TechSpot

Browser redirect

By Nneka
Jun 2, 2012
  1. Hi, when I open Google and click a search result it redirects me to Google.com/webhp. And other times it redirects to Yellow Pages and Adult Friend Finder. I tried booting up in Safe Mode and Running MWB and found 3 files that I deleted but the problem is still here.

    Any help would be really appreciated!
     
  2. Nneka

    Nneka TS Rookie Topic Starter

    *By MWB I mean Malwarebytes Anti-Malware.
     
  3. Nneka

    Nneka TS Rookie Topic Starter

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-06-02 13:04:55
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340014A rev.8.16
    Running: 9xgvggqm.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxwcrpob.sys


    ---- Processes - GMER 1.0.15 ----

    Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 680
    Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 2184
    Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 2928

    ---- EOF - GMER 1.0.15 ----
     
  4. Nneka

    Nneka TS Rookie Topic Starter

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.2180
    Run by Owner at 13:12:55 on 2012-06-02
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.58 [GMT -5:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHWA.EXE
    C:\Program Files\LTCM Client\ltcmScheduler.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\9xgvggqm.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Microsoft Works\WkDStore.exe
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Windows Firewall] c:\docume~1\owner\locals~1\temp\isass.exe
    uRun: [Akamai NetSession Interface] "c:\documents and settings\owner\local settings\application data\akamai\netsession_win.exe"
    uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatihwa.exe /ept "epltarget\P0000000000000000" /M "WorkForce 545"
    uRun: [ltcmScheduler] c:\program files\ltcm client\ltcmScheduler.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: mswsock.dll
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FD923E72-72BA-43D8-ABAE-9590290DEB1F} : DhcpNameServer = 192.168.1.1
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\k0ruarmh.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.studentscholarships.org/scholarship.php
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-11 40776]
    .
    =============== Created Last 30 ================
    .
    2012-06-02 16:00:27 -------- d-----w- c:\documents and settings\owner\application data\MSNInstaller
    2012-05-05 15:59:34 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-05-05 15:04:02 -------- d-----w- c:\documents and settings\owner\Adobe InDesign CS5.5
    2012-05-05 15:00:25 -------- d-----w- c:\documents and settings\owner\application data\com.adobe.downloadassistant.AdobeDownloadAssistant
    2012-05-05 15:00:21 -------- d-----w- c:\program files\Adobe Download Assistant
    .
    ==================== Find3M ====================
    .
    2012-06-02 17:27:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-05-05 15:59:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-05 15:59:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-27 19:17:27 230808 ----a-r- c:\windows\system32\cpnprt2.cid
    2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 13:14:09.90 ===============






    ATTACH.TXT:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/25/2010 9:34:18 PM
    System Uptime: 6/2/2012 10:38:45 AM (3 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0F8403
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 34 GiB total, 17.636 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP466: 3/26/2012 12:52:09 PM - System Checkpoint
    RP467: 3/27/2012 1:30:01 PM - System Checkpoint
    RP468: 3/28/2012 2:33:12 PM - System Checkpoint
    RP469: 3/29/2012 4:12:18 PM - System Checkpoint
    RP470: 3/30/2012 4:28:14 PM - System Checkpoint
    RP471: 3/31/2012 5:32:54 PM - System Checkpoint
    RP472: 4/1/2012 9:40:17 PM - System Checkpoint
    RP473: 4/2/2012 10:38:10 PM - System Checkpoint
    RP474: 4/3/2012 10:47:30 PM - System Checkpoint
    RP475: 4/5/2012 8:33:32 AM - System Checkpoint
    RP476: 4/6/2012 8:40:43 AM - System Checkpoint
    RP477: 4/7/2012 9:32:27 AM - System Checkpoint
    RP478: 4/8/2012 11:17:00 AM - System Checkpoint
    RP479: 4/9/2012 11:41:30 AM - System Checkpoint
    RP480: 4/10/2012 11:45:14 AM - System Checkpoint
    RP481: 4/11/2012 12:38:23 PM - System Checkpoint
    RP482: 4/12/2012 2:58:14 PM - System Checkpoint
    RP483: 4/13/2012 3:33:23 PM - System Checkpoint
    RP484: 4/14/2012 3:36:01 PM - System Checkpoint
    RP485: 4/15/2012 4:23:23 PM - System Checkpoint
    RP486: 4/16/2012 5:37:27 PM - System Checkpoint
    RP487: 4/17/2012 5:54:47 PM - System Checkpoint
    RP488: 4/18/2012 7:42:00 PM - System Checkpoint
    RP489: 4/19/2012 9:44:14 PM - System Checkpoint
    RP490: 4/20/2012 10:31:23 PM - System Checkpoint
    RP491: 4/21/2012 11:31:24 PM - System Checkpoint
    RP492: 4/23/2012 8:22:13 AM - System Checkpoint
    RP493: 4/24/2012 8:34:18 AM - System Checkpoint
    RP494: 4/25/2012 8:35:26 AM - System Checkpoint
    RP495: 4/26/2012 9:31:10 AM - System Checkpoint
    RP496: 4/27/2012 10:31:11 AM - System Checkpoint
    RP497: 4/28/2012 1:56:26 PM - System Checkpoint
    RP498: 4/29/2012 4:16:01 PM - System Checkpoint
    RP499: 4/30/2012 4:57:27 PM - System Checkpoint
    RP500: 5/1/2012 7:56:14 PM - System Checkpoint
    RP501: 5/2/2012 9:46:30 PM - System Checkpoint
    RP502: 5/4/2012 8:34:32 AM - System Checkpoint
    RP503: 5/5/2012 9:38:20 AM - System Checkpoint
    RP504: 5/6/2012 9:58:33 AM - System Checkpoint
    RP505: 5/7/2012 10:50:14 AM - System Checkpoint
    RP506: 5/8/2012 10:50:30 AM - System Checkpoint
    RP507: 5/8/2012 2:00:18 PM - Software Distribution Service 3.0
    RP508: 5/9/2012 2:00:27 PM - Software Distribution Service 3.0
    RP509: 5/10/2012 2:45:28 PM - System Checkpoint
    RP510: 5/11/2012 3:39:16 PM - System Checkpoint
    RP511: 5/12/2012 4:22:46 PM - System Checkpoint
    RP512: 5/13/2012 4:54:36 PM - System Checkpoint
    RP513: 5/14/2012 5:08:15 PM - System Checkpoint
    RP514: 5/15/2012 5:28:42 PM - System Checkpoint
    RP515: 5/16/2012 5:45:22 PM - System Checkpoint
    RP516: 5/17/2012 6:55:55 PM - System Checkpoint
    RP517: 5/18/2012 7:05:41 PM - System Checkpoint
    RP518: 5/19/2012 8:29:17 PM - System Checkpoint
    RP519: 5/20/2012 9:09:06 PM - System Checkpoint
    RP520: 5/21/2012 10:39:11 PM - System Checkpoint
    RP521: 5/22/2012 11:05:20 PM - System Checkpoint
    RP522: 5/23/2012 11:33:01 PM - System Checkpoint
    RP523: 5/25/2012 12:06:17 AM - System Checkpoint
    RP524: 5/26/2012 1:03:45 AM - System Checkpoint
    RP525: 5/27/2012 1:37:52 AM - System Checkpoint
    RP526: 5/28/2012 11:17:52 AM - System Checkpoint
    RP527: 5/29/2012 11:37:42 AM - System Checkpoint
    RP528: 5/30/2012 11:38:20 AM - System Checkpoint
    RP529: 5/31/2012 6:03:58 PM - System Checkpoint
    RP530: 6/1/2012 6:40:47 PM - System Checkpoint
    RP531: 6/2/2012 10:36:30 AM - Restore Operation
    RP532: 6/2/2012 10:39:41 AM - Restore Operation
    RP533: 6/2/2012 10:45:54 AM - Removed Adobe Community Help
    RP534: 6/2/2012 10:46:07 AM - Removed Adobe Content Viewer
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 9.0 Sprint
    Adobe AIR
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.2)
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Algebra 2 6.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Coupon Printer for Windows
    eKnowledge
    EPSON Scan
    EPSON WorkForce 545 Series Printer Uninstall
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB981793)
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    iTunes
    Kodak EasyShare software
    Learn To Speak Spanish 8.1
    LG USB Modem driver
    LTCM Client
    Malwarebytes Anti-Malware version 1.61.0.1400
    McAfee Security Scan Plus
    Microsoft Encarta Encyclopedia Standard 2004
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Picture It! Photo Premium 9
    Microsoft Silverlight
    Microsoft Streets and Trips 2004
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Word 2002
    Microsoft Works
    Microsoft Works Suite Add-in for Microsoft Word
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    mIRC
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Progressive Reader
    QuickTime
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    Shockwave
    SoundMAX
    Update for Windows XP (KB898461)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Installer 3.1 (KB893803)
    Windows XP Hotfix - KB885626
    Windows XP Hotfix - KB885884
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/2/2012 9:50:24 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
    6/2/2012 9:49:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/2/2012 12:04:45 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001111C31E40 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    6/2/2012 10:31:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    6/1/2012 1:07:20 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 480 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    5/31/2012 9:07:20 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    5/31/2012 7:07:19 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    5/31/2012 6:07:19 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    5/31/2012 5:37:19 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    5/31/2012 5:22:34 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    5/31/2012 5:22:04 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    5/31/2012 5:21:36 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    5/30/2012 11:47:43 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/30/2012 11:47:41 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    5/29/2012 5:39:18 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Akamai service.
    5/27/2012 10:25:45 AM, error: Dhcp [1002] - The IP address lease 72.190.124.194 for the Network Card with network address 001111C31E40 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================





    MBAM LOG:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.02.03

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 6.0.2900.2180
    Owner :: ALL-BA2E8B9613A [administrator]

    6/2/2012 12:28:58 PM
    mbam-log-2012-06-02 (12-28-58).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 219164
    Time elapsed: 40 minute(s), 28 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Firewall (Worm.PushBot) -> Data: C:\DOCUME~1\Owner\LOCALS~1\Temp\isass.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\upaw4kmf\default[55].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

    (end)
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You have been infected with a worm, Win32/Pushbot from a family of worms that spreads using MSN Messenger. Pushbot variants contain an IRC-based backdoor via which they may receive instructions to download and execute arbitrary files, send messages to MSN Messenger contacts, and retrieve information from protected storage.

    Frequently, although we can remove entries we find, a Backdoor will have already compromised a system. Please DO NOT use any of your instant messaging programs while we try to clean the system.
    ===================================================
    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      %systemroot%\*. /mp /s
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    ==========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.

    Please leave both of the OTL logs in your next reply.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You have been infected with a worm, Win32/Pushbot from a family of worms that spreads using MSN Messenger. Pushbot variants contain an IRC-based backdoor via which they may receive instructions to download and execute arbitrary files, send messages to MSN Messenger contacts, and retrieve information from protected storage.

    Frequently, although we can remove entries we find, a Backdoor will have already compromised a system. Please DO NOT use any of your instant messaging programs while we try to clean the system.
    ===================================================
    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      %systemroot%\*. /mp /s
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    ==========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.

    Please leave both of the OTL logs in your next reply.
     
  7. Nneka

    Nneka TS Rookie Topic Starter

    OTL.TXT

    OTL logfile created on: 6/3/2012 11:44:48 AM - Run 1
    OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    509.98 Mb Total Physical Memory | 291.21 Mb Available Physical Memory | 57.10% Memory free
    1.22 Gb Paging File | 1.02 Gb Available in Paging File | 83.46% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 33.56 Gb Total Space | 16.63 Gb Free Space | 49.56% Space Free | Partition Type: NTFS
    Drive D: | 698.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: ALL-BA2E8B9613A | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Owner\Desktop\OTL.scr (OldTimer Tools)
    PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    PRC - C:\Program Files\LTCM Client\ltcmScheduler.exe (Leader Technologies Inc.)
    PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - c:\Program Files\Common Files\Akamai\netsession_win_80c2ffa.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
    SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll ()
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
    SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
    SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
    SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)
    SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)
    SRV - (ClipSrv) -- C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation)
    SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
    DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
    DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
    DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
    DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
    DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)
    DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Microsoft Corporation)
    DRV - (Fastfat) -- C:\WINDOWS\System32\drivers\fastfat.sys (Microsoft Corporation)
    DRV - (dmio) -- C:\WINDOWS\system32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
    DRV - (dmload) -- C:\WINDOWS\system32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
    DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
    DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)
    DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Microsoft Corporation)
    DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
    DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
    DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
    DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS409
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.studentscholarships.org/scholarship.php"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/02 11:03:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/20 13:53:06 | 000,000,000 | ---D | M]

    [2010/12/08 20:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2012/05/02 16:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k0ruarmh.default\extensions
    [2012/06/02 11:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/03/17 17:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/03/17 17:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll
    [2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2004/08/12 08:57:47 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start File not found
    O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKCU..\Run: [ltcmScheduler] C:\Program Files\LTCM Client\ltcmScheduler.exe (Leader Technologies Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD923E72-72BA-43D8-ABAE-9590290DEB1F}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/11/25 22:32:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2008/12/29 11:29:21 | 000,000,027 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{10c3d7f5-03de-11e1-9c1b-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
    O33 - MountPoints2\{10c3d7f5-03de-11e1-9c1b-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
    O33 - MountPoints2\{4bfb43a4-a68a-11e1-9d22-001111c31e40}\Shell\AutoRun\command - "" = I:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
    O33 - MountPoints2\{4bfb43a4-a68a-11e1-9d22-001111c31e40}\Shell\open\command - "" = I:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
    O33 - MountPoints2\{51542048-5697-11e1-9c73-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
    O33 - MountPoints2\{51542048-5697-11e1-9c73-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
    O33 - MountPoints2\{5e71d40b-2185-11e0-99e0-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
    O33 - MountPoints2\{5e71d40b-2185-11e0-99e0-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
    O33 - MountPoints2\{aba3eb68-5c31-11e1-9c7f-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
    O33 - MountPoints2\{aba3eb68-5c31-11e1-9c7f-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
    O33 - MountPoints2\{dca77820-527c-11e0-9a2c-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
    O33 - MountPoints2\{dca77820-527c-11e0-9a2c-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/03 11:40:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
    [2012/06/03 11:40:22 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
    [2012/06/02 14:52:54 | 000,000,000 | -HSD | C] -- C:\found.000
    [2012/06/02 13:12:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
    [2012/06/02 11:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/06/02 11:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
    [2012/05/30 22:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2012/05/30 22:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2012/05/30 21:47:19 | 000,000,000 | -HSD | C] -- C:\WINDOWS\assembly
    [2012/05/29 10:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Copy-Cat Recipes
    [2012/05/13 15:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\EPSON
    [2012/05/05 10:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Adobe InDesign CS5.5
    [2012/05/05 10:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/05/05 10:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/06/03 11:44:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/03 11:40:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
    [2012/06/03 11:40:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
    [2012/06/03 10:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/06/02 18:44:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/02 14:53:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/06/02 14:42:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/06/02 12:27:02 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/06/02 11:03:13 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/06/02 11:03:13 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/06/02 09:50:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/01 23:28:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/05/31 17:21:16 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
    [2012/05/30 14:26:47 | 000,031,294 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    [2012/05/25 12:14:35 | 000,114,206 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Nikki_3RESIZE2.jpg
    [2012/05/25 12:10:14 | 000,318,386 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NIKKI_3RESIZE.jpg
    [2012/05/22 09:28:40 | 000,081,653 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tumblr_m45gp4lqtf1qa09cwo1_500.png
    [2012/05/18 23:20:23 | 000,054,552 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\0910_Yearbook.jpg
    [2012/05/05 14:58:50 | 003,536,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/05/05 10:00:22 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/06/02 11:03:13 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/06/02 11:03:13 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/06/02 11:03:13 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/06/02 09:50:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/05/30 22:02:04 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/05/25 12:18:45 | 003,384,777 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_11.jpg
    [2012/05/25 12:18:41 | 002,733,950 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_6.jpg
    [2012/05/25 12:18:41 | 002,222,739 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_7.jpg
    [2012/05/25 12:18:41 | 001,224,192 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_5.jpg
    [2012/05/25 12:18:41 | 001,208,842 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_4_BW.jpg
    [2012/05/25 12:18:41 | 001,070,764 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_8.jpg
    [2012/05/25 12:18:41 | 000,981,739 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_5_BW.jpg
    [2012/05/25 12:18:41 | 000,186,369 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_9.jpg
    [2012/05/25 12:18:41 | 000,172,636 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_9_BW.jpg
    [2012/05/25 12:18:40 | 001,289,354 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_4.jpg
    [2012/05/25 12:18:32 | 005,861,897 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_2.jpg
    [2012/05/25 12:18:32 | 004,487,876 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_1.jpg
    [2012/05/25 12:13:03 | 000,114,206 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_3RESIZE2.jpg
    [2012/05/25 12:10:12 | 000,318,386 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NIKKI_3RESIZE.jpg
    [2012/05/22 09:28:39 | 000,081,653 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tumblr_m45gp4lqtf1qa09cwo1_500.png
    [2012/05/18 23:20:23 | 000,054,552 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\0910_Yearbook.jpg
    [2012/05/10 01:09:41 | 002,104,961 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_3.jpg
    [2012/05/10 01:09:21 | 004,134,548 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_10.jpg
    [2012/05/05 10:00:22 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk
    [2012/05/05 10:00:22 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
    [2012/04/14 12:07:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\asr32312.dll
    [2012/04/14 12:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
    [2012/03/31 20:33:17 | 000,048,256 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2012/03/11 21:34:52 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF545.ini
    [2011/09/30 03:13:14 | 000,000,084 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
    [2011/06/30 21:19:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{75D4457B-F2AE-45AC-87EE-22C2E13D00E1}
    [2011/01/16 16:37:37 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/10 08:41:41 | 000,000,572 | ---- | C] () -- C:\WINDOWS\dellstat.ini
    [2010/12/08 20:32:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/12/07 21:39:02 | 000,031,294 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    [2010/12/01 21:50:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/11/25 22:57:11 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2010/11/25 22:34:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/11/25 22:29:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/11/25 16:14:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/11/25 16:13:04 | 003,536,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== LOP Check ==========

    [2012/04/27 07:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
    [2012/03/11 22:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2012/05/05 11:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2011/02/23 08:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/06/30 18:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
    [2012/05/05 10:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/05/13 15:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
    [2012/03/12 09:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leader Technologies
    [2012/03/11 21:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
    [2011/06/09 14:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Learn2.com
    [2010/12/23 16:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Local
    [2011/01/25 18:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MPEG Streamclip
    [2012/06/02 11:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
    [2011/01/19 13:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
    [2012/04/27 02:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinZip
    [2012/05/31 17:21:16 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < %systemroot%\*. /mp /s >

    < MD5 for: EXPLORER.EXE >
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
    [2004/08/12 08:57:20 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
    [2004/08/12 08:57:20 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2004/08/12 09:08:07 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
    [2004/08/12 09:08:07 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2004/08/12 09:09:30 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
    [2004/08/12 09:09:30 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
    [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

    < %systemroot%\*. /mp /s >

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINDOWS\$NtUninstallKB18763$] -> Error: Cannot create file handle -> Unknown point type

    < End of report >





    EXTRAS.TXT


    OTL Extras logfile created on: 6/3/2012 11:44:48 AM - Run 1
    OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    509.98 Mb Total Physical Memory | 291.21 Mb Available Physical Memory | 57.10% Memory free
    1.22 Gb Paging File | 1.02 Gb Available in Paging File | 83.46% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 33.56 Gb Total Space | 16.63 Gb Free Space | 49.56% Space Free | Partition Type: NTFS
    Drive D: | 698.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: ALL-BA2E8B9613A | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
    "C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
    "{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
    "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DAC369E4-EEFD-98D7-058C-D3A625CD6825}" = eKnowledge
    "{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
    "6th" = Algebra 2 6.0
    "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Akamai" = Akamai NetSession Interface Service
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.app.eKnowledge.37BB4A51AA57BBBCCE9D5AE66A70970990347557.1" = eKnowledge
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "EPSON Scanner" = EPSON Scan
    "EPSON WorkForce 545 Series" = EPSON WorkForce 545 Series Printer Uninstall
    "Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
    "Learn To Speak Spanish 8.1" = Learn To Speak Spanish 8.1
    "LTCM Client" = LTCM Client
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "McAfee Security Scan" = McAfee Security Scan Plus
    "mIRC" = mIRC
    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "PictureIt_v9" = Microsoft Picture It! Photo Premium 9
    "Progressive Reader_is1" = Progressive Reader
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "Shockwave" = Shockwave

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/15/2012 11:37:23 PM | Computer Name = ALL-BA2E8B9613A | Source = Microsoft Office 10 | ID = 1000
    Description = Faulting application winword.exe, version 10.0.4030.0, faulting module
    winword.exe, version 10.0.4030.0, fault address 0x00004c4f.

    Error - 5/18/2012 11:20:23 PM | Computer Name = ALL-BA2E8B9613A | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 5/23/2012 8:31:00 AM | Computer Name = ALL-BA2E8B9613A | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 5/23/2012 5:01:08 PM | Computer Name = ALL-BA2E8B9613A | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
    module mshtml.dll, version 6.0.2900.3698, fault address 0x0006c5da.

    Error - 5/23/2012 5:01:29 PM | Computer Name = ALL-BA2E8B9613A | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
    module mshtml.dll, version 6.0.2900.3698, fault address 0x0007240e.

    Error - 5/23/2012 5:01:31 PM | Computer Name = ALL-BA2E8B9613A | Source = Application Error | ID = 1001
    Description = Fault bucket 1904188042.

    Error - 5/24/2012 5:53:08 PM | Computer Name = ALL-BA2E8B9613A | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 5/25/2012 12:57:56 PM | Computer Name = ALL-BA2E8B9613A | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 5/31/2012 7:47:15 PM | Computer Name = ALL-BA2E8B9613A | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 6/2/2012 10:43:06 AM | Computer Name = ALL-BA2E8B9613A | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 6/2/2012 11:54:38 AM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    PCIIde

    Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 6/2/2012 2:28:04 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 6/2/2012 2:28:09 PM | Computer Name = ALL-BA2E8B9613A | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127


    < End of report >
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're having a lot of hanging applications> either having a problem starting up or shutting down. But I don't see common cause. In addition to the redirects, is the system crashing and giving you blue screens?
    -------------------------------------------
    Please go ahead and run the following:
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

      Code:
      :OTL
      IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O33 - MountPoints2\{10c3d7f5-03de-11e1-9c1b-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
      O33 - MountPoints2\{10c3d7f5-03de-11e1-9c1b-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
      O33 - MountPoints2\{4bfb43a4-a68a-11e1-9d22-001111c31e40}\Shell\AutoRun\command - "" = I:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
      O33 - MountPoints2\{4bfb43a4-a68a-11e1-9d22-001111c31e40}\Shell\open\command - "" = I:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
      O33 - MountPoints2\{51542048-5697-11e1-9c73-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
      O33 - MountPoints2\{51542048-5697-11e1-9c73-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
      O33 - MountPoints2\{5e71d40b-2185-11e0-99e0-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
      O33 - MountPoints2\{5e71d40b-2185-11e0-99e0-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
      O33 - MountPoints2\{aba3eb68-5c31-11e1-9c7f-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
      O33 - MountPoints2\{aba3eb68-5c31-11e1-9c7f-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
      O33 - MountPoints2\{dca77820-527c-11e0-9a2c-001111c31e40}\Shell\AutoRun\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
      O33 - MountPoints2\{dca77820-527c-11e0-9a2c-001111c31e40}\Shell\open\command - "" = F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
      [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [2012/05/31 17:21:16 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
      [2011/01/19 13:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]5
      [emptyjava]
      [resethosts]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    -----------------------------------

    When you have finished with the OTL Fix:please run the following in Normal Mode:

    Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
    ===================================================
    Let me know how the system is doing after you run the 2 above scans. Leave the new logs in your next reply.
     
  9. Nneka

    Nneka TS Rookie Topic Starter

    The windows explorer does occasionally crash and the computer freezes up and takes a while to shut down. The MBAM log did not show any malicious threats detected. Also, I'm extremely grateful that you're helping me! Thanks so much!

    OTL Quick Scan Log

    OTL logfile created on: 6/4/2012 2:30:24 PM - Run 2
    OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    509.98 Mb Total Physical Memory | 156.86 Mb Available Physical Memory | 30.76% Memory free
    1.22 Gb Paging File | 0.84 Gb Available in Paging File | 68.68% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 33.56 Gb Total Space | 22.14 Gb Free Space | 65.96% Space Free | Partition Type: NTFS
    Drive D: | 698.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: ALL-BA2E8B9613A | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Owner\Desktop\OTL.scr (OldTimer Tools)
    PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    PRC - C:\Program Files\LTCM Client\ltcmScheduler.exe (Leader Technologies Inc.)
    PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - c:\Program Files\Common Files\Akamai\netsession_win_80c2ffa.dll ()
    MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
    SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll ()
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
    SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
    SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
    SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)
    SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)
    SRV - (ClipSrv) -- C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation)
    SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
    DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
    DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
    DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
    DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
    DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)
    DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Microsoft Corporation)
    DRV - (Fastfat) -- C:\WINDOWS\System32\drivers\fastfat.sys (Microsoft Corporation)
    DRV - (dmio) -- C:\WINDOWS\system32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
    DRV - (dmload) -- C:\WINDOWS\system32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
    DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
    DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)
    DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Microsoft Corporation)
    DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
    DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
    DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
    DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS409
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.studentscholarships.org/scholarship.php"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/02 11:03:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/20 13:53:06 | 000,000,000 | ---D | M]

    [2010/12/08 20:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2012/05/02 16:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k0ruarmh.default\extensions
    [2012/06/02 11:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/03/17 17:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/03/17 17:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll
    [2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/06/04 14:23:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start File not found
    O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKCU..\Run: [ltcmScheduler] C:\Program Files\LTCM Client\ltcmScheduler.exe (Leader Technologies Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD923E72-72BA-43D8-ABAE-9590290DEB1F}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/11/25 22:32:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2008/12/29 11:29:21 | 000,000,027 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/04 14:17:40 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/06/03 11:40:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
    [2012/06/03 11:40:22 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
    [2012/06/02 14:52:54 | 000,000,000 | -HSD | C] -- C:\found.000
    [2012/06/02 13:12:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
    [2012/06/02 11:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/06/02 11:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
    [2012/05/30 22:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2012/05/30 22:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2012/05/30 21:47:19 | 000,000,000 | -HSD | C] -- C:\WINDOWS\assembly
    [2012/05/29 10:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Copy-Cat Recipes
    [2012/05/13 15:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\EPSON

    ========== Files - Modified Within 30 Days ==========

    [2012/06/04 14:26:31 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/04 14:26:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/06/04 14:23:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2012/06/04 13:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/06/04 13:44:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/04 12:12:14 | 000,069,751 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\image001.jpg
    [2012/06/03 11:40:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
    [2012/06/03 11:40:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
    [2012/06/02 14:42:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/06/02 12:27:02 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/06/02 11:03:13 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/06/02 11:03:13 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/06/02 09:50:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/01 23:28:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/05/30 14:26:47 | 000,031,294 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    [2012/05/25 12:14:35 | 000,114,206 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Nikki_3RESIZE2.jpg
    [2012/05/25 12:10:14 | 000,318,386 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NIKKI_3RESIZE.jpg
    [2012/05/22 09:28:40 | 000,081,653 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tumblr_m45gp4lqtf1qa09cwo1_500.png
    [2012/05/18 23:20:23 | 000,054,552 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\0910_Yearbook.jpg
    [2012/05/05 14:58:50 | 003,536,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/06/04 12:12:13 | 000,069,751 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\image001.jpg
    [2012/06/02 11:03:13 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/06/02 11:03:13 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/06/02 11:03:13 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/06/02 09:50:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/05/30 22:02:04 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/05/25 12:18:45 | 003,384,777 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_11.jpg
    [2012/05/25 12:18:41 | 002,733,950 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_6.jpg
    [2012/05/25 12:18:41 | 002,222,739 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_7.jpg
    [2012/05/25 12:18:41 | 001,224,192 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_5.jpg
    [2012/05/25 12:18:41 | 001,208,842 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_4_BW.jpg
    [2012/05/25 12:18:41 | 001,070,764 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_8.jpg
    [2012/05/25 12:18:41 | 000,981,739 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_5_BW.jpg
    [2012/05/25 12:18:41 | 000,186,369 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_9.jpg
    [2012/05/25 12:18:41 | 000,172,636 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_9_BW.jpg
    [2012/05/25 12:18:40 | 001,289,354 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_4.jpg
    [2012/05/25 12:18:32 | 005,861,897 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_2.jpg
    [2012/05/25 12:18:32 | 004,487,876 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_1.jpg
    [2012/05/25 12:13:03 | 000,114,206 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_3RESIZE2.jpg
    [2012/05/25 12:10:12 | 000,318,386 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NIKKI_3RESIZE.jpg
    [2012/05/22 09:28:39 | 000,081,653 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tumblr_m45gp4lqtf1qa09cwo1_500.png
    [2012/05/18 23:20:23 | 000,054,552 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\0910_Yearbook.jpg
    [2012/05/10 01:09:41 | 002,104,961 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_3.jpg
    [2012/05/10 01:09:21 | 004,134,548 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nikki_10.jpg
    [2012/04/14 12:07:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\asr32312.dll
    [2012/04/14 12:04:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
    [2012/03/31 20:33:17 | 000,048,256 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2012/03/11 21:34:52 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF545.ini
    [2011/09/30 03:13:14 | 000,000,084 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
    [2011/06/30 21:19:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{75D4457B-F2AE-45AC-87EE-22C2E13D00E1}
    [2011/01/16 16:37:37 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/10 08:41:41 | 000,000,572 | ---- | C] () -- C:\WINDOWS\dellstat.ini
    [2010/12/08 20:32:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/12/07 21:39:02 | 000,031,294 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    [2010/12/01 21:50:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/11/25 22:57:11 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2010/11/25 22:34:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/11/25 22:29:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/11/25 16:14:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/11/25 16:13:04 | 003,536,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== LOP Check ==========

    [2012/04/27 07:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
    [2012/03/11 22:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2012/05/05 11:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2011/02/23 08:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/06/30 18:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
    [2012/05/05 10:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/05/13 15:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
    [2012/03/12 09:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leader Technologies
    [2012/03/11 21:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
    [2011/06/09 14:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Learn2.com
    [2010/12/23 16:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Local
    [2011/01/25 18:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MPEG Streamclip
    [2012/06/02 11:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
    [2012/04/27 02:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinZip

    ========== Purity Check ==========



    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINDOWS\$NtUninstallKB18763$] -> Error: Cannot create file handle -> Unknown point type

    < End of report >




    MBAM FULL SCAN

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.02.03

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 6.0.2900.2180
    Owner :: ALL-BA2E8B9613A [administrator]

    6/4/2012 2:43:14 PM
    mbam-log-2012-06-04 (14-43-14).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 238890
    Time elapsed: 48 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm glad to help. Hopefully we can get you running smoothly.

    Nikki, please check the following:

    Unexplained Windows Explorer crashed can occur when hidden files and folders are not hidden:

    Click on the Control Pane> Folder Options> View tab> Make sure the following are checked:
    Hidden files and folder section:
    1. Check> Do not show hedden files and folders
    2. Check> Hide protected operating system files. (Recommended.)

    If you had to make any changes, when through click on Apply> OK
    Close Folder Options.
    If you had to make changes, see if this prevents the Explorer crashes.
    =================================================
    If you have another Windows Explorer crash, note the time on the computer clock and remember what you were trying to do at the time of the crash. Give me the informarion for both.
    ===============================================
    There are 2 missing files and could be causing or contributing to the crashes. I can replace them is we can find them:

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    For 64bit: http://jpshortstuff.247fixes.com/SystemLook_x64.exe
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      
      :filefind
      hidserv.*
      appmgmts.*
      
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    =============================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    Please leave logs for System Lookand the Eset scan in your next reply.
     
  11. Nneka

    Nneka TS Rookie Topic Starter

    ESET Online Scanner did not find any infected files.



    SystemLook Log:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 11:50 on 05/06/2012 by Owner
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "hidserv.*"
    C:\WINDOWS\inf\hidserv.inf --a---- 4433 bytes [13:57 12/08/2004] [13:57 12/08/2004] 5C5A804D06B394EF246DE2D04B193C5F
    C:\WINDOWS\inf\hidserv.PNF --a---- 12720 bytes [21:14 25/11/2010] [21:14 25/11/2010] F79FD072CC496A3F191FC3660C9C0FED
    C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\hidserv.dll --a---- 21504 bytes [00:11 14/04/2008] [00:11 14/04/2008] DEB04DA35CC871B6D309B77E1443C796
    C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ic\hidserv.inf --a---- 4433 bytes [16:28 13/04/2008] [16:28 13/04/2008] 891A5A1F3BDB9E893DD2B00176E37099

    Searching for "appmgmts.*"
    No files found.

    -= EOF =-
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Have there been any changes in the system? Do you have the CD for the operating system?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...