3A4F4-B792-11D6-A78A-00B0D0160270}" = Java™ SE Development Kit 6 Update 27
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A39A27F-005B-407E-8CF5-F4D8065658E4}" = SMS Advanced Client
"{4A6A9534-25BD-490D-AFFD-58270214FB6C}" = IntelliAdmin Remote Control Server
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{4E621E54-0E24-42B5-B80D-E0026C2153EC}_is1" = HexWar Components 1.0.0
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 Database Engine Services
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{75B6EAA7-773D-4FD9-B3C3-EAE3C4F77313}_is1" = HexWar Game Launcher Version 6.4.0
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8AF09748-FCC1-48AB-9A81-21D76903F5C9}" = MySQL Server 5.5
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.7
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights
"{CA706D05-B655-4F31-AA68-03BB2441F8EC}" = Barracuda Message Archiver Outlook Add-In 2.2.1
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{E8A0BF78-AEC5-449A-A391-1B20535009D6}" = TableSmith
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Bard's Tale" = The Bard's Tale (remove only)
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"DBA Online" = DBA Online
"Dia" = Dia (remove only)
"Diablo II" = Diablo II
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Finale NotePad 2006" = Finale NotePad 2006
"Foxit Reader" = Foxit Reader
"Game Booster_is1" = Game Booster
"Histopedia Free Edition" = Histopedia Free Edition
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"IntelliAdminRC3" = IntelliAdmin 3.0 - Remove Agent
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neverwinter Nights™ Kingmaker" = BioWare Premium Module: Neverwinter Nights™ Kingmaker
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PM FASTrack v6" = PM FASTrack v6
"RealPlayer 15.0" = RealPlayer
"Samsung SCX-4x16 Series" = Samsung SCX-4x16 Series
"Smart Defrag 2_is1" = Smart Defrag 2
"Space Empires III" = Space Empires III
"Update Manager" = Update Manager (remove only)
"VASSAL (3.1.15)" = VASSAL (3.1.15)
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/7/2012 6:45:11 AM | Computer Name = HELEN-LAPTOPXP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/9/2012 6:33:29 PM | Computer Name = HELEN-LAPTOPXP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x800704cf). The network location cannot be reached. For
information about network troubleshooting, see Windows Help. Enrollment will not
be performed.

Error - 11/10/2012 10:55:47 AM | Computer Name = HELEN-LAPTOPXP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 11/10/2012 10:55:48 AM | Computer Name = HELEN-LAPTOPXP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/10/2012 11:00:36 AM | Computer Name = HELEN-LAPTOPXP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80244015, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 11/10/2012 11:07:51 AM | Computer Name = HELEN-LAPTOPXP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/10/2012 11:13:06 AM | Computer Name = HELEN-LAPTOPXP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/10/2012 11:13:07 AM | Computer Name = HELEN-LAPTOPXP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/10/2012 11:13:26 AM | Computer Name = HELEN-LAPTOPXP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/10/2012 11:34:29 AM | Computer Name = HELEN-LAPTOPXP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024400a, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 11/9/2012 8:18:51 PM | Computer Name = HELEN-LAPTOPXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 11/9/2012 10:18:56 PM | Computer Name = HELEN-LAPTOPXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 11/10/2012 10:55:59 AM | Computer Name = HELEN-LAPTOPXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/10/2012 10:56:02 AM | Computer Name = HELEN-LAPTOPXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/10/2012 11:11:02 AM | Computer Name = HELEN-LAPTOPXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 11/10/2012 11:13:16 AM | Computer Name = HELEN-LAPTOPXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/10/2012 11:13:19 AM | Computer Name = HELEN-LAPTOPXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/10/2012 11:28:19 AM | Computer Name = HELEN-LAPTOPXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 11/10/2012 11:39:54 AM | Computer Name = HELEN-LAPTOPXP | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/10/2012 11:58:25 AM | Computer Name = HELEN-LAPTOPXP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

< End of report >

#3 mowman

SuperMember

Malware Team
2,669 posts

Posted 12 November 2012 - 07:42 PM

Hello,
Welcome to WhatTheTech. My name is mowman, and I will be helping you fix your problems.

If you do not make a reply in 3 days, we will have to close your topic.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this topic. The topics you are tracking can be found by clicking on My Topics at the top of any page.

Please take note of some guidelines for this fix:

•Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
•If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
•Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
•Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
Only attach them if requested or if they do not fit into the post

Did you set this proxy?

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55515

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error

#4 Makofan

Authentic Member

Authentic Member
94 posts

Posted 13 November 2012 - 09:29 PM

Did you set this proxy?

QUOTE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55515

NO, I DO NOT RECALL SETTING ANY PROXY

ComboFix 12-11-13.02 - jhitchen 11/13/2012 22:06:48.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.68 [GMT -5:00]
Running from: c:\documents and settings\jhitchen\Desktop\ComboFix.exe
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Created a new restore point
.
ADS - WINDOWS: deleted 128 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jhitchen\g2mdlhlpx.exe
c:\windows\EventSystem.log
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\Tab16d20.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))))
.
.
2012-11-14 02:44 . 2012-11-14 02:44 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-10 15:35 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D5FB7551-2DE0-46B1-84A4-6C4367482CD8}\mpengine.dll
2012-11-10 15:25 . 2012-11-10 15:25 -------- d-----w- c:\program files\Google
2012-10-28 18:54 . 2012-10-28 18:54 -------- d-----w- c:\program files\Common Files\Java
2012-10-28 18:53 . 2012-10-28 18:52 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 02:44 . 2011-06-13 13:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-28 18:52 . 2012-06-03 04:07 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-28 18:52 . 2011-08-30 15:33 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-28 18:52 . 2010-12-13 23:06 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-12 05:56 . 2011-04-02 04:43 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-09-26 01:06 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-26 01:06 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-31 14:46 . 2011-12-31 14:46 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2012-03-11 21:13 6749512 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 12:04 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-08 03:30 136176 ----atw- c:\documents and settings\jhitchen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting]
2012-07-04 00:19 39816 ----a-w- c:\program files\Citrix\GoToMeeting\880\g2mstart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 05:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 13:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-09-01 21:47 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-26 01:07 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SQLWriter"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"nlsX86cc"=2 (0x2)
"MySQL"=3 (0x3)
"MSSQL$SQLEXPRESS"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"IntelliAdminRC4"=2 (0x2)
"IntelliAdminRC3"=2 (0x2)
"IMFservice"=2 (0x2)
"idsvc"=3 (0x3)
"CrypKey License"=2 (0x2)
"cmdAgent"=2 (0x2)
"AdvancedSystemCareService5"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\IntelliAdminRC3\\Agent32.exe"=
"c:\\Program Files\\IntelliAdmin4\\Agent\\Agent32.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"57302:TCP"= 57302:TCP:Pando Media Booster
"57302:UDP"= 57302:UDP:Pando Media Booster
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/16/2011 10:43 AM 13496]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5/2/2011 7:36 PM 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/2/2011 7:36 PM 31704]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [10/21/2009 1:27 PM 22600]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/14/2011 10:44 AM 30368]
S3 SEM43XX;Sony Ericsson 802.11 Wireless LAN Adapter Driver SEM43XX;c:\windows\system32\drivers\semwl5.SYS [10/5/2005 1:10 PM 368896]
S3 SEMWModem;Sony Ericsson SEMWModem;c:\windows\system32\drivers\GCXX.sys [10/5/2005 1:10 PM 114944]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;c:\windows\system32\drivers\GCXXNet.sys [10/5/2005 1:10 PM 53248]
S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\drivers\GCXXSC.sys [10/5/2005 1:10 PM 21888]
S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [10/23/2007 7:09 PM 20504]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [4/26/2011 12:09 PM 11232]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/14/2011 10:44 AM 16080]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [8/20/2011 2:51 PM 913792]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/14/2011 10:44 AM 239472]
S4 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/14/2011 10:44 AM 821080]
S4 IntelliAdminRC3;IntelliAdminRC3;c:\windows\IntelliAdminRC3\Agent32.exe [11/24/2008 4:06 PM 2120672]
S4 IntelliAdminRC4;IntelliAdmin Remote Control 4;c:\program files\IntelliAdmin4\Agent\Agent32.exe [12/24/2009 9:04 AM 2281440]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 10:56 AM 44896]
S4 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [10/20/2010 5:41 PM 67904]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 10:02 AM 240608]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 10:56 AM 367456]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-10 22:57]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-10 22:57]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-801793170-613679141-314601362-1984Core.job
- c:\documents and settings\jhitchen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-08 03:30]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-801793170-613679141-314601362-1984UA.job
- c:\documents and settings\jhitchen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-08 03:30]
.
2012-11-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2012-11-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2012-11-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-801793170-613679141-314601362-1984.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2012-04-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2012-11-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-801793170-613679141-314601362-1984.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2012-11-14 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-25 00:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = hxxp://www.crabtree-evelyn.ca/
uInternet Settings,ProxyServer = http=127.0.0.1:55515
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{229DEDE7-1FA9-45BA-9DCE-E936DC02BA69}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{DDCA5D3E-086B-4F59-920A-F0FEB7E3F2FD}: NameServer = 8.26.56.26,156.154.70.22
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://ssl-vpn.crabtree-evelyn.com/MLWebCacheCleaner.cab
DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} - hxxps://ssl-vpn.crabtree-evelyn.com/go/http://172.16.1.1/matn5250.cab
FF - ProfilePath - c:\documents and settings\jhitchen\Application Data\Mozilla\Firefox\Profiles\ewk4c1ve.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.ca/
FF - ExtSQL: 2012-09-25 21:09; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2010-12-13 16:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DriverUpdate - c:\program files\driverupdate\driverupdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-13 22:21
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,be,e3,98,56,4e,80,41,bc,70,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,be,e3,98,56,4e,80,41,bc,70,d4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(804)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-11-13 22:25:22
ComboFix-quarantined-files.txt 2012-11-14 03:25
.
Pre-Run: 27,898,667,008 bytes free
Post-Run: 28,023,590,912 bytes free
.
- - End Of File - - 5EFCF10116DF61749D4C8A39A2E5BDCA

#5 mowman

SuperMember

Malware Team
2,669 posts

Posted 14 November 2012 - 04:47 AM

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Services

:Otl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55515

:Commands
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Please download Malwarebytes Free from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the log please

Next

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the Start button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is not checked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the Back button.
Push Finish

http://www.eset.com/onlinescan/

Also tell me how the computer is running now.

#6 Makofan

Authentic Member

Authentic Member
94 posts

Posted 16 November 2012 - 10:53 PM

All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Administrator.CTREE ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: jhitchen ->Temp folder emptied: 731 bytes ->Temporary Internet Files folder emptied: 1209047 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 237586321 bytes ->Flash cache emptied: 26987 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: NetworkService ->Temp folder emptied: 896 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1291 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 294655 bytes Total Files Cleaned = 228.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11162012_213031 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.16.11 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 jhitchen :: HELEN-LAPTOPXP [administrator] 11/16/2012 9:41:16 PM mbam-log-2012-11-16 (21-41-16).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 236804 Time elapsed: 7 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) C:\System Volume Information\_restore{6384A31F-AFC7-47E6-9F5D-3A707145970A}\RP223\A0029284.exe Win32/Adware.Bundlore application I can now download, install and surf the web with Chrome! Thank you very much, I am not sure what virus I had but I must have had one

#7 mowman

SuperMember

Malware Team
2,669 posts

Posted 17 November 2012 - 07:01 PM

You appear clean of infections,please do the following.

ComboFix - Cleanup
Time for some housekeeping

Click Start...select Run from the menu.
Copy and paste the following into the text entry box:
Combofix /Uninstall
Click the OK button. (See image below as reference.)

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 7 and save it to your desktop.
Scroll down to where it says JDK 7 (JDK or JRE)
Click the Download JRE button to the right
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 7 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
  Trace and Log Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.

Here are some recommendations to help you stay clean.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com/

Make sure you are running a FIREWALL.The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must.
Please read this article 'Safe Computing Practices'.
So how did I get infected in the first place.

please take a moment to read quietman7's excellent prevention tips in post 3 here
Click >>>> Tips to protect yourself against malware and reduce the potential for re-infection:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Thats it you are good to go.Safe surfing

#8 mowman

SuperMember

Malware Team
2,669 posts

Posted 19 November 2012 - 07:47 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Body Background

skin color theme