1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

IE shuts down on it's own, audio ads, ei redirects to other pages

Discussion in 'Virus & Other Malware Removal' started by victoria_b, Nov 5, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. victoria_b

    victoria_b Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    26
    Hi,

    a few days ago I opened my computer, and all my icons dissapeared from the desktop and the start menu. I did a system restore to an earlier date. This main problem was fixed, but I am still experiencing some problems:
    - IE shuts down after about 10 minutes
    - some audio ads start playing at random times
    - sometimes my Ie redirects to some other pages when I click on links in google
    - iTunes opens up every 10 minutes or so

    I tried to run Malware, spybot, but even though they find something, it is still the same.

    Your help would be greatly appreciated.
     
  2. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi victoria_b, welcome to the forum.


    To make cleaning this machine easier
    • Please do not uninstall/install any programs unless asked to
      It is more difficult when files/programs are appearing in/disappearing from the logs.
    • Please do not run any scans other than those requested
    • Please follow all instructions in the order posted
    • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
    • Do not attach any logs/reports, etc.. unless specifically requested to do so.
    • If you have problems with or do not understand the instructions, Please ask before continuing.
    • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
    *Note: if this is a Vista or Win7 computer you must right click the .exe and click "Run as Administrator" instead of double clicking.

    Do not use any temporary file cleaners until instructed to do so.

    Are you sure all of your shortcuts and programs are visible?



    Download OTL to your desktop.
    • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output
    • Check the boxes beside LOP Check and Purity Check.
    • In the window under Custom Scans/Fixes copy and paste the following

      netsvcs
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lîk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %PROGRAMFILES%\Internet Explorer\*.dat
      %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Deskuop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      /md5start
      iexplore.*
      explorer.*
      winlogon.*
      dll
      zx.dll
      hlp.dat
      /md5stop
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


    Download aswMBR.exe to your desktop.
    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan
    [​IMG]

    On completion of the scan click save log, save it to your desktop and post in your next reply

    [​IMG]

    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.


    Please post back with
    • both OTL log
    • aswMBR log
    • MBR.zip (attached)
    Thanks
     
  3. victoria_b

    victoria_b Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    26
    Thank you for taking the time to help me out.

    I think all my icons are appearing on the desktop now. I ran the OTL tool, below are the logs. I was not able to run the aswMBR tool nothing is happening when I click the exe file.

    ---------------OTL.log------------------------------


    OTL logfile created on: 11/6/2011 11:27:38 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\fix
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.19% Memory free
    3.84 Gb Paging File | 3.15 Gb Available in Paging File | 82.01% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 130.86 Gb Total Space | 42.70 Gb Free Space | 32.63% Space Free | Partition Type: NTFS
    Drive D: | 10.07 Gb Total Space | 10.02 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive F: | 931.48 Gb Total Space | 930.98 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

    Computer Name: VHOME | User Name: Vika | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\fix\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Java\jre1.5.0_22\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
    PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
    PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
    PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\TCtrlIOHook.exe (TOSHIBA)
    PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
    MOD - C:\WINDOWS\system32\quartz.dll ()
    MOD - C:\WINDOWS\system32\vpnapi.dll ()
    MOD - C:\WINDOWS\system32\qedit.dll ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()
    MOD - C:\WINDOWS\system32\devenum.dll ()
    MOD - C:\WINDOWS\system32\EBLib.DLL ()
    MOD - C:\WINDOWS\system32\TCtrlIO.dll ()
    MOD - C:\WINDOWS\system32\TDispVol.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (HidServ) -- File not found
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
    SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
    SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
    SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
    SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
    SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111105.009\NAVEX15.SYS (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111105.009\NAVENG.SYS (Symantec Corporation)
    DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
    DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
    DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
    DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
    DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
    DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
    DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
    DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
    DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
    DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
    DRV - (TPwSav) -- C:\WINDOWS\system32\drivers\TPwSav.sys (TOSHIBA )


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 11:06:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/04 11:07:39 | 000,000,000 | ---D | M]

    [2011/01/24 20:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vika\Application Data\Mozilla\Extensions
    [2011/01/24 20:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vika\Application Data\Mozilla\Firefox\Profiles\a4iv6jnu.default\extensions
    [2011/01/24 20:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2011/05/05 14:50:33 | 000,000,888 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 184.95.59.203 www.google.com
    O1 - Hosts: 184.95.59.204 search.yahoo.com
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [cleanhlc] C:\Documents and Settings\Vika\Application Data\cleanhlc.exe File not found
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_22\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
    O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_22\bin\NPJPI150_22.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282699141796 (WUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
    O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83F39006-9446-49D0-A338-800D9BF79FB4}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\TOAD\RNetPin.dll ()
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/08/24 02:51:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/06 11:24:21 | 000,000,000 | ---D | C] -- C:\fix
    [2011/11/05 08:52:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vika\My Documents\My Videos
    [2011/11/05 08:52:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vika\Start Menu\Programs\Administrative Tools
    [2011/11/05 08:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/11/03 16:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vika\Local Settings\Application Data\Western Digital
    [2011/11/03 14:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vika\Application Data\Malwarebytes
    [2011/11/02 13:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
    [2011/11/02 13:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/11/02 13:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2011/11/02 12:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/02 12:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/11/02 12:10:45 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/11/02 12:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/11/02 12:06:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2011/11/02 10:12:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Vika\IECompatCache
    [2011/11/01 10:27:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vika\Recent
    [2011/10/26 12:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinDjView
    [2011/10/26 12:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinDjView
    [2011/10/21 22:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/10/21 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/10/21 21:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/10/19 19:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vika\My Documents\Books
    [2011/10/19 19:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vika\My Documents\receipts
    [2006/12/12 10:13:20 | 000,032,768 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Documents and Settings\All Users\Application Data\EBLib.dll
    [2006/07/28 15:25:26 | 000,019,456 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Documents and Settings\All Users\Application Data\LPCFilter.sys
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/06 11:11:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/06 10:00:23 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/11/06 10:00:23 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/11/06 09:56:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/11/06 09:56:01 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    [2011/11/06 09:55:41 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/06 09:55:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/11/03 21:26:56 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Vika\Local Settings\Application Data\PUTTY.RND
    [2011/11/02 13:32:20 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Vika\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/11/02 13:32:20 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Vika\Desktop\Spybot - Search & Destroy.lnk
    [2011/11/02 12:57:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/11/02 12:10:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/27 17:12:30 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2011/10/21 22:04:06 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
    [2011/10/21 22:04:06 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Vika\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2011/10/21 22:02:21 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/10/21 17:26:04 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Vika\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/19 11:56:24 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Vika\Application Data\Microsoft\Internet Explorer\Quick Launch\VPN Client.lnk
    [2011/10/17 14:24:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/10/15 16:14:37 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/10/14 12:11:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/02 13:32:20 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Vika\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/11/02 13:32:20 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Vika\Desktop\Spybot - Search & Destroy.lnk
    [2011/11/02 12:10:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/21 22:02:21 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/04/01 23:17:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
    [2011/01/21 11:40:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/12/30 20:56:08 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll
    [2010/09/03 14:41:02 | 000,000,358 | ---- | C] () -- C:\WINDOWS\cedt.INI
    [2010/08/30 21:10:22 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Vika\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/25 10:46:25 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/08/24 22:54:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
    [2010/08/24 22:53:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
    [2010/08/24 22:41:19 | 000,018,980 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/08/24 22:39:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/24 20:40:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2010/08/24 19:59:59 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Vika\Local Settings\Application Data\PUTTY.RND
    [2010/08/24 19:39:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2010/08/24 19:38:37 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
    [2010/08/24 19:38:37 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
    [2010/08/24 02:53:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/08/24 02:48:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/08/23 19:43:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/08/23 19:42:57 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/08/23 20:41:22 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
    [2009/08/23 20:41:14 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
    [2006/01/04 09:59:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
    [2002/08/29 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2002/08/29 07:00:00 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2002/08/29 07:00:00 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2002/08/29 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    ========== LOP Check ==========

    [2011/08/08 18:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
    [2010/08/24 22:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64
    [2010/08/24 22:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP
    [2010/08/24 22:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/06/08 18:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vika\Application Data\Azureus
    [2011/08/08 12:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vika\Application Data\go
    [2010/12/30 20:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vika\Application Data\Software

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/08/24 02:51:18 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/08/24 20:46:29 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2010/08/24 02:51:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/08/24 02:51:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/08/24 02:51:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/08/24 20:44:02 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/08/24 21:32:21 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/11/06 09:55:07 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2010/08/24 02:51:03 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2011/05/16 13:09:15 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\Vika\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010/08/23 19:42:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2010/08/23 19:42:11 | 000,626,688 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2010/08/23 19:42:11 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lîk /x >
    [2010/08/24 21:37:24 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
    [2011/01/21 11:39:33 | 000,001,992 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk
    [2011/01/21 11:39:33 | 000,002,002 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk
    [2010/08/24 21:37:24 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
    [2010/08/24 02:51:19 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
    [2010/08/24 02:51:19 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Deskuop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < %USERPROFILE%\..|smtmp;true;true;true /FP >
    [2011/10/31 21:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vika\..\Vika\Local Settings\Temp\smtmp
    [2011/10/31 21:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vika\..\Vika\Local Settings\Temp\smtmp\1
    [2011/10/31 21:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vika\..\Vika\Local Settings\Temp\smtmp\2
    [2011/10/31 21:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vika\..\Vika\Local Settings\Temp\smtmp\4

    < %temp%\smtmp\*.* /s > >


    < MD5 for: EXPLORER.EXE >
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

    < MD5 for: EXPLORER.HTM >
    [2011/01/10 14:46:13 | 000,002,225 | ---- | M] () MD5=27E8E84DB81847B335D3C78356EAEB78 -- C:\bea9\utils\bsu\doc\en\smartupdatehelp\wwhelp\wwhimpl\java\html\explorer.htm
    [2011/01/10 14:46:05 | 000,002,225 | ---- | M] () MD5=27E8E84DB81847B335D3C78356EAEB78 -- C:\bea9\weblogic92\common\help\cwhelp\doc\en\cfgwizhelp\wwhelp\wwhimpl\java\html\explorer.htm
    [2011/01/10 14:46:08 | 000,002,225 | ---- | M] () MD5=27E8E84DB81847B335D3C78356EAEB78 -- C:\bea9\weblogic92\common\help\tbhelp\doc\en\tbhelp\wwhelp\wwhimpl\java\html\explorer.htm

    < MD5 for: EXPLORER.JAR >
    [2011/01/10 14:46:53 | 000,017,949 | ---- | M] () MD5=0BC63A71E13AA54725F6A4EEA1F0E019 -- C:\bea9\workshop92\eclipse\plugins\org.eclipse.wst.ws.explorer_1.0.1.v200602061953\explorer.jar

    < MD5 for: EXPLORER.SCF >
    [2002/08/29 07:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

    < MD5 for: IEXPLORE.CHM >
    [2009/02/21 00:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
    [2004/07/17 13:40:16 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie8\iexplore.chm
    [2004/07/17 13:40:16 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ServicePackFiles\i386\iexplore.chm

    < MD5 for: IEXPLORE.EXE >
    [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ie8\iexplore.exe
    [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
    [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
    [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
    [2004/08/04 02:56:50 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe

    < MD5 for: IEXPLORE.EXE.MUI >
    [2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
    [2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui

    < MD5 for: IEXPLORE.EXE-2D97EBE6.PF >
    [2011/11/06 11:14:15 | 000,086,866 | ---- | M] () MD5=240153E67961A481618E69E1F0E38DF1 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf

    < MD5 for: IEXPLORE.HLP >
    [2002/08/29 07:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp

    < MD5 for: WINLOGON.EXE >
    [2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < End of report >
     
  4. victoria_b

    victoria_b Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    26
    OTL Extras logfile created on: 11/6/2011 11:27:38 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\fix
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.19% Memory free
    3.84 Gb Paging File | 3.15 Gb Available in Paging File | 82.01% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 130.86 Gb Total Space | 42.70 Gb Free Space | 32.63% Space Free | Partition Type: NTFS
    Drive D: | 10.07 Gb Total Space | 10.02 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive F: | 931.48 Gb Total Space | 930.98 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

    Computer Name: VHOME | User Name: Vika | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
    "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
    "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
    "C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client
    "C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM
    "C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe" = C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe:*:Enabled:SkypeNames
    "C:\Documents and Settings\Vika\Local Settings\Temp\OraInstall2010-12-30_09-45-55PM\jre\1.4.2\bin\javaw.exe" = C:\Documents and Settings\Vika\Local Settings\Temp\OraInstall2010-12-30_09-45-55PM\jre\1.4.2\bin\javaw.exe:*:Enabled:javaw
    "C:\bea9\jrockit_150_12\bin\javaw.exe" = C:\bea9\jrockit_150_12\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (BEA Systems, Inc.)
    "C:\bea9\jdk150_12\bin\java.exe" = C:\bea9\jdk150_12\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
    "C:\eclipse\eclipse.exe" = C:\eclipse\eclipse.exe:*:Enabled:eclipse -- ()
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08B785C1-3893-4154-B53B-F5D341D0AAAA}" = Cisco Systems VPN Client 5.0.06.0110
    "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
    "{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22
    "{32A3A4F4-B792-11D6-A78A-00B0D0150220}" = J2SE Development Kit 5.0 Update 22
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
    "{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
    "{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
    "{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
    "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "5BF64ECE12491FE4A1F324EB601F97C04440226C" = Windows Driver Package - Intel net (04/27/2007 11.1.0.100)
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "BC38FFDA7B7BD1F72DC9DBA86922444A337CEC64" = Windows Driver Package - Intel net (04/27/2007 11.1.0.100)
    "BEA Products" = BEA Products
    "conduitEngine" = Conduit Engine
    "Crimson Editor SVN286" = Crimson Editor SVN286
    "DB576361848DFD5D722E0522F0DE0CD9D91B4891" = Windows Driver Package - Intel (NETw4x32) net (04/27/2007 11.1.0.100)
    "ESET Online Scanner" = ESET Online Scanner v3
    "FC9E80E6E67400E836A009325C6E1CF5D77EFB1D" = Windows Driver Package - Intel (w29n51) net (02/08/2007 9.0.4.33)
    "Formatter Plus V1.4.1" = Formatter Plus V1.4.1
    "Google Chrome" = Google Chrome
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
    "Knowledge Xpert for PLSQL V8.0" = Knowledge Xpert for PLSQL V8.0
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
    "Quest Software Toad for Oracle Xpert , Version 8.0.0" = Quest Software Toad for Oracle Xpert , Version 8.0.0
    "TOAD SQL Tuning" = TOAD SQL Tuning
    "VLC media player" = VLC media player 1.1.4
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "WinDjView" = WinDjView 1.0.3
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinMerge_is1" = WinMerge 2.12.4
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Game Organizer" = EasyBits GO

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/3/2011 8:11:28 PM | Computer Name = VHOME | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module mshtml.dll, version 8.0.6001.19154, fault address 0x0015549b.

    Error - 11/3/2011 10:26:43 PM | Computer Name = VHOME | Source = Application Error | ID = 1001
    Description = Fault bucket -1648954652.

    Error - 11/4/2011 5:57:28 PM | Computer Name = VHOME | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Manual
    scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
    file was deleted successfully.

    Error - 11/5/2011 10:06:19 AM | Computer Name = VHOME | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(5c:59:48:ba:a8:[email protected]::5e59:48ff:feba:a871._apple-mobdev._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 11/5/2011 6:22:00 PM | Computer Name = VHOME | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(5c:59:48:ba:a8:[email protected]::5e59:48ff:feba:a871._apple-mobdev._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 11/5/2011 6:46:47 PM | Computer Name = VHOME | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/5/2011 6:46:52 PM | Computer Name = VHOME | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 11/6/2011 11:05:03 AM | Computer Name = VHOME | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(5c:59:48:ba:a8:[email protected]::5e59:48ff:feba:a871._apple-mobdev._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 11/6/2011 12:27:18 PM | Computer Name = VHOME | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/6/2011 12:27:29 PM | Computer Name = VHOME | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    [ System Events ]
    Error - 11/4/2011 5:50:00 PM | Computer Name = VHOME | Source = Service Control Manager | ID = 7001
    Description = The DNS Client service depends on the TCP/IP Protocol Driver service
    which failed to start because of the following error: %%31

    Error - 11/4/2011 5:50:00 PM | Computer Name = VHOME | Source = Service Control Manager | ID = 7001
    Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
    Environment service which failed to start because of the following error: %%31

    Error - 11/4/2011 5:50:00 PM | Computer Name = VHOME | Source = Service Control Manager | ID = 7001
    Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
    service which failed to start because of the following error: %%31

    Error - 11/4/2011 5:50:00 PM | Computer Name = VHOME | Source = Service Control Manager | ID = 7001
    Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
    service which failed to start because of the following error: %%31

    Error - 11/4/2011 5:50:00 PM | Computer Name = VHOME | Source = Service Control Manager | ID = 7001
    Description = The IPSEC Services service depends on the IPSEC driver service which
    failed to start because of the following error: %%31

    Error - 11/4/2011 5:50:00 PM | Computer Name = VHOME | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSP SRTSPX Tcpip
    TPwSav

    Error - 11/4/2011 5:51:15 PM | Computer Name = VHOME | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 11/4/2011 10:36:03 PM | Computer Name = VHOME | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 11/5/2011 8:15:54 AM | Computer Name = VHOME | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 11/5/2011 8:21:05 AM | Computer Name = VHOME | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.


    < End of report >
     
  5. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi victoria_b,

    Please try some of your shortcuts and see if you can access your programs from start > All Programs.



    Next, Double click on OTL.exe
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :
    Code:
    :Services
     
    :OTL
    O4 - HKLM..\Run: [cleanhlc] C:\Documents and Settings\Vika\Application Data\cleanhlc.exe File not found
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
     
    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
    :Commands
    [purity]
    [resethosts]
    [createrestorepoint]
    [reboot]

    Then click the Run Fix button at the top
    • Let the program run unhindered
    • Please save the resulting log to be posted in your next reply.
    Please post the OTL fix log.

    Try some google searches.

    Try running aswMBR with Norton disabled. Please post the log if it will run. You may also have a corrupted download. Try downloading it again.



    How is the computer?
     
  6. victoria_b

    victoria_b Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    26
    I ran the fix but I don't have any log from that, as the computer restarted, and the log wasn't saved.

    I still can't run aswMBR, I downloaded it a few times. What is this program supposed to do?
     
  7. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi victoria_b,

    The OTL fix log can be found at C:\_OTL\MovedFiles It will have a file name consisting of numders that reflect the date and time stamp the fix was ran. It will be something similar to 09092010_111009.log . Please copy and paste the contents into your next reply.

    aswMBR is supposed to scan your computer and check the MBR.





    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
      [*]Extract its contents to your desktop.
      [*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

      [​IMG]
      [*]If an infected file is detected, the default action will be Cure, click on Continue.

      [​IMG]
      [*]If a suspicious file is detected, the default action will be Skip, click on Continue.

      [​IMG]
      [*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.

      [​IMG]
      [*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
      [*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
     
  8. victoria_b

    victoria_b Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    26
    Here is the log from running the fix:


    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cleanhlc deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\fix\cmd.bat deleted successfully.
    C:\fix\cmd.txt deleted successfully.
    < xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
    0 File(s) copied
    C:\fix\cmd.bat deleted successfully.
    C:\fix\cmd.txt deleted successfully.
    < xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
    0 File(s) copied
    C:\fix\cmd.bat deleted successfully.
    C:\fix\cmd.txt deleted successfully.
    < xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
    0 File(s) copied
    C:\fix\cmd.bat deleted successfully.
    C:\fix\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.31.0 log created on 11062011_153903
     
  9. victoria_b

    victoria_b Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    26
    I am not able to run that tool either. May be I should try safe mode? Could that make a difference?
     
  10. victoria_b

    victoria_b Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    26
    I tried safe mode, that didn't really help :-(
     
  11. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi victoria_b,

    Try renaming aswMBE.exe to explorer.exe
     
  12. victoria_b

    victoria_b Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    26
    still having a problem. I got a popup saying that application failed to initialize....
     
  13. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi victoria_b,

    Go HERE to get a randomly named copy of GMER. Scroll down to the Download section and click Download EXE. Save it to your desktop.

    Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

    • Double click on the file you downloaded. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
      [​IMG]
      Click the image to enlarge it

    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and post it in your next reply.
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
    If GMER will not run in normal windows, please run it in Safe Mode
     
  14. victoria_b

    victoria_b Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    26
    I ran the GMER tool. I got an error message when I opened the tool. I am attaching the error in runGMERerror.jpg.

    When the tool opened up, I cannot select many of the options, I am attching the screen as I saw it in GMER.jpg.

    I ran the tool as shown, and the log is below:


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-06 21:44:23
    Windows 5.1.2600 Service Pack 3
    Running: swv8273i.exe; Driver: C:\DOCUME~1\Vika\LOCALS~1\Temp\uxtdypoc.sys


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\eeCtrl\[email protected] 1

    ---- EOF - GMER 1.0.15 ----
     
  15. victoria_b

    victoria_b Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    26
    I am attaching the screenshots, hope this works....
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1025610

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice