1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Uninstall Fixio PC cleaner

Discussion in 'Virus & Other Malware Removal' started by speedyzap, Jan 18, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. speedyzap

    speedyzap Thread Starter

    Joined:
    Feb 26, 2006
    Messages:
    287
    I have accidentally downloaded Fixio PC cleaner. I tried to stop the download but today it popped up as installed

    It also appears to have a sub program which seems to have taken over my Firefox browser. I managed to uninstall the toolbar it installed but thats about all. But the Google search box appears different now

    I can't see these new programs in all programs or add / remove programs

    Can anyone assist?

    Thanks
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Run the following and post the logs..

    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Download OTL from any of the following links and save to your desktop.

    http://itxassociates.com/OT-Tools/OTL.com
    http://oldtimer.geekstogo.com/OTL.exe
    http://www.itxassociates.com/OT-Tools/OTL.scr

    Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

    • When the window appears, underneath Output at the top, make sure Standard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Click Run Scan and let the program run uninterrupted.
    • When the scan is complete, two text files will be created on your Desktop.
    • OTL.Txt <- this one will be opened
    • Extras.txt <- this one will be minimized

    Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

    Post those logs..

    Kevin
     
  3. speedyzap

    speedyzap Thread Starter

    Joined:
    Feb 26, 2006
    Messages:
    287
    Logs for http://general-changelog-team.fr/fr/...e/2-adwcleaner posted as under (Note: Pressed DELETE button only once and auto rebooted):

    # AdwCleaner v2.106 - Logfile created 01/20/2013 at 18:42:31
    # Updated 17/01/2013 by Xplode
    # Operating system : Microsoft Windows XP (32 bits)
    # User : PETER - PETER-OYOU4XROG
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3015261

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v13.0.1 (en-US)

    -\\ Google Chrome v20.0.1132.57

    *************************

    AdwCleaner[R1].txt - [2697 octets] - [20/01/2013 18:25:20]
    AdwCleaner[R2].txt - [2757 octets] - [20/01/2013 18:42:05]
    AdwCleaner[S1].txt - [2593 octets] - [20/01/2013 18:42:31]

    ########## EOF - C:\AdwCleaner[S1].txt - [2653 octets] ##########
     
  4. speedyzap

    speedyzap Thread Starter

    Joined:
    Feb 26, 2006
    Messages:
    287
    OTL.txt under:

    OTL logfile created on: 1/20/2013 8:01:02 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop
    Windows XP Home Edition (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    767.48 Mb Total Physical Memory | 546.11 Mb Available Physical Memory | 71.16% Memory free
    1.83 Gb Paging File | 1.65 Gb Available in Paging File | 89.75% Paging File free
    Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 127.99 Gb Total Space | 58.97 Gb Free Space | 46.08% Space Free | Partition Type: NTFS

    Computer Name: PETER-OYOU4XROG | User Name: PETER | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/20 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
    PRC - [2012/05/30 04:12:49 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2011/08/04 18:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
    PRC - [2010/08/27 20:34:00 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/11/17 06:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\mspmspsv.dll -- (WmdmPmSp)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/01/13 13:35:03 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2012/12/14 16:49:28 | 000,018,800 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/06/09 19:16:12 | 000,528,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2008/04/14 05:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2007/03/08 15:34:46 | 004,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
    DRV - [2001/11/22 16:08:06 | 000,070,528 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttrak.sys -- (fasttrak)
    DRV - [2001/08/18 00:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
    DRV - [2001/08/17 23:12:02 | 000,063,208 | ---- | M] (Intel Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc21x4.sys -- (DC21x4)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
    IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Produtools Manuals 2.1 Customized Web Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3209604&SearchSource=13&CUI=UN65949957198735637"
    FF - prefs.js..extensions.enabledAddons: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3209604&SearchSource=2&CUI=UN65949957198735637&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/10/06 00:00:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/30 04:14:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 21:53:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/30 04:15:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/30 04:13:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/05/30 04:15:30 | 000,000,000 | ---D | M]

    [2012/04/20 01:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions
    [2012/04/20 01:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions\[email protected]
    [2010/08/11 03:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions\[email protected]
    [2013/01/18 18:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\extensions
    [2013/01/18 17:19:27 | 000,001,100 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\searchplugins\produtools-manuals-21-customized-web-search.xml
    [2011/12/30 08:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/05/30 04:14:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2012/06/16 21:53:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/05/30 04:13:07 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2011/11/05 14:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/05 14:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: getPlusPlus for Adobe 16299 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - Extension: YouTube = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Gmail = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2010/12/14 20:47:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-1659004503-362288127-839522115-1004..\Run: [Ellud] "C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Reec\isyn.exe" File not found
    O4 - HKU\S-1-5-21-1659004503-362288127-839522115-1004..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Config.Msi\c2f98.rbf (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\DAN\Start Menu\Programs\Startup\DirectDVD Update Manager.lnk = C:\Program Files\Orion Studios HD\UpdateHD.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\PartyPoker\RunApp.exe ()
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\PartyPoker\RunApp.exe ()
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} https://video.manheim.com/lib/LiveSound.dll (lgbplay Class)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {447F8438-8124-4369-905B-A249E13CBBFC} http://pickles.liveblockauctions.com/install/new/lgbkc.cab (LgbContent Control)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208852273484 (WUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98A06A82-F53F-444E-B6B9-11259873A459}: DhcpNameServer = 10.1.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/22 01:48:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/20 19:58:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
    [2013/01/20 00:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp_files
    [2013/01/18 19:09:54 | 003,362,744 | ---- | C] (http://www.maxuninstaller.com/ ) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MaxUninstaller_Setup.exe
    [2013/01/16 01:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\WMTools Downloaded Files
    [2013/01/15 00:54:05 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit.wu.FISC.156281598502540974.3.1.Run.exe
    [2013/01/04 14:04:47 | 000,000,000 | ---D | C] -- C:\400489b79493023d5f
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/20 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
    [2013/01/20 19:27:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/20 19:05:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/01/20 18:49:47 | 000,402,120 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/01/20 18:49:47 | 000,062,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/01/20 18:45:30 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1004.job
    [2013/01/20 18:45:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/20 18:45:28 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1005.job
    [2013/01/20 18:45:26 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\Iutndwc.job
    [2013/01/20 18:45:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/01/20 18:25:06 | 000,574,677 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
    [2013/01/20 17:00:14 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
    [2013/01/20 01:46:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Windows Update.job
    [2013/01/20 01:40:24 | 004,279,751 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Russia & the Jews.pdf
    [2013/01/20 01:14:18 | 000,101,622 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Frankfurt School - Satanic Judaism in Action.eml
    [2013/01/20 00:50:25 | 000,052,195 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp.htm
    [2013/01/19 16:15:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1005.job
    [2013/01/19 00:49:25 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1004.job
    [2013/01/18 19:10:09 | 003,362,744 | ---- | M] (http://www.maxuninstaller.com/ ) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MaxUninstaller_Setup.exe
    [2013/01/18 01:52:29 | 001,615,449 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DELONGHI PAC W150 ECO USER MANUAL GB-5751018800.pdf
    [2013/01/15 00:54:10 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit.wu.FISC.156281598502540974.3.1.Run.exe
    [2013/01/14 20:16:30 | 000,983,040 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit50777.msi
    [2013/01/14 03:04:10 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/01/13 13:35:02 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/01/13 13:35:02 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/01/12 01:37:51 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\WindowsXP-KB942288-v3-x86.exe
    [2013/01/03 01:52:10 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2013/01/03 01:52:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/20 18:24:54 | 000,574,677 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
    [2013/01/20 01:40:07 | 004,279,751 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Russia & the Jews.pdf
    [2013/01/20 01:14:18 | 000,101,622 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Frankfurt School - Satanic Judaism in Action.eml
    [2013/01/20 00:50:24 | 000,052,195 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp.htm
    [2013/01/18 01:52:28 | 001,615,449 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DELONGHI PAC W150 ECO USER MANUAL GB-5751018800.pdf
    [2013/01/15 01:37:12 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Windows Update.job
    [2013/01/14 20:16:25 | 000,983,040 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit50777.msi
    [2013/01/12 01:35:56 | 003,327,000 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\WindowsXP-KB942288-v3-x86.exe
    [2012/11/22 14:36:35 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\.backup.dm
    [2012/07/21 16:44:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2012/07/21 16:44:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2012/07/21 16:43:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2012/03/11 13:14:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/03/05 23:52:30 | 000,081,321 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
    [2011/10/05 23:59:19 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2011/10/05 00:32:22 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
    [2011/10/05 00:32:22 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
    [2011/10/05 00:32:22 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
    [2009/01/27 21:26:08 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2008/04/22 02:18:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\System32\shdocvw.dll -- [2010/06/24 23:10:44 | 001,509,888 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 23:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 11:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2008/04/22 04:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2011/12/12 01:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
    [2011/11/07 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2011/09/20 19:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
    [2011/10/05 23:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
    [2008/04/22 07:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2010/07/17 06:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
    [2008/04/22 03:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2009/10/26 18:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyVirtualHome
    [2010/07/25 13:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2010/05/29 20:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2012/04/20 01:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2009/02/19 04:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    [2008/10/20 20:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\Canon
    [2008/04/22 09:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\Grisoft
    [2009/07/17 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\LimeWire
    [2008/07/16 15:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\MailFrontier
    [2008/09/23 13:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\SharePod
    [2012/01/13 13:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Canon
    [2008/04/23 22:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Grisoft
    [2008/07/21 18:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\MailFrontier
    [2010/05/30 11:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\NCH Swift Sound
    [2010/05/30 11:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Recordpad
    [2010/07/11 13:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\SharePod
    [2010/07/24 13:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Babylon
    [2012/06/20 15:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Canon
    [2010/05/29 19:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\FreeAudioPack
    [2008/04/22 16:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Grisoft
    [2009/09/03 17:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\LimeWire
    [2008/07/19 13:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\MailFrontier
    [2010/07/25 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\NCH Swift Sound
    [2008/07/12 18:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\PowerChallenge
    [2010/05/30 08:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Recordpad
    [2009/07/27 13:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\SharePod
    [2009/01/21 10:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Thunderbird
    [2010/07/24 23:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\uTorrent
    [2009/11/24 12:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Xtranormal
    [2008/06/24 18:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Grisoft
    [2008/11/07 13:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\MailFrontier
    [2008/04/25 03:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Canon
    [2008/04/22 07:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Grisoft
    [2008/05/31 04:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\LimeWire
    [2008/04/22 03:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\MailFrontier
    [2008/04/23 00:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Thunderbird
    [2012/07/30 22:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Azcu
    [2011/11/07 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Canon
    [2011/10/05 01:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\CheckPoint
    [2012/12/11 20:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Ifcaeb
    [2012/11/23 11:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\LimeWire
    [2011/10/06 00:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\MailFrontier
    [2009/10/26 19:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\MyVirtualHome
    [2010/05/29 23:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\NCH Swift Sound
    [2010/05/29 23:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Recordpad
    [2012/07/31 02:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Reec
    [2010/05/07 22:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\SharePod
    [2008/06/12 18:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Thunderbird
    [2012/04/20 01:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\TomTom
    [2012/07/31 01:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Uplui
    [2012/12/11 02:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\WinBatch
    [2010/12/16 14:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\WinPatrol
    [2012/12/11 15:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Yqih

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
     
  5. speedyzap

    speedyzap Thread Starter

    Joined:
    Feb 26, 2006
    Messages:
    287
    Extras.txt under: (Let me know what next?)

    OTL Extras logfile created on: 1/20/2013 8:01:02 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop
    Windows XP Home Edition (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    767.48 Mb Total Physical Memory | 546.11 Mb Available Physical Memory | 71.16% Memory free
    1.83 Gb Paging File | 1.65 Gb Available in Paging File | 89.75% Paging File free
    Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 127.99 Gb Total Space | 58.97 Gb Free Space | 46.08% Space Free | Partition Type: NTFS

    Computer Name: PETER-OYOU4XROG | User Name: PETER | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
    https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride" = 0
    "FirewallOverride" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
    "{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
    "{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{40589552-3892-409E-B92C-9F5032A4B2F0}" = Safari
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
    "{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
    "{901B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{919F3D91-8374-410F-932B-A126F2C85426}" = e-tax 2009
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
    "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
    "{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
    "{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}" = e-tax 2012
    "{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
    "{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
    "{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
    "{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
    "{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
    "{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
    "{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
    "{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
    "{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
    "{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E6BEB5BC-5386-4AF9-ADF2-8451BEB2A48B}" = Video Piggy
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AlphaBrowser v.1.3" = AlphaBrowser v.1.3
    "ArcSoft PhotoBase" = ArcSoft PhotoBase
    "audcle" = Plus! MP3 Audio Converter LE
    "Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
    "Canon ScanGear Toolbox 3.1" = Canon ScanGear Toolbox 3.1
    "Canon Setup Utility 2.0" = Canon Setup Utility 2.0
    "CANONBJ_Deinstall_CNMCP6e.DLL" = Canon PIXMA iP1000
    "CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "CCleaner" = CCleaner
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "DBX Viewer Free_is1" = DBX Viewer Free 1.0
    "DirectDVD 6 HD" = DirectDVD 6 HD
    "drmtool.inf" = Personal License Update Wizard for Windows Media Player
    "Easy Outlook Express Repair_is1" = Easy Outlook Express Repair 1.2
    "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
    "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
    "Easy-WebPrint" = Easy-WebPrint
    "ESET Online Scanner" = ESET Online Scanner v3
    "e-tax 2008" = e-tax 2008
    "Google Chrome" = Google Chrome
    "ie8" = Windows Internet Explorer 8
    "Kernel for Outlook Express Evaluation Version_is1" = Kernel for Outlook Express Evaluation ver 9.04.01
    "LimeWire" = LimeWire 5.5.14
    "Mah Jong Quest_is1" = Mah Jong Quest
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "MediaNavigation.CDLabelPrint" = CD-LabelPrint
    "Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
    "mmmusic" = Movie Maker Background Music Files
    "mmsounds" = Movie Maker Sound Effects
    "mmtitle" = Movie Maker Title Images
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "mplibwiz.inf" = Media Library Management Wizard
    "mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
    "mpxptray.inf" = Windows Media Player Tray Control
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MyTomTom" = MyTomTom 3.2.0.802
    "Outlook Express Backup Wizard_is1" = Outlook Express Backup Wizard version 1.1
    "PhotoRecord" = Canon PhotoRecord
    "RealPlayer 15.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.90
    "SCRABBLE – Journey" = SCRABBLE – Journey
    "TomTom HOME" = TomTom HOME 2.8.3.2499
    "UT2004-Demo" = Unreal Tournament 2004 Demo
    "wa2wmp" = Windows Media Player Skin Importer
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR 4.20 (32-bit)
    "WMBK2" = Windows Media Bonus Pack for Windows XP
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Works2002Setup" = Microsoft Works 2002 Setup Launcher
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "ZoneAlarm Security Suite" = ZoneAlarm Security Suite
    "ZoneAlarm Toolbar" = ZoneAlarm Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/11/2013 10:17:14 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
    Description = Faulting application pip.exe, version 6.0.907.0, faulting module openscn6.dll,
    version 6.0.907.0, fault address 0x000081bb.

    Error - 1/12/2013 4:40:38 AM | Computer Name = PETER-OYOU4XROG | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 1/12/2013 4:40:40 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 13.0.1.4548, faulting
    module xul.dll, version 13.0.1.4548, fault address 0x009c72c0.

    Error - 1/13/2013 9:25:45 AM | Computer Name = PETER-OYOU4XROG | Source = Windows Update Agent | ID = 16
    Description =

    Error - 1/15/2013 9:36:34 AM | Computer Name = PETER-OYOU4XROG | Source = Windows Update Agent | ID = 16
    Description =

    Error - 1/15/2013 1:28:55 PM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
    Description = Faulting application itunes.exe, version 7.6.2.9, faulting module
    unknown, version 0.0.0.0, fault address 0x10001040.

    Error - 1/15/2013 1:31:47 PM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
    Description = Faulting application itunes.exe, version 7.6.2.9, faulting module
    unknown, version 0.0.0.0, fault address 0x10001040.

    Error - 1/17/2013 9:36:35 AM | Computer Name = PETER-OYOU4XROG | Source = Windows Update Agent | ID = 16
    Description =

    Error - 1/18/2013 12:47:14 AM | Computer Name = PETER-OYOU4XROG | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 1/19/2013 9:36:36 AM | Computer Name = PETER-OYOU4XROG | Source = Windows Update Agent | ID = 16
    Description =

    [ System Events ]
    Error - 1/19/2013 6:47:05 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
    Description = The MBAMService service failed to start due to the following error:
    %%5

    Error - 1/19/2013 6:47:05 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
    Description = The Upload Manager service failed to start due to the following error:
    %%1083

    Error - 1/19/2013 6:47:05 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7023
    Description = The Portable Media Serial Number service terminated with the following
    error: %%126

    Error - 1/20/2013 3:45:31 AM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
    Description = Printer Canon iP4200 failed to initialize because a suitable Canon
    iP4200 driver could not be found.

    Error - 1/20/2013 3:45:31 AM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
    Description = Printer Canon PIXMA iP1000 failed to initialize because a suitable
    Canon PIXMA iP1000 driver could not be found.

    Error - 1/20/2013 3:45:31 AM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
    Description = Printer Microsoft XPS Document Writer failed to initialize because
    a suitable Microsoft XPS Document Writer driver could not be found.

    Error - 1/20/2013 3:46:55 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
    Description = The MBAMScheduler service failed to start due to the following error:
    %%5

    Error - 1/20/2013 3:46:55 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
    Description = The MBAMService service failed to start due to the following error:
    %%5

    Error - 1/20/2013 3:46:55 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
    Description = The Upload Manager service failed to start due to the following error:
    %%1083

    Error - 1/20/2013 3:46:55 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7023
    Description = The Portable Media Serial Number service terminated with the following
    error: %%126


    < End of report >
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Run the following:

    Re-Run [​IMG] by double left click, Vista and Widows 7 users accept UAC alert.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3209604&SearchSource=13&CUI=UN65949957198735637"
      FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14
      FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3209604&SearchSource=2&CUI=UN65949957198735637&q="
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found	
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/10/06 00:00:01 | 000,000,000 | ---D | M]
      O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
      O4 - HKU\S-1-5-21-1659004503-362288127-839522115-1004..\Run: [Ellud] "C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Reec\isyn.exe" File not found
      O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found
      [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
      @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
      @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
      @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE
      @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [emptytemp]
      [CREATERESTOREPOINT]
      [Reboot]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
    • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Next,

    Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

    Download Malwarebytes from one of the following links and save it to your desktop.:


    http://www.malwarebytes.org/mbam.php
    http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
    http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Post those logs, also give an update on current issues/concerns..

    Kevin
     
  7. speedyzap

    speedyzap Thread Starter

    Joined:
    Feb 26, 2006
    Messages:
    287
    Did the OTL Run Fix
    Note: For some reason on auto reboot my PC just hung there not totally rebooting. I let it try automatically for 10 mins and then knew something was wrong and then I hit the re-boot button myself. I should point out that I probably have several corruptions in my HD Windows XP Home OS that makes some operations fail or complex.
    I also noted a command to create a new restore point. Restore point is also corrupted> I tried a restore point myself about 3 days ago and it failed and also showed no restore points in calender. I just went into restore point to see if yours went in and I see 20 Jan 2013 as a restore point but text to the right says no current restore point available. I also believe I have a windows installer corruption. My XP Home has not been updating for some long time also. Anyway...
    (Note: Will do the Malware Bytes request next)
    (Note: Trusting my Zone Alarm Security Suite has not been affected by the OTL kill commands?)
    Then after re-boot the following log came up:

    All processes killed
    ========== OTL ==========
    Prefs.js: "http://search.conduit.com/?ctid=CT3209604&SearchSource=13&CUI=UN65949957198735637" removed from browser.startup.homepage
    Prefs.js: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14 removed from extensions.enabledItems
    Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3209604&SearchSource=2&CUI=UN65949957198735637&q=" removed from keyword.URL
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\ not found.
    C:\Program Files\CheckPoint\ZAForceField\TrustChecker\components folder moved successfully.
    C:\Program Files\CheckPoint\ZAForceField\TrustChecker\chrome folder moved successfully.
    C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin folder moved successfully.
    C:\Program Files\CheckPoint\ZAForceField\TrustChecker folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
    C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.
    Registry value HKEY_USERS\S-1-5-21-1659004503-362288127-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Ellud deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
    File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ deleted successfully.
    File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found not found.
    C:\WINDOWS\System32\SET514.tmp deleted successfully.
    C:\WINDOWS\System32\SET518.tmp deleted successfully.
    C:\WINDOWS\System32\SET519.tmp deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:242231A9 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE deleted successfully.
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users
    ->Temp folder emptied: 0 bytes

    User: BEC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: DAN
    ->Temp folder emptied: 2309330 bytes
    ->Temporary Internet Files folder emptied: 318339795 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 243851011 bytes
    ->Google Chrome cache emptied: 360816105 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 17281 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: DIANE
    ->Temp folder emptied: 100684887 bytes
    ->Temporary Internet Files folder emptied: 524967696 bytes
    ->Java cache emptied: 3917811 bytes
    ->FireFox cache emptied: 260004549 bytes
    ->Google Chrome cache emptied: 392814626 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 237672 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LocalService.NT AUTHORITY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32969 bytes

    User: NetworkService.NT AUTHORITY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: PETER
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: PETER.PETER-OYOU4XROG
    ->Temp folder emptied: 336887614 bytes
    ->Temporary Internet Files folder emptied: 1417010820 bytes
    ->Java cache emptied: 11734213 bytes
    ->FireFox cache emptied: 947633408 bytes
    ->Google Chrome cache emptied: 380664643 bytes
    ->Apple Safari cache emptied: 1113088 bytes
    ->Flash cache emptied: 80450 bytes

    User: PETER.PETER-OYOU4XROG.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 92094 bytes

    User: TIM

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4691572306 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 321532039 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 460605326 bytes

    Total Files Cleaned = 10,278.00 mb

    System Restore Service not available.

    OTL by OldTimer - Version 3.2.69.0 log created on 01202013_224111

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\DIANE\Local Settings\Temp\plugtmp-242\plugin-;pos=0;tile=0;canvasSizes=740;sz=1x1;dp=arkadium;pn=arkadium;sn=mahjonggdb_v1;gn=mahjonggdimensionsblast;app=vex;l=en;c=AU;src=other;u=pos-0_tile-0_canvasSizes-740_sz-1x1_dp-arkadium_pn-arkadium_sn-m not found!
    C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Temporary Internet Files\Content.IE5\0093FDNI\1085772-uninstall-fixio-pc-cleaner[1].html moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Post the other logs when you`re ready, also what exactly do you mean by "several corruptions on the hard drive"
     
  9. speedyzap

    speedyzap Thread Starter

    Joined:
    Feb 26, 2006
    Messages:
    287
    I mean corruption in Win XP Home OS - sorry about that. Will next do "download security check by screen 317"

    Malware Bytes log under:


    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.20.04

    Windows XP x86 NTFS
    Internet Explorer 8.0.6001.18702
    PETER :: PETER-OYOU4XROG [administrator]

    1/20/2013 11:51:10 PM
    mbam-log-2013-01-20 (23-51-10).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 397401
    Time elapsed: 6 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  10. speedyzap

    speedyzap Thread Starter

    Joined:
    Feb 26, 2006
    Messages:
    287
    Note: Items such as Zone Alarm, Windows Updates.... are not updating for quite some long time now as I appear to have a Windows Installer problem. Also Adobe reader is not updating either for about a couple of months, getting error codes and instructions like:
    "The Windows Installer Service could not be accessed. This can occur if you are running safe mode, or if the Windows Installer is not correctly installed....."
    and
    "Set up has detected the version of the service pack installed in your system is lower than what is necessary to apply to this hotfix. A minimum you must have installed Service Pack 2"
    and
    Error code: 80070002
    Also disc defragmentor no longer working




    Security Check Log under:

    Results of screen317's Security Check version 0.99.57
    Windows XP x86
    Out of date service pack!!
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    ESET Online Scanner v3
    ZoneAlarm Antivirus
    ZoneAlarm Security Suite
    ZoneAlarm Toolbar
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    CCleaner
    Java(TM) 6 Update 29
    Java version out of Date!
    Adobe Flash Player 11.5.502.135
    Adobe Reader 8 Adobe Reader out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox 13.0.1 Firefox out of Date!
    Mozilla Thunderbird (2.0.0 Thunderbird out of Date!
    Google Chrome 20.0.1132.47
    Google Chrome 20.0.1132.57
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C::
    ````````````````````End of Log``````````````````````
     
  11. speedyzap

    speedyzap Thread Starter

    Joined:
    Feb 26, 2006
    Messages:
    287
    Note: Zone Alarm Security Suite is just now prompting a message box each time on boot up. It requests the submission of an error report. It says:
    ZA Security Suite detected problem with stability. You can help developers to resolve this problem by sending some debug information to ZoneLabs Server. Please select what kind of information ZA Browser Security can send:
    * Max info about all protected applications (over 50mb)
    * Max Info about unstable process (10 - 50mb)
    * Min info about protected applications (0.1 to 0.5mb)

    I sent the minimum info but still popping up on boot up

    also an error report re ZA to send was requested by Microsoft > sent

    Note: Mozilla Firefox is working OK now (back) and the Fixio PC cleaner problem appears to have been fixed - good news!

    Note: Tried to update Adobe Reader only to get a message error code: 1601 (which on inspection is "out of disc space"). On inspecting disc defragmentor it says "68GB free/spare". However, as said, disc defragmentor and analyse does not work. These problems (Disc Defr. and Adobe updates) have been in existance for a while now.

    Sorry its getting a little complex now
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    You have plenty of HD space, the service pack issue is a definite problem. Befor we look at that run this please:

    Run the MGA Diagnostic Tool and post back the report it creates:

    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.

    Kevin
     
  13. speedyzap

    speedyzap Thread Starter

    Joined:
    Feb 26, 2006
    Messages:
    287
    Where do I find Windows Clipboard on XP Home? That is, when I press "copy" on MGA where do I go in windows to find it?
    Thanks
     
  14. speedyzap

    speedyzap Thread Starter

    Joined:
    Feb 26, 2006
    Messages:
    287
    Report pasted as under:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-CQX6R-G3YTD-XHT6J
    Windows Product Key Hash: llSy0furpqBzNt1DsjHzbLT18KU=
    Windows Product ID: 55277-OEM-2115041-74099
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010300.0.0.hom
    ID: {1063A784-6CB5-4163-853D-5E1117763B87}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-364-800706ba_025D1FF3-229-800706ba_025D1FF3-230-1_025D1FF3-238-2
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: 1.7.105.35
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 1.7.105.35
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Word 2002 - 100 Genuine
    OGA Version: Registered, 1.7.105.35
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-364-800706ba_025D1FF3-229-800706ba_025D1FF3-230-1_025D1FF3-238-2

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{1063A784-6CB5-4163-853D-5E1117763B87}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.0.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XHT6J</PKey><PID>55277-OEM-2115041-74099</PID><PIDType>3</PIDType><SID>S-1-5-21-1659004503-362288127-839522115</SID><SYSTEM/><BIOS/><HWID>626732CF01842F69</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.105.35"/><File Name="OGAAddin.dll" Version="1.7.105.35"/><File Name="OGAVerify.exe" Version="1.7.105.35"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{901B0409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Word 2002</Name><Ver>10</Ver><Val>4F414E359DFC9C0</Val><Hash>BboaGsZG7CBohSlWvacczwRUksw=</Hash><Pid>54189-753-9192007-16282</Pid><PidType>1</PidType></Product></Products><Applications><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: no
    Marker string from BIOS: N/A
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Uninstall Fixio cleaner
  1. shakemyhead
    Replies:
    7
    Views:
    572
  2. glass49
    Replies:
    3
    Views:
    1,243
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085772

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice