Uninstall Fixio PC cleaner

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

speedyzap

Thread Starter
Joined
Feb 26, 2006
Messages
287
I have accidentally downloaded Fixio PC cleaner. I tried to stop the download but today it popped up as installed

It also appears to have a sub program which seems to have taken over my Firefox browser. I managed to uninstall the toolbar it installed but thats about all. But the Google search box appears different now

I can't see these new programs in all programs or add / remove programs

Can anyone assist?

Thanks
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
Run the following and post the logs..

Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Next,

Download OTL from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Post those logs..

Kevin
 

speedyzap

Thread Starter
Joined
Feb 26, 2006
Messages
287
Logs for http://general-changelog-team.fr/fr/...e/2-adwcleaner posted as under (Note: Pressed DELETE button only once and auto rebooted):

# AdwCleaner v2.106 - Logfile created 01/20/2013 at 18:42:31
# Updated 17/01/2013 by Xplode
# Operating system : Microsoft Windows XP (32 bits)
# User : PETER - PETER-OYOU4XROG
# Boot Mode : Normal
# Running from : C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3015261

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

-\\ Google Chrome v20.0.1132.57

*************************

AdwCleaner[R1].txt - [2697 octets] - [20/01/2013 18:25:20]
AdwCleaner[R2].txt - [2757 octets] - [20/01/2013 18:42:05]
AdwCleaner[S1].txt - [2593 octets] - [20/01/2013 18:42:31]

########## EOF - C:\AdwCleaner[S1].txt - [2653 octets] ##########
 

speedyzap

Thread Starter
Joined
Feb 26, 2006
Messages
287
OTL.txt under:

OTL logfile created on: 1/20/2013 8:01:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop
Windows XP Home Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.48 Mb Total Physical Memory | 546.11 Mb Available Physical Memory | 71.16% Memory free
1.83 Gb Paging File | 1.65 Gb Available in Paging File | 89.75% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 58.97 Gb Free Space | 46.08% Space Free | Partition Type: NTFS

Computer Name: PETER-OYOU4XROG | User Name: PETER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/20 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
PRC - [2012/05/30 04:12:49 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/04 18:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/08/27 20:34:00 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 06:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\mspmspsv.dll -- (WmdmPmSp)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/13 13:35:03 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/12/14 16:49:28 | 000,018,800 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/09 19:16:12 | 000,528,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/04/14 05:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/08 15:34:46 | 004,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2001/11/22 16:08:06 | 000,070,528 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttrak.sys -- (fasttrak)
DRV - [2001/08/18 00:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 23:12:02 | 000,063,208 | ---- | M] (Intel Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc21x4.sys -- (DC21x4)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Produtools Manuals 2.1 Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3209604&SearchSource=13&CUI=UN65949957198735637"
FF - prefs.js..extensions.enabledAddons: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3209604&SearchSource=2&CUI=UN65949957198735637&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/10/06 00:00:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/30 04:14:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 21:53:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/30 04:15:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/30 04:13:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/05/30 04:15:30 | 000,000,000 | ---D | M]

[2012/04/20 01:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions
[2012/04/20 01:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions\[email protected]
[2010/08/11 03:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions\[email protected]
[2013/01/18 18:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\extensions
[2013/01/18 17:19:27 | 000,001,100 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\searchplugins\produtools-manuals-21-customized-web-search.xml
[2011/12/30 08:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/30 04:14:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/06/16 21:53:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/30 04:13:07 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/11/05 14:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/05 14:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16299 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/12/14 20:47:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1659004503-362288127-839522115-1004..\Run: [Ellud] "C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Reec\isyn.exe" File not found
O4 - HKU\S-1-5-21-1659004503-362288127-839522115-1004..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Config.Msi\c2f98.rbf (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\DAN\Start Menu\Programs\Startup\DirectDVD Update Manager.lnk = C:\Program Files\Orion Studios HD\UpdateHD.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\PartyPoker\RunApp.exe ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} https://video.manheim.com/lib/LiveSound.dll (lgbplay Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {447F8438-8124-4369-905B-A249E13CBBFC} http://pickles.liveblockauctions.com/install/new/lgbkc.cab (LgbContent Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208852273484 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98A06A82-F53F-444E-B6B9-11259873A459}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/22 01:48:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/20 19:58:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
[2013/01/20 00:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp_files
[2013/01/18 19:09:54 | 003,362,744 | ---- | C] (http://www.maxuninstaller.com/ ) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MaxUninstaller_Setup.exe
[2013/01/16 01:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\WMTools Downloaded Files
[2013/01/15 00:54:05 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit.wu.FISC.156281598502540974.3.1.Run.exe
[2013/01/04 14:04:47 | 000,000,000 | ---D | C] -- C:\400489b79493023d5f
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/20 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
[2013/01/20 19:27:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 19:05:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/20 18:49:47 | 000,402,120 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/20 18:49:47 | 000,062,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/20 18:45:30 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1004.job
[2013/01/20 18:45:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/20 18:45:28 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1005.job
[2013/01/20 18:45:26 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\Iutndwc.job
[2013/01/20 18:45:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/20 18:25:06 | 000,574,677 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
[2013/01/20 17:00:14 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2013/01/20 01:46:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Windows Update.job
[2013/01/20 01:40:24 | 004,279,751 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Russia & the Jews.pdf
[2013/01/20 01:14:18 | 000,101,622 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Frankfurt School - Satanic Judaism in Action.eml
[2013/01/20 00:50:25 | 000,052,195 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp.htm
[2013/01/19 16:15:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1005.job
[2013/01/19 00:49:25 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1004.job
[2013/01/18 19:10:09 | 003,362,744 | ---- | M] (http://www.maxuninstaller.com/ ) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MaxUninstaller_Setup.exe
[2013/01/18 01:52:29 | 001,615,449 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DELONGHI PAC W150 ECO USER MANUAL GB-5751018800.pdf
[2013/01/15 00:54:10 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit.wu.FISC.156281598502540974.3.1.Run.exe
[2013/01/14 20:16:30 | 000,983,040 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit50777.msi
[2013/01/14 03:04:10 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/13 13:35:02 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/13 13:35:02 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/12 01:37:51 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\WindowsXP-KB942288-v3-x86.exe
[2013/01/03 01:52:10 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/03 01:52:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/20 18:24:54 | 000,574,677 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
[2013/01/20 01:40:07 | 004,279,751 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Russia & the Jews.pdf
[2013/01/20 01:14:18 | 000,101,622 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Frankfurt School - Satanic Judaism in Action.eml
[2013/01/20 00:50:24 | 000,052,195 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp.htm
[2013/01/18 01:52:28 | 001,615,449 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DELONGHI PAC W150 ECO USER MANUAL GB-5751018800.pdf
[2013/01/15 01:37:12 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Windows Update.job
[2013/01/14 20:16:25 | 000,983,040 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit50777.msi
[2013/01/12 01:35:56 | 003,327,000 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\WindowsXP-KB942288-v3-x86.exe
[2012/11/22 14:36:35 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\.backup.dm
[2012/07/21 16:44:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/07/21 16:44:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/07/21 16:43:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012/03/11 13:14:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/05 23:52:30 | 000,081,321 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2011/10/05 23:59:19 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/10/05 00:32:22 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2011/10/05 00:32:22 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2011/10/05 00:32:22 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2009/01/27 21:26:08 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/04/22 02:18:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2010/06/24 23:10:44 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 23:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 11:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/04/22 04:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/12/12 01:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/11/07 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/09/20 19:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2011/10/05 23:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2008/04/22 07:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/07/17 06:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2008/04/22 03:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/10/26 18:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyVirtualHome
[2010/07/25 13:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/05/29 20:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/20 01:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/02/19 04:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2008/10/20 20:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\Canon
[2008/04/22 09:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\Grisoft
[2009/07/17 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\LimeWire
[2008/07/16 15:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\MailFrontier
[2008/09/23 13:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\SharePod
[2012/01/13 13:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Canon
[2008/04/23 22:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Grisoft
[2008/07/21 18:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\MailFrontier
[2010/05/30 11:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\NCH Swift Sound
[2010/05/30 11:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Recordpad
[2010/07/11 13:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\SharePod
[2010/07/24 13:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Babylon
[2012/06/20 15:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Canon
[2010/05/29 19:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\FreeAudioPack
[2008/04/22 16:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Grisoft
[2009/09/03 17:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\LimeWire
[2008/07/19 13:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\MailFrontier
[2010/07/25 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\NCH Swift Sound
[2008/07/12 18:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\PowerChallenge
[2010/05/30 08:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Recordpad
[2009/07/27 13:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\SharePod
[2009/01/21 10:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Thunderbird
[2010/07/24 23:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\uTorrent
[2009/11/24 12:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Xtranormal
[2008/06/24 18:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Grisoft
[2008/11/07 13:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\MailFrontier
[2008/04/25 03:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Canon
[2008/04/22 07:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Grisoft
[2008/05/31 04:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\LimeWire
[2008/04/22 03:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\MailFrontier
[2008/04/23 00:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Thunderbird
[2012/07/30 22:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Azcu
[2011/11/07 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Canon
[2011/10/05 01:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\CheckPoint
[2012/12/11 20:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Ifcaeb
[2012/11/23 11:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\LimeWire
[2011/10/06 00:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\MailFrontier
[2009/10/26 19:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\MyVirtualHome
[2010/05/29 23:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\NCH Swift Sound
[2010/05/29 23:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Recordpad
[2012/07/31 02:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Reec
[2010/05/07 22:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\SharePod
[2008/06/12 18:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Thunderbird
[2012/04/20 01:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\TomTom
[2012/07/31 01:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Uplui
[2012/12/11 02:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\WinBatch
[2010/12/16 14:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\WinPatrol
[2012/12/11 15:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Yqih

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
 

speedyzap

Thread Starter
Joined
Feb 26, 2006
Messages
287
Extras.txt under: (Let me know what next?)

OTL Extras logfile created on: 1/20/2013 8:01:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop
Windows XP Home Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.48 Mb Total Physical Memory | 546.11 Mb Available Physical Memory | 71.16% Memory free
1.83 Gb Paging File | 1.65 Gb Available in Paging File | 89.75% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 58.97 Gb Free Space | 46.08% Space Free | Partition Type: NTFS

Computer Name: PETER-OYOU4XROG | User Name: PETER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40589552-3892-409E-B92C-9F5032A4B2F0}" = Safari
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{901B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{919F3D91-8374-410F-932B-A126F2C85426}" = e-tax 2009
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}" = e-tax 2012
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6BEB5BC-5386-4AF9-ADF2-8451BEB2A48B}" = Video Piggy
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AlphaBrowser v.1.3" = AlphaBrowser v.1.3
"ArcSoft PhotoBase" = ArcSoft PhotoBase
"audcle" = Plus! MP3 Audio Converter LE
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon ScanGear Toolbox 3.1" = Canon ScanGear Toolbox 3.1
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP6e.DLL" = Canon PIXMA iP1000
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DBX Viewer Free_is1" = DBX Viewer Free 1.0
"DirectDVD 6 HD" = DirectDVD 6 HD
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"Easy Outlook Express Repair_is1" = Easy Outlook Express Repair 1.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"ESET Online Scanner" = ESET Online Scanner v3
"e-tax 2008" = e-tax 2008
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Kernel for Outlook Express Evaluation Version_is1" = Kernel for Outlook Express Evaluation ver 9.04.01
"LimeWire" = LimeWire 5.5.14
"Mah Jong Quest_is1" = Mah Jong Quest
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyTomTom" = MyTomTom 3.2.0.802
"Outlook Express Backup Wizard_is1" = Outlook Express Backup Wizard version 1.1
"PhotoRecord" = Canon PhotoRecord
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.90
"SCRABBLE – Journey" = SCRABBLE – Journey
"TomTom HOME" = TomTom HOME 2.8.3.2499
"UT2004-Demo" = Unreal Tournament 2004 Demo
"wa2wmp" = Windows Media Player Skin Importer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm Security Suite" = ZoneAlarm Security Suite
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2013 10:17:14 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application pip.exe, version 6.0.907.0, faulting module openscn6.dll,
version 6.0.907.0, fault address 0x000081bb.

Error - 1/12/2013 4:40:38 AM | Computer Name = PETER-OYOU4XROG | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2013 4:40:40 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 13.0.1.4548, faulting
module xul.dll, version 13.0.1.4548, fault address 0x009c72c0.

Error - 1/13/2013 9:25:45 AM | Computer Name = PETER-OYOU4XROG | Source = Windows Update Agent | ID = 16
Description =

Error - 1/15/2013 9:36:34 AM | Computer Name = PETER-OYOU4XROG | Source = Windows Update Agent | ID = 16
Description =

Error - 1/15/2013 1:28:55 PM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/15/2013 1:31:47 PM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/17/2013 9:36:35 AM | Computer Name = PETER-OYOU4XROG | Source = Windows Update Agent | ID = 16
Description =

Error - 1/18/2013 12:47:14 AM | Computer Name = PETER-OYOU4XROG | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2013 9:36:36 AM | Computer Name = PETER-OYOU4XROG | Source = Windows Update Agent | ID = 16
Description =

[ System Events ]
Error - 1/19/2013 6:47:05 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%5

Error - 1/19/2013 6:47:05 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1083

Error - 1/19/2013 6:47:05 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7023
Description = The Portable Media Serial Number service terminated with the following
error: %%126

Error - 1/20/2013 3:45:31 AM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon iP4200 failed to initialize because a suitable Canon
iP4200 driver could not be found.

Error - 1/20/2013 3:45:31 AM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon PIXMA iP1000 failed to initialize because a suitable
Canon PIXMA iP1000 driver could not be found.

Error - 1/20/2013 3:45:31 AM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 1/20/2013 3:46:55 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The MBAMScheduler service failed to start due to the following error:
%%5

Error - 1/20/2013 3:46:55 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%5

Error - 1/20/2013 3:46:55 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1083

Error - 1/20/2013 3:46:55 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7023
Description = The Portable Media Serial Number service terminated with the following
error: %%126


< End of report >
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
Run the following:

Re-Run
by double left click, Vista and Widows 7 users accept UAC alert.
  • Under the
    box at the bottom, paste in the following

    Code:
    :OTL
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3209604&SearchSource=13&CUI=UN65949957198735637"
    FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3209604&SearchSource=2&CUI=UN65949957198735637&q="
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found	
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/10/06 00:00:01 | 000,000,000 | ---D | M]
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O4 - HKU\S-1-5-21-1659004503-362288127-839522115-1004..\Run: [Ellud] "C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Reec\isyn.exe" File not found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click
    button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next,

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

Download Malwarebytes from one of the following links and save it to your desktop.:


http://www.malwarebytes.org/mbam.php
http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Next,

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post those logs, also give an update on current issues/concerns..

Kevin
 

speedyzap

Thread Starter
Joined
Feb 26, 2006
Messages
287
Did the OTL Run Fix
Note: For some reason on auto reboot my PC just hung there not totally rebooting. I let it try automatically for 10 mins and then knew something was wrong and then I hit the re-boot button myself. I should point out that I probably have several corruptions in my HD Windows XP Home OS that makes some operations fail or complex.
I also noted a command to create a new restore point. Restore point is also corrupted> I tried a restore point myself about 3 days ago and it failed and also showed no restore points in calender. I just went into restore point to see if yours went in and I see 20 Jan 2013 as a restore point but text to the right says no current restore point available. I also believe I have a windows installer corruption. My XP Home has not been updating for some long time also. Anyway...
(Note: Will do the Malware Bytes request next)
(Note: Trusting my Zone Alarm Security Suite has not been affected by the OTL kill commands?)
Then after re-boot the following log came up:

All processes killed
========== OTL ==========
Prefs.js: "http://search.conduit.com/?ctid=CT3209604&SearchSource=13&CUI=UN65949957198735637" removed from browser.startup.homepage
Prefs.js: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14 removed from extensions.enabledItems
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3209604&SearchSource=2&CUI=UN65949957198735637&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\ not found.
C:\Program Files\CheckPoint\ZAForceField\TrustChecker\components folder moved successfully.
C:\Program Files\CheckPoint\ZAForceField\TrustChecker\chrome folder moved successfully.
C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin folder moved successfully.
C:\Program Files\CheckPoint\ZAForceField\TrustChecker folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1659004503-362288127-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Ellud deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ deleted successfully.
File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found not found.
C:\WINDOWS\System32\SET514.tmp deleted successfully.
C:\WINDOWS\System32\SET518.tmp deleted successfully.
C:\WINDOWS\System32\SET519.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:242231A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE deleted successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Temp folder emptied: 0 bytes

User: BEC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DAN
->Temp folder emptied: 2309330 bytes
->Temporary Internet Files folder emptied: 318339795 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 243851011 bytes
->Google Chrome cache emptied: 360816105 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 17281 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: DIANE
->Temp folder emptied: 100684887 bytes
->Temporary Internet Files folder emptied: 524967696 bytes
->Java cache emptied: 3917811 bytes
->FireFox cache emptied: 260004549 bytes
->Google Chrome cache emptied: 392814626 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 237672 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: PETER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: PETER.PETER-OYOU4XROG
->Temp folder emptied: 336887614 bytes
->Temporary Internet Files folder emptied: 1417010820 bytes
->Java cache emptied: 11734213 bytes
->FireFox cache emptied: 947633408 bytes
->Google Chrome cache emptied: 380664643 bytes
->Apple Safari cache emptied: 1113088 bytes
->Flash cache emptied: 80450 bytes

User: PETER.PETER-OYOU4XROG.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 92094 bytes

User: TIM

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4691572306 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 321532039 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 460605326 bytes

Total Files Cleaned = 10,278.00 mb

System Restore Service not available.

OTL by OldTimer - Version 3.2.69.0 log created on 01202013_224111

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\DIANE\Local Settings\Temp\plugtmp-242\plugin-;pos=0;tile=0;canvasSizes=740;sz=1x1;dp=arkadium;pn=arkadium;sn=mahjonggdb_v1;gn=mahjonggdimensionsblast;app=vex;l=en;c=AU;src=other;u=pos-0_tile-0_canvasSizes-740_sz-1x1_dp-arkadium_pn-arkadium_sn-m not found!
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Temporary Internet Files\Content.IE5\0093FDNI\1085772-uninstall-fixio-pc-cleaner[1].html moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
Post the other logs when you`re ready, also what exactly do you mean by "several corruptions on the hard drive"
 

speedyzap

Thread Starter
Joined
Feb 26, 2006
Messages
287
I mean corruption in Win XP Home OS - sorry about that. Will next do "download security check by screen 317"

Malware Bytes log under:


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.20.04

Windows XP x86 NTFS
Internet Explorer 8.0.6001.18702
PETER :: PETER-OYOU4XROG [administrator]

1/20/2013 11:51:10 PM
mbam-log-2013-01-20 (23-51-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 397401
Time elapsed: 6 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

speedyzap

Thread Starter
Joined
Feb 26, 2006
Messages
287
Note: Items such as Zone Alarm, Windows Updates.... are not updating for quite some long time now as I appear to have a Windows Installer problem. Also Adobe reader is not updating either for about a couple of months, getting error codes and instructions like:
"The Windows Installer Service could not be accessed. This can occur if you are running safe mode, or if the Windows Installer is not correctly installed....."
and
"Set up has detected the version of the service pack installed in your system is lower than what is necessary to apply to this hotfix. A minimum you must have installed Service Pack 2"
and
Error code: 80070002
Also disc defragmentor no longer working




Security Check Log under:

Results of screen317's Security Check version 0.99.57
Windows XP x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
ESET Online Scanner v3
ZoneAlarm Antivirus
ZoneAlarm Security Suite
ZoneAlarm Toolbar
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Java(TM) 6 Update 29
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
Mozilla Thunderbird (2.0.0 Thunderbird out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
 

speedyzap

Thread Starter
Joined
Feb 26, 2006
Messages
287
Note: Zone Alarm Security Suite is just now prompting a message box each time on boot up. It requests the submission of an error report. It says:
ZA Security Suite detected problem with stability. You can help developers to resolve this problem by sending some debug information to ZoneLabs Server. Please select what kind of information ZA Browser Security can send:
* Max info about all protected applications (over 50mb)
* Max Info about unstable process (10 - 50mb)
* Min info about protected applications (0.1 to 0.5mb)

I sent the minimum info but still popping up on boot up

also an error report re ZA to send was requested by Microsoft > sent

Note: Mozilla Firefox is working OK now (back) and the Fixio PC cleaner problem appears to have been fixed - good news!

Note: Tried to update Adobe Reader only to get a message error code: 1601 (which on inspection is "out of disc space"). On inspecting disc defragmentor it says "68GB free/spare". However, as said, disc defragmentor and analyse does not work. These problems (Disc Defr. and Adobe updates) have been in existance for a while now.

Sorry its getting a little complex now
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
You have plenty of HD space, the service pack issue is a definite problem. Befor we look at that run this please:

Run the MGA Diagnostic Tool and post back the report it creates:

  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

Kevin
 

speedyzap

Thread Starter
Joined
Feb 26, 2006
Messages
287
Where do I find Windows Clipboard on XP Home? That is, when I press "copy" on MGA where do I go in windows to find it?
Thanks
 

speedyzap

Thread Starter
Joined
Feb 26, 2006
Messages
287
Report pasted as under:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-CQX6R-G3YTD-XHT6J
Windows Product Key Hash: llSy0furpqBzNt1DsjHzbLT18KU=
Windows Product ID: 55277-OEM-2115041-74099
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.0.0.hom
ID: {1063A784-6CB5-4163-853D-5E1117763B87}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-364-800706ba_025D1FF3-229-800706ba_025D1FF3-230-1_025D1FF3-238-2
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: 1.7.105.35
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 1.7.105.35
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Word 2002 - 100 Genuine
OGA Version: Registered, 1.7.105.35
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-800706ba_025D1FF3-229-800706ba_025D1FF3-230-1_025D1FF3-238-2

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1063A784-6CB5-4163-853D-5E1117763B87}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.0.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XHT6J</PKey><PID>55277-OEM-2115041-74099</PID><PIDType>3</PIDType><SID>S-1-5-21-1659004503-362288127-839522115</SID><SYSTEM/><BIOS/><HWID>626732CF01842F69</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.105.35"/><File Name="OGAAddin.dll" Version="1.7.105.35"/><File Name="OGAVerify.exe" Version="1.7.105.35"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{901B0409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Word 2002</Name><Ver>10</Ver><Val>4F414E359DFC9C0</Val><Hash>BboaGsZG7CBohSlWvacczwRUksw=</Hash><Pid>54189-753-9192007-16282</Pid><PidType>1</PidType></Product></Products><Applications><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top